1.2.5
by Phil Brooke
Import upstream version 74 |
1 |
% Topal: GPG/GnuPG and Alpine/Pine integration
|
1.2.6
by Phil Brooke
Import upstream version 75 |
2 |
% Copyright (C) 2001--2012 Phillip J. Brooke
|
1.2.5
by Phil Brooke
Import upstream version 74 |
3 |
%
|
4 |
% This program is free software: you can redistribute it and/or modify
|
|
5 |
% it under the terms of the GNU General Public License version 3 as
|
|
6 |
% published by the Free Software Foundation.
|
|
7 |
%
|
|
8 |
% This program is distributed in the hope that it will be useful,
|
|
9 |
% but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
10 |
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
11 |
% GNU General Public License for more details.
|
|
12 |
%
|
|
13 |
% You should have received a copy of the GNU General Public License
|
|
14 |
% along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
15 |
||
16 |
\documentclass[a4paper,twoside,12pt,openright]{report} |
|
17 |
||
18 |
\usepackage[utf8]{inputenc} |
|
19 |
\usepackage{palatino,fancyhdr,amssymb,textcomp,txfonts,paralist} |
|
20 |
\newcommand{\eg}{\textit{e.g.}} |
|
21 |
\newcommand{\etc}{\textit{etc.}} |
|
22 |
\newcommand{\ie}{\textit{i.e.}} |
|
23 |
\newcommand{\vv}{\textit{vice versa}} |
|
24 |
\usepackage[hyphens]{url} |
|
25 |
\usepackage{hyphenat} |
|
26 |
\usepackage{graphicx} |
|
27 |
\renewcommand\familydefault{\sfdefault} |
|
28 |
\usepackage{listings} |
|
29 |
\lstset{language=,columns=fullflexible,escapechar=\%,keepspaces=true} |
|
30 |
\lstset{basicstyle=\small\ttfamily} |
|
31 |
\lstdefinestyle{type}{backgroundcolor=\color{green},showspaces=true} |
|
32 |
\lstdefinestyle{response}{backgroundcolor=\color{yellow}} |
|
33 |
||
34 |
\input{versionid.tex} |
|
35 |
||
36 |
% Don't like Courier.
|
|
37 |
\usepackage[T1]{fontenc} |
|
38 |
\usepackage{textcomp} |
|
39 |
\usepackage{beramono} |
|
40 |
||
41 |
\newcommand{\vefill}{\vspace*{\fill}} |
|
42 |
||
43 |
\newcounter{saveenumi} |
|
44 |
\newcommand{\saveenumi}{\setcounter{saveenumi}{\theenumi}} |
|
45 |
\newcommand{\restoreenumi}{\setcounter{enumi}{\thesaveenumi}} |
|
46 |
||
47 |
\newenvironment{enumerateleg}{\begin{enumerate}[(a)]}{\end{enumerate}} |
|
48 |
||
49 |
\newlength{\Oldparindent} |
|
50 |
\setlength{\Oldparindent}{\parindent} |
|
51 |
||
52 |
% Maxwidth, from http://www.tex.ac.uk/cgi-bin/texfaq2html?label=grmaxwidth
|
|
53 |
\makeatletter
|
|
54 |
\def\maxwidth{% |
|
55 |
\ifdim\Gin@nat@width>0.9\linewidth |
|
56 |
0.9\linewidth
|
|
57 |
\else
|
|
58 |
\Gin@nat@width
|
|
59 |
\fi
|
|
60 |
}
|
|
61 |
\makeatother
|
|
62 |
||
63 |
% Screenshot figures. The filename and the caption.
|
|
64 |
\newcommand{\SSF}[2]{ |
|
65 |
\begin{figure}[htp!] |
|
66 |
\centering
|
|
67 |
\fbox{\parbox{0.9\linewidth}{ \centering |
|
68 |
\includegraphics[width=\maxwidth]{screens/#1} |
|
69 |
\caption{#2}\label{fig:#1}}} |
|
70 |
||
71 |
\end{figure} |
|
72 |
(figure~\ref{fig:#1})} |
|
73 |
||
74 |
\usepackage[bookmarksopen=true,bookmarksopenlevel=1,
|
|
75 |
bookmarksnumbered=true, |
|
76 |
colorlinks=true, urlcolor=blue, |
|
77 |
breaklinks=true, |
|
78 |
pdftitle={Topal manual}, |
|
79 |
pdfauthor={Phil Brooke}, |
|
80 |
pdfsubject={Topal}, |
|
81 |
pdfkeywords={Topal, Pine, Alpine, OpenPGP, SMIME, GnuPG} |
|
82 |
]{hyperref} |
|
83 |
||
84 |
% Footing.
|
|
85 |
\fancyfoot{} |
|
86 |
\fancyfoot[RO,LE]{\thepage} |
|
87 |
||
88 |
||
89 |
\begin{document} |
|
90 |
||
91 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
92 |
% Title page/front cover
|
|
93 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
94 |
||
95 |
\pagestyle{empty} |
|
96 |
||
97 |
\begin{titlepage} |
|
98 |
||
99 |
\pdfbookmark[1]{Title page}{pdf:titlePage} |
|
100 |
\setlength{\parindent}{0pt} |
|
101 |
\raggedright
|
|
102 |
||
103 |
{\Huge\bf\scshape Topal\\\bigskip\large GPG/GnuPG and Alpine/Pine integration}\\[10ex] |
|
104 |
||
105 |
||
106 |
{\Large Phil Brooke |
|
107 |
}
|
|
108 |
||
109 |
\vfill
|
|
110 |
||
111 |
Release~\TopalRelease\\
|
|
112 |
\TopalBuildDate
|
|
113 |
||
114 |
\setlength{\parindent}{\Oldparindent} |
|
115 |
||
116 |
\end{titlepage} |
|
117 |
||
118 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
119 |
% Inside front cover.
|
|
120 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
121 |
||
122 |
||
123 |
\vefill
|
|
124 |
\setlength{\parindent}{0pt} |
|
125 |
||
126 |
{
|
|
127 |
||
128 |
||
129 |
Topal: GPG/GnuPG and Alpine/Pine integration |
|
130 |
||
1.2.6
by Phil Brooke
Import upstream version 75 |
131 |
Copyright \copyright~ 2001--2012 Phillip J. Brooke
|
1.2.5
by Phil Brooke
Import upstream version 74 |
132 |
|
133 |
This program is free software: you can redistribute it and/or modify |
|
134 |
it under the terms of the GNU General Public License version 3 as |
|
135 |
published by the Free Software Foundation. |
|
136 |
||
137 |
This program is distributed in the hope that it will be useful, |
|
138 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
139 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
140 |
GNU General Public License for more details. |
|
141 |
||
142 |
You should have received a copy of the GNU General Public License |
|
143 |
along with this program. If not, see \url{http://www.gnu.org/licenses/}. |
|
144 |
}
|
|
145 |
||
146 |
\setlength{\parindent}{\Oldparindent} |
|
147 |
||
148 |
||
149 |
\cleardoublepage
|
|
150 |
||
151 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
152 |
% Front matter, ToC, LoF, ...
|
|
153 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
154 |
||
155 |
\pagestyle{fancy} |
|
156 |
\renewcommand{\headrulewidth}{0pt} |
|
157 |
\fancyhead{} |
|
158 |
||
159 |
\pagenumbering{roman} |
|
160 |
\setcounter{page}{1} |
|
161 |
||
162 |
\pdfbookmark[1]{Table of contents}{pdf:TOC} |
|
163 |
\tableofcontents
|
|
164 |
||
165 |
\cleardoublepage
|
|
166 |
||
167 |
||
168 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
169 |
% Main matter.
|
|
170 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
171 |
||
172 |
\pagenumbering{arabic} |
|
173 |
\setcounter{page}{1} |
|
174 |
||
175 |
||
176 |
||
177 |
\chapter{Introduction \& features} |
|
178 |
||
179 |
Topal is a ‘glue’ program that links |
|
180 |
\href{http://www.gnupg.org}{GnuPG} |
|
181 |
and |
|
182 |
\href{http://www.washington.edu/pine/}{Pine}/% |
|
183 |
\href{http://www.washington.edu/alpine/}{Alpine}/% |
|
184 |
\href{http://sourceforge.net/projects/re-alpine/}{``Re-Alpine'' (from |
|
185 |
Sourceforge)}.
|
|
186 |
It offers |
|
187 |
facilities to encrypt, decrypt, sign and verify emails, including |
|
188 |
inline OpenPGP, MIME/OpenPGP and S/MIME. It |
|
189 |
can also be used directly from the command-line. |
|
190 |
||
191 |
\section{Features} |
|
192 |
||
193 |
\begin{itemize} |
|
194 |
\item Multiple inline PGP blocks can be processed in display filters.
|
|
195 |
\item Decryption and verification output can be cached to reduce the
|
|
196 |
number of times a passphrase is entered\footnote{Note that you should also |
|
197 |
consider the use of \texttt{gpg-agent}.}. This also helps when |
|
198 |
secret keys aren't always available, at the expense of storing |
|
199 |
decrypted output. |
|
200 |
\item MIME/OpenPGP (RFC2015/RFC3156) multipart messages can be sent
|
|
201 |
and received. Depending on configuration, this might involve |
|
202 |
procmail or patching Alpine. |
|
203 |
\item The deprecated application/pgp content-type can be sent and received.
|
|
204 |
\item S/MIME messages can be sent and received if \verb|gpgsm| is |
|
205 |
available. (\verb|openssl| is also used in some circumstances, but
|
|
206 |
\verb|gpgsm| is still required.)
|
|
207 |
\item Topal can be used as Alpine's \verb|sendmail-path| command. |
|
208 |
\item Topal has a remote sending mode (a server and a means of
|
|
209 |
accessing the server) for reading email on a distant computer via |
|
210 |
SSH with secret keys on the local computer. |
|
211 |
\item A range of mechanisms for selecting keys for both self and recipients.
|
|
212 |
\item There is a high level of configurability (although the
|
|
213 |
configuration interface does not expose all of it; you'll have to |
|
214 |
edit \verb|.topal/config|).
|
|
215 |
\end{itemize} |
|
216 |
||
217 |
\section{Terminology} |
|
218 |
||
219 |
We use Pine and Alpine interchangably in this manual. The earliest |
|
220 |
version of Pine that Topal supported was 4.44. When referring to |
|
221 |
Thunderbird and Enigmail together, we sometimes just say Thunderbird. |
|
222 |
||
223 |
Similarly, we often use GnuPG, GPG and sometimes OpenPGP and PGP interchangably. |
|
224 |
||
225 |
\section{Version numbering} |
|
226 |
||
227 |
Recent stable releases have been numbered 55, 56, \ldots. Prior to
|
|
228 |
release 55, the stable releases were 0.7.2, 0.7.8, 0.7.9 and |
|
229 |
0.7.13.6. |
|
230 |
||
231 |
\chapter{Important changes from previous stable versions} |
|
232 |
||
233 |
\section{Important changes in release 70} |
|
234 |
||
235 |
The \verb|use-agent| option sets GPG's \verb|--use-agent| |
|
236 |
option as needed. Don't set it in any other way or it might be confusing\ldots.
|
|
237 |
||
238 |
\section{Important changes in release 68} |
|
239 |
||
240 |
\begin{itemize}\item |
|
241 |
The sending interface has changed. Selecting (for example) ‘e’ for |
|
242 |
encrypt no longer immediately operates. Instead, the desired |
|
243 |
operation is chosen, and then ‘g’ for ‘Go!’ is used. This allows |
|
244 |
defaults to be associated with keys and email addresses in a |
|
245 |
sensible way. |
|
246 |
\item The MIME viewer setting \verb|mime-viewer| |
|
247 |
has been replaced by two new settings, one for decrypting and one |
|
248 |
for verifying. You should set these to suit your preferences. (The |
|
249 |
redundant line will be dropped the next time you save your |
|
250 |
configuration inside Topal.) |
|
251 |
\end{itemize} |
|
252 |
||
253 |
\section{Important changes in release 65} |
|
254 |
||
255 |
An additional patch has been added. This should make the procmail |
|
256 |
recipe redundant. More testing is required: it may have broken other |
|
257 |
Alpine features. |
|
258 |
||
259 |
||
260 |
\section{Important changes in release 60} |
|
261 |
||
262 |
MIME sending now requires MIME-tool; mime-construct is no longer |
|
263 |
used. See the compilation and installation instructions. |
|
264 |
||
265 |
||
266 |
\section{Important changes in release 58} |
|
267 |
||
268 |
The default configuration no longer uses absolute paths. |
|
269 |
||
270 |
\section{Important changes in release 55} |
|
271 |
||
272 |
\begin{itemize}\item |
|
273 |
If you use a non-English locale, please check that Topal still works |
|
274 |
as expected (I replaced code that fixed some locale problems). |
|
275 |
\item The Alpine patch is based off my old Pine patches, but does a
|
|
276 |
little more. You will need to set the |
|
277 |
\begin{quote} |
|
278 |
\verb|Enable Topal hack for OpenPGP/MIME messages|
|
|
279 |
\end{quote} |
|
280 |
option in the |
|
281 |
hidden configuration list. Bug reports welcome. |
|
282 |
\item The
|
|
283 |
\verb|--fix-email| wrapper no longer creates a
|
|
284 |
multipart/alternative: it creates a multipart/misc wrapper instead. |
|
285 |
Please check that your procmail recipe includes a suitable backup in |
|
286 |
case this doesn't work for you. |
|
287 |
\end{itemize} |
|
288 |
||
289 |
\section{Important changes in version 0.7.10} |
|
290 |
||
291 |
The recommended procmail recipe has been changed. |
|
292 |
||
293 |
\section{Important changes in version 0.7.8} |
|
294 |
||
295 |
\verb|topal-fix-email| and \verb|topal-fix-folder| have been replaced by the |
|
296 |
main topal binary. Change \verb|topal-fix-email| in your .procmailrc to be
|
|
297 |
\verb|topal --fix-email|. (Or add symlinks: the binary checks what it has been called as.)
|
|
298 |
||
299 |
You \emph{must} clear your cache otherwise the changes made for\linebreak |
|
300 |
\verb|inline-separate-output| \marginpar{New in version~0.7.8.} will break (this occurs regardless of whether |
|
301 |
the option is on or off). This new feature shows the GnuPG/Topal |
|
302 |
output separately, then hands back the decrypted or verified output |
|
303 |
without any wrappers. This makes it more suitable for dealing with |
|
304 |
attachments (but you need to set it manually via |
|
305 |
\verb|topal -config|).
|
|
306 |
||
307 |
||
308 |
Finally, the send menu has a new option: ‘Pass through unchanged’. |
|
309 |
This does nothing to the message so, you can |
|
310 |
always have Topal invoked as a filter for sending. |
|
311 |
||
312 |
\chapter{Installation and configuration} |
|
313 |
||
314 |
\section{Options} |
|
315 |
||
316 |
Topal supports a range of modes; some have particular requirements: |
|
317 |
the following table summarises them. |
|
318 |
||
319 |
\newcommand{\colh}[1]{\rotatebox{89}{\parbox{5cm}{\raggedright #1}}} |
|
320 |
\noindent\begin{tabular}{lccccccc} |
|
321 |
\hline
|
|
322 |
&
|
|
323 |
\colh{Apply patch \texttt{-1} to Alpine} |
|
324 |
&
|
|
325 |
\colh{Apply patch \texttt{-2} to Alpine} |
|
326 |
&
|
|
327 |
\colh{Configure Alpine's \texttt{sending-filters}} |
|
328 |
&
|
|
329 |
\colh{Configure Alpine's \texttt{display-filters}} |
|
330 |
&
|
|
331 |
\colh{Configure Alpine's \texttt{sendmail-path}} |
|
332 |
&
|
|
333 |
\colh{Configure \texttt{.mailcap}} |
|
334 |
&
|
|
335 |
\colh{Configure \texttt{.procmail} or run \texttt{topal --fix-email}} |
|
336 |
\\
|
|
337 |
\hline
|
|
338 |
Encrypt/sign inline OpenPGP &&&$\vee$&&$\vee$&&\\ |
|
339 |
Decrypt/verify inline OpenPGP &&&&\checkmark&&&\\ |
|
340 |
Encrypt/sign MIME/OpenPGP &$\vee$&&&&$\vee$&&\\ |
|
341 |
Decrypt/verify MIME/OpenPGP &&$\wedge$&&&&$\wedge$&\textopenbullet\\ |
|
342 |
Encrypt/sign S/MIME &\textopenbullet&&&&$\star$&&\\ |
|
343 |
Decrypt/verify S/MIME &&$\wedge$&&&&$\wedge$&\textopenbullet\\ |
|
344 |
\hline
|
|
345 |
\end{tabular}\bigskip |
|
346 |
||
347 |
\noindent Key:
|
|
348 |
\begin{tabular}[t]{cl} |
|
349 |
\hline
|
|
350 |
\checkmark&The only option.\\ |
|
351 |
$\wedge$&Use both of these together.\\ |
|
352 |
$\vee$&Use either of these.\\ |
|
353 |
$\star$&This is a preferred option, but you can use an alternative (\textopenbullet).\\ |
|
354 |
\textopenbullet&This is a possible option, but there is a better |
|
355 |
option ($\star$ or $\wedge$).\\ |
|
356 |
\hline
|
|
357 |
\end{tabular}\bigskip |
|
358 |
||
359 |
Inline OpenPGP is processed via Alpine's sending and display filters. |
|
360 |
So you need to configure this within Alpine. |
|
361 |
||
362 |
MIME messages are more complicated. MIME/OpenPGP messages can be sent |
|
363 |
if patch 1 is applied to Alpine. However, although the corresponding |
|
364 |
S/MIME messages appear to be correctly formed, use of patch 1 requires |
|
365 |
that the message is embedded within a multipart/mixed message --- and |
|
366 |
other mail clients (such as Mozilla Thunderbird and MS Outlook) will |
|
367 |
not handle them properly. So for S/MIME sending, you are strongly |
|
368 |
recommended to use Topal as a \verb|sendmail-path| for Alpine.
|
|
369 |
||
370 |
Receipt of MIME messages (both OpenPGP and S/MIME) is best handled via |
|
371 |
Alpine with patch 2. This will cause Alpine to crash if your |
|
372 |
\verb|.mailcap| is not properly configured to handled the cryptography
|
|
373 |
multipart/* types. An alternative is to invoke Topal's |
|
374 |
\verb|--fix-email| mode via \verb|.procmail| which rewrites the |
|
375 |
top-level cryptographic message into a multipart/mixed message |
|
376 |
that can be more easily processed by Alpine. |
|
377 |
||
378 |
\section{Compilation and installation} |
|
379 |
||
380 |
To compile Topal, you need |
|
381 |
\begin{compactitem}\item |
|
382 |
a working C compiler, |
|
383 |
\item
|
|
384 |
the GNU Ada Compiler (GNAT), |
|
385 |
and |
|
386 |
\item some common libraries, including \verb|readline| (e.g., the |
|
387 |
package \linebreak\verb|libreadline6-dev| on Debian).
|
|
388 |
\end{compactitem} |
|
389 |
There is a makefile: simply type \verb|make|.
|
|
390 |
||
391 |
Type \verb|make install| to actually install. The default location
|
|
392 |
is \verb|/usr|, so you'll need to be root to install. Alternatively, use
|
|
393 |
\linebreak\verb|make install INSTALLPATH=/usr/local| to install into
|
|
394 |
\verb|/usr/local|. (Or use the more specific variables \verb|INSTALLPATHBIN|, |
|
395 |
\verb|INSTALLPATHMAN|, \verb|INSTALLPATHDOC| and \verb|INSTALLPATHPATCHES|.) |
|
396 |
||
397 |
||
398 |
||
399 |
\subsection{Cygwin} |
|
400 |
||
401 |
Before using the makefile, please apply the patch |
|
402 |
\verb|cygwin.patch|. I haven't recently tested this\ldots. |
|
403 |
||
404 |
\subsection{MIME-tool} |
|
405 |
||
406 |
MIME sending requires the Topal version of Jeffrey S.~Dutky's |
|
407 |
\verb|mime-tool|. This is included with the Topal sources, and is
|
|
408 |
compiled and installed at the same time using the Makefile. |
|
409 |
||
410 |
||
411 |
\subsection{MIME viewing} |
|
412 |
||
413 |
||
414 |
MIME viewing can be handled via |
|
415 |
\begin{compactenum}\item |
|
416 |
metamail, \item run-mailcap, or \item by saving to a file (mbox format) in the \verb|~/.topal| |
|
417 |
directory and viewing with Alpine. |
|
418 |
\end{compactenum} |
|
419 |
If |
|
420 |
you are using patch~2 |
|
421 |
(see ``Alpine patches'' below), then |
|
422 |
depending on your Alpine configuration, Alpine might say something |
|
423 |
like |
|
424 |
\begin{quote} |
|
425 |
\verb|Attachment SIGNED unrecognized. Try opening anyway?|
|
|
426 |
\end{quote} |
|
427 |
--- you |
|
428 |
should say \verb|yes| in that case.
|
|
429 |
||
430 |
||
431 |
\subsection{GNU sed} |
|
432 |
||
433 |
GNU sed is required. I only discovered this when using Topal on Mac |
|
434 |
OS X\ldots.
|
|
435 |
||
436 |
\section{Alpine patches} |
|
437 |
||
438 |
There are two patches, for a range of versions of Pine and Alpine. |
|
439 |
Patch 1 deals with sending MIME messages (\verb|-sendmime|); patch 2 with receiving them.
|
|
440 |
||
441 |
\begin{centering} |
|
442 |
\begin{tabular}{lcc} |
|
443 |
\hline
|
|
444 |
&Patch 1&Patch 2\\ |
|
445 |
\hline
|
|
446 |
Pine 4.44&\checkmark&\\ |
|
447 |
Pine 4.50&\checkmark&\\ |
|
448 |
Pine 4.53&\checkmark&\\ |
|
449 |
Pine 4.58&\checkmark&\\ |
|
450 |
Pine 4.60&\checkmark&\\ |
|
451 |
Pine 4.64&\checkmark&\\ |
|
452 |
Alpine 1.00&\checkmark&\\ |
|
453 |
Alpine 2.00&\checkmark&\checkmark\\ |
|
454 |
Alpine 2.02&\checkmark&\checkmark\\ |
|
455 |
\hline
|
|
456 |
\end{tabular} |
|
457 |
||
458 |
\end{centering} |
|
459 |
\bigskip
|
|
460 |
||
461 |
To apply these patches, |
|
462 |
\verb|cd| into the Pine or Alpine source directory and use the
|
|
463 |
\verb|patch| command, \eg, \verb|patch -p1 < -2.02.patch-1|. |
|
464 |
||
465 |
Please note that the Alpine patches also modify Alpine's |
|
466 |
configuration. There is a hidden preference ‘enable Topal hack’ |
|
467 |
(\verb|enable-topal-hack|) that you need to enable.
|
|
468 |
||
469 |
||
470 |
% It doesn't seem to have broken anything else.... It seems to work for
|
|
471 |
% sending via an SMTP server - it might break for sending via
|
|
472 |
% /usr/lib/sendmail (if it does, please send me a debug trace by
|
|
473 |
% invoking pine with ‘\verb|-d 9|’).
|
|
474 |
||
475 |
||
476 |
\section{Alpine filter configuration} |
|
477 |
||
478 |
||
479 |
Assuming that the topal binary is installed in \verb|/usr/bin|, set up
|
|
480 |
the Alpine sending and display filters as follows: |
|
481 |
||
482 |
\begin{lstlisting} |
|
483 |
display-filters=_BEGINNING("-----BEGIN PGP ")_ /usr/bin/topal |
|
484 |
-display _TMPFILE_ _RESULTFILE_ |
|
485 |
||
486 |
sending-filters=/usr/bin/topal --read-from _INCLUDEALLHDRS_ |
|
487 |
-send _TMPFILE_ _RESULTFILE_ _RECIPIENTS_, |
|
488 |
/usr/bin/topal --read-from _INCLUDEALLHDRS_ |
|
489 |
-sendmime _TMPFILE_ _RESULTFILE_ _MIMETYPE_ |
|
490 |
_RECIPIENTS_ |
|
491 |
\end{lstlisting} |
|
492 |
||
493 |
You can choose either or both of the sending filters. The \verb|-sendmime|
|
|
494 |
option allows the user to choose the MIME type of the outbound |
|
495 |
email. (Legacy fixes are in place that make \verb|-decrypt| and \verb|-verify| |
|
496 |
behave the same as \verb|-display|.) Note that
|
|
497 |
\verb|_RECIPIENTS_| must be last. |
|
498 |
||
499 |
||
500 |
||
501 |
||
502 |
||
503 |
The \verb|--read-from _INCLUDEALLHDRS_|\label{pg:readFrom} text makes Topal attempt to |
|
504 |
guess a suitable key for signing and self-encryption. If multiple |
|
505 |
possible keys match, then you'll be offered a menu of the keys. Use |
|
506 |
of this option is strongly recommended (but can be omitted). |
|
507 |
||
508 |
\section{Alpine sendmail-path configuration} |
|
509 |
||
510 |
As an alternative (or addition!) to setting filters (above), you can set |
|
511 |
\begin{lstlisting} |
|
512 |
sendmail-path="/usr/bin/topal -asend" |
|
513 |
\end{lstlisting} |
|
514 |
Also see section~\ref{sec:smp-config} for more details on configuring |
|
515 |
this mode. |
|
516 |
||
517 |
This option allows Topal to handle attachments added within Alpine, |
|
518 |
whereas sending using patch 1 requires that attachments are added via |
|
519 |
Topal's interface (otherwise the attachments aren't covered by |
|
520 |
encryption or signing). |
|
521 |
||
522 |
\section{Mailcap configuration} |
|
523 |
||
524 |
||
525 |
To decode MIME RFC2015/3156 multipart/signed and /encrypted messages |
|
526 |
requires help via the ``mailcap'' system. Add in either the user mailcap |
|
527 |
configuration (\verb|.mailcap|) or the system configuration
|
|
528 |
(\verb|/etc/mailcap|) the lines
|
|
529 |
||
530 |
\begin{lstlisting} |
|
531 |
multipart/signed; /usr/bin/topal -mime '%\%%s' '%\%%t'; needsterminal
|
|
532 |
multipart/encrypted; /usr/bin/topal -mime '%\%%s' '%\%%t'; needsterminal
|
|
533 |
application/pgp; /usr/bin/topal -mimeapgp '%\%%s' '%\%%t'; needsterminal
|
|
534 |
\end{lstlisting} |
|
535 |
||
536 |
Note that Alpine has been known to crash if you compile it with the |
|
537 |
second patch, but do not set up your mailcap file to handle these |
|
538 |
multipart types. |
|
539 |
||
540 |
||
541 |
\section{Procmail configuration}\label{sec:procmail-configuration} |
|
542 |
||
543 |
From Topal version 65, this recipe is no longer needed if you are |
|
544 |
using patch~2. |
|
545 |
||
546 |
If you prefer to modify inbound multipart messages rather than use |
|
547 |
patch~2, you should add this recipe to your \verb|.procmailrc|:
|
|
548 |
\begin{lstlisting} |
|
549 |
:0fw |
|
550 |
| /usr/bin/topal --fix-email |
|
551 |
\end{lstlisting} |
|
552 |
This causes Topal to examine all inbound emails. Those with top-level |
|
553 |
multipart/signed or multipart/encrypted MIME types are modified to add |
|
554 |
a multipart/misc wrapper so that Alpine can hand it off to |
|
555 |
Topal. All other emails are left unchanged. |
|
556 |
||
557 |
I strongly advise that you also use one of the backup |
|
558 |
recipes from the procmail manual. |
|
559 |
||
560 |
||
561 |
\section{Topal configuration} |
|
562 |
||
563 |
||
564 |
Create a directory called ‘\verb|${HOME}/.topal|’. This is |
|
565 |
currently hard-coded into Topal. Create the basic configuration file |
|
566 |
by running topal with the \verb|-dump| or \verb|-default| options. |
|
567 |
This file should be named ‘\verb|config|’. |
|
568 |
||
569 |
||
570 |
||
571 |
All \verb|.topal| files are silently ignored if they cannot be found. |
|
572 |
Comments begin with a \verb|#| in the first column, and run to the end of a |
|
573 |
line. They are totally ignored and are not currently preserved.
|
|
574 |
Parsing errors cause an exception.
|
|
575 |
||
576 |
||
577 |
||
578 |
If you want to include strings with spaces, you'll need to quote them
|
|
579 |
with double-quotes (\verb|"|). Double-quotes themselves can be |
|
580 |
included by ‘stuffing’ (\verb|""|). |
|
581 |
||
582 |
||
583 |
||
584 |
\chapter{Usage} |
|
585 |
||
586 |
||
587 |
\section{Help!} |
|
588 |
||
589 |
||
590 |
\verb|-help| as the first argument dumps a help message. |
|
591 |
||
592 |
||
593 |
The help message is derived from the \verb|help.txt| file in the |
|
594 |
source distribution.
|
|
595 |
||
596 |
||
597 |
See \verb|help.txt| for information on non-Pine use of Topal (section~\ref{sec:nonpine}). |
|
598 |
||
599 |
||
600 |
||
601 |
Send \href{mailto:pjb@lothlann.freeserve.co.uk}{email to me} if you're really stuck. |
|
602 |
||
603 |
||
604 |
\section{Configuration} |
|
605 |
||
606 |
||
607 |
\verb|-config| as the first argument brings up the configuration menu. |
|
608 |
This menu is also available when sending (so that the signing key can |
|
609 |
be changed). |
|
610 |
||
611 |
||
612 |
||
613 |
However, not all features can be configured via the menus. In some
|
|
614 |
cases, you'll need to edit \verb|.topal/config|. Later sections in |
|
615 |
this manual give specific instructions for particular features.
|
|
616 |
||
617 |
||
618 |
||
619 |
If you want to change the comment mentioning Topal when sending
|
|
620 |
messages (\ie, the bit saying \verb|Topal (http://freshmeat.net/projects/topal)|) then modify |
|
621 |
\verb|sending-options| (via the configuration menu or the \verb|config| |
|
622 |
file). |
|
623 |
||
624 |
||
625 |
||
626 |
Colours were introduced in release 71. If you want to turn them off, |
|
627 |
set \verb|ansi-terminal=off| in the \verb|config| file. You can |
|
628 |
change the colours by setting
|
|
629 |
\verb|colour-menu-title|, |
|
630 |
\verb|colour-menu-key|, |
|
631 |
\verb|colour-menu-choice|, |
|
632 |
\verb|colour-important|, |
|
633 |
\verb|colour-banner| and |
|
634 |
\verb|colour-info|. The codes are the escape codes (see, for |
|
635 |
example, colour table in the
|
|
636 |
\url{http://en.wikipedia.org/wiki/ANSI_escape_code} Wikipedia article on ANSI escape codes). |
|
637 |
||
638 |
\section{Decryption/verification} |
|
639 |
||
640 |
||
641 |
Depending on configuration, Topal will either ignore the file
|
|
642 |
altogether, ask you what you want to do with it, or proceed to
|
|
643 |
process the file automatically.
|
|
644 |
||
645 |
||
646 |
||
647 |
GPG will ask you for your passphrase when it needs it.
|
|
648 |
||
649 |
||
650 |
||
651 |
Caching is in place; the results of decryption and verification are
|
|
652 |
(subject to configuration) saved in \verb|~/.topal/cache|. The results of |
|
653 |
caching mean that you won't be repeatedly asked for your passphrase,
|
|
654 |
at the expense of storing decrypts in the clear.
|
|
655 |
||
656 |
||
657 |
||
658 |
Be warned: Topal often invokes \verb|less| to view something. So you'll |
|
659 |
need to use \verb|q| to get out of it. \verb|metamail| |
|
660 |
or \verb|run-mailcap| may be called for anything |
|
661 |
after MIME processing.
|
|
662 |
||
663 |
||
664 |
||
665 |
A new option \marginpar{New in version~0.7.8.} called \verb|inline-separate-output| |
|
666 |
concerns inlined (\ie, not MIME) messages. If the option is on, then |
|
667 |
the Topal/GnuPG output will be shown to you by \verb|less|. Then the |
|
668 |
decrypted or verified output will be handed back to Pine/Alpine. This is the |
|
669 |
way to approach attachments. However, you will normally want to keep
|
|
670 |
this option off, because if you're reading (for example) BugTraq |
|
671 |
mailings, then it will want you to hit \verb|q| an awful lot\ldots. |
|
672 |
||
673 |
||
674 |
\section{Sending} |
|
675 |
||
676 |
\subsection{Main send menu} |
|
677 |
||
678 |
||
679 |
Topal initially displays some chatter about selecting keys,
|
|
680 |
including (if possible) a key for the sending user. After that, you |
|
681 |
will be presented with the sending main menu~\SSF{mainSendMenu.png}{Main |
|
682 |
sending menu}. Some options (\eg, those |
|
683 |
relating to MIME features) will not be offered unless you use |
|
684 |
the \verb|-sendmime| option. |
|
685 |
||
686 |
||
687 |
‘Abort’ tells Pine/Alpine you don't want Topal to process the email anymore. |
|
688 |
||
689 |
||
690 |
||
691 |
‘Pass through unchanged’ does nothing to the message. This means that
|
|
692 |
you can always have Topal invoked for sending.
|
|
693 |
||
694 |
||
695 |
||
696 |
‘Add own key’ adds an ‘encrypt to self’ key. (It is added by default, |
|
697 |
but if you remove it, this is a quick way to restore it.) |
|
698 |
||
699 |
||
700 |
||
701 |
When you select ‘Go!’ you will be asked to confirm the command-line, |
|
702 |
and after processing, \verb|less| is invoked to visually check that |
|
703 |
the desired result has been achieved. Again, a confirmation is asked
|
|
704 |
for.
|
|
705 |
||
706 |
||
707 |
||
708 |
Topal can offer a choice of three MIME types. Don't use (2 --- app/pgp) |
|
709 |
unless you really know what you're doing. (4 --- multipart encap) is |
|
710 |
only relevant if you are signing and encrypting: this encapsulates a
|
|
711 |
MIME signed message inside an encrypted message (but Thunderbird |
|
712 |
doesn't seem to process the signature on these). Otherwise, we do |
|
713 |
both operations at once. (If you choose ‘clearsign’ and |
|
714 |
‘multipart/*’, then all trailing blank lines will be deleted. Note |
|
715 |
also that Pine/Alpine appears to delete trailing whitespace in |
|
716 |
trailing blank lines.) |
|
717 |
||
718 |
||
719 |
||
720 |
‘Configuration’ offers the same menu that is available from the
|
|
721 |
\verb|-config| option. |
|
722 |
||
723 |
||
724 |
\subsection{List current recipient keys} |
|
725 |
||
726 |
||
727 |
‘List current recipient keys’ offers a list of
|
|
728 |
recipients~\SSF{keyListMenu.png}{Key list menu}. |
|
729 |
||
730 |
||
731 |
‘Quit and return to main send menu’ sends you back to the first menu.
|
|
732 |
||
733 |
||
734 |
||
735 |
‘Add key from main keyring’ prompts you for a search pattern. It will
|
|
736 |
do a general search on your GPG keyring \emph{and add} all matching keys. Beware of just pressing |
|
737 |
enter --- it will select \emph{all} keys on your keyring. |
|
738 |
||
739 |
||
740 |
||
741 |
A better alternative is to use the ‘select after search’ option. This
|
|
742 |
also does a search on your GPG keyring, but then you must select
|
|
743 |
one key to be added to your list of recipients.
|
|
744 |
||
745 |
||
746 |
\subsection{Examine key menu} |
|
747 |
||
748 |
||
749 |
Selecting a key will offer a third menu (a similar menu is offered |
|
750 |
when selecting a single key)~\SSF{examineKeyMenu.png}{Single key menu}. |
|
751 |
||
752 |
||
753 |
‘Return to key list’ takes you back to the second menu.
|
|
754 |
||
755 |
||
756 |
‘Display details of key (less)’ simply uses GPG to list the |
|
757 |
key details via \verb|less|. You'll need to use \verb|q| to get out of \verb|less|. |
|
758 |
||
759 |
||
760 |
||
761 |
‘Verbose details of key (less)’ pipes verbose output from GPG for this |
|
762 |
key into gpg. Again, you'll need to use \verb|q| to get out of \verb|less|. |
|
763 |
||
764 |
||
765 |
||
766 |
‘Remove key from list’ removes the key from this recipient list.
|
|
767 |
||
768 |
||
769 |
\section{Command-line usage}\label{sec:nonpine} |
|
770 |
||
771 |
\subsection{Sending (\texttt{-nps})} |
|
772 |
||
773 |
||
774 |
If you invoke Topal on the command-line with a filename as an |
|
775 |
argument, it will offer the sending functions on that
|
|
776 |
file~\SSF{npsSendMenu.png}{Non-pine sending menu}. It |
|
777 |
doesn't actually send anything: instead it allows you to encrypt,
|
|
778 |
sign, \etc\ the message. {\em You have a choice of overwriting or |
|
779 |
preserving the original file (this bit is case-sensitive).} So \verb|e|, |
|
780 |
\verb|s| and \verb|c| are different from \verb|E|, \verb|S| and |
|
781 |
\verb|C| respectively. |
|
782 |
||
783 |
||
784 |
The main purpose of this mode is for encrypting or signing attachments
|
|
785 |
before they are attached to the message in Pine/Alpine. Beware that Pine/Alpine |
|
786 |
does not feed the attachments to a sending filter. Or you could use
|
|
787 |
the attachments option when using Pine with MIME emails.
|
|
788 |
||
789 |
||
790 |
||
791 |
MIME functions are not available in this mode.
|
|
792 |
||
793 |
||
794 |
\subsection{Receiving (\texttt{-pd})} |
|
795 |
||
796 |
\marginpar{New in release~71.} |
|
797 |
Invoking Topal with only \verb|-pd| as an argument causes it to |
|
798 |
read a message from standard input and attempt to decrypt/verify |
|
799 |
it. This is useful for piping MIME messages from other
|
|
800 |
applications.
|
|
801 |
||
802 |
\section{Remote and server mode} |
|
803 |
||
804 |
||
805 |
Suppose you are reading your email on a remote host via \verb|ssh| (as I |
|
806 |
often do). You now want to compose an email and sign it, but your |
|
807 |
secret key is only accessible on the local computer. Topal has
|
|
808 |
rudimentary support for this (primarily to support my style of |
|
809 |
working). This comes in two parts: a ‘server’ mode to run on the local |
|
810 |
computer (with access to the secret key) and a remote option in the |
|
811 |
sending menu.
|
|
812 |
||
813 |
||
814 |
||
815 |
The server mode (on the local host) is started by running |
|
816 |
\verb|topal -server|. This is where GPG requests for signing are made. |
|
817 |
||
818 |
||
819 |
||
820 |
When sending, you can choose ‘remote’. This prompts for the host to
|
|
821 |
connect to using \verb|ssh|/\verb|scp|: this host should be running the ‘server’. |
|
822 |
The files are sent to the local server, processed by the server, then
|
|
823 |
the results are copied back. \verb|ssh| and \verb|scp| are both used: because |
|
824 |
they're used repeatedly, you might want to use key-based |
|
825 |
authentication and have the key added to a current \verb|ssh-agent|. |
|
826 |
||
827 |
||
828 |
||
829 |
There is also a remote mode for receiving, with a similar behaviour as
|
|
830 |
for sending. Alternatively could use something
|
|
831 |
like unison (or some other file synchroniser or a simple scp) to move |
|
832 |
the email(s) concerned, then view them on the local computer. |
|
833 |
||
834 |
||
835 |
A generally better alternative is to process your email locally by
|
|
836 |
using IMAPS and SMTPS to remotely access the mail server.
|
|
837 |
||
838 |
||
839 |
\section{Fixing multipart emails} |
|
840 |
||
841 |
||
842 |
Two scripts used to be included with topal (long ago): |
|
843 |
\verb|topal-fix-email| and \verb|topal-fix-folder|. They have |
|
844 |
been replaced by the \verb|--fix-email| and \verb|--fix-folder| |
|
845 |
command-line options to the main binary. |
|
846 |
||
847 |
||
848 |
||
849 |
\verb|topal --fix-email| modifies any email that is (at the top |
|
850 |
level) a multipart/signed or multipart/encrypted message. It creates |
|
851 |
a multipart/misc message instead: this revised message is simply a |
|
852 |
wrapped version of the original message so that Pine/Alpine can pass the |
|
853 |
signed or encrypted part to Topal.
|
|
854 |
||
855 |
||
856 |
||
857 |
Usage:
|
|
858 |
\begin{itemize}\item |
|
859 |
\verb|topal --fix-folder <folder> ...| |
|
860 |
fixes the named email folders.
|
|
861 |
\item |
|
862 |
\verb|topal --fix-email| takes no arguments; it accepts |
|
863 |
a single email on stdin. Ideally, it should be invoked by procmail
|
|
864 |
(see section~\ref{sec:procmail-configuration}). |
|
865 |
\end{itemize} |
|
866 |
||
867 |
\verb|topal --fix-email| has a simpler mode (\verb|--simple|) where it |
|
868 |
pretends that there are two MIME content types:
|
|
869 |
‘application/x-topal-encrypted’ and ‘application/x-topal-signed’. You |
|
870 |
might prefer using this. These effectively rename the multipart email
|
|
871 |
instead of wrapping it.
|
|
872 |
||
873 |
||
874 |
Why do we need this? If we just set the \verb|.mailcap| file |
|
875 |
for, say, multipart/signed, then Alpine (at least version 1.00) is |
|
876 |
unable to handle a top-level multipart/signed email: an error message |
|
877 |
starting
|
|
878 |
\begin{quote} |
|
879 |
\verb|Can't find body for requested message| |
|
880 |
\end{quote} |
|
881 |
is seen. But
|
|
882 |
multipart/signed inside a multipart/mixed (or multipart/alternative, |
|
883 |
\etc) can be successfully handed-off to Topal. |
|
884 |
||
885 |
Replying to such messages is a pain: you'll have to save off the
|
|
886 |
actual message and read it in. Suggestions on fixing this are welcome\ldots. |
|
887 |
||
888 |
See \verb|Workaround.Fix_Email| in the sources for more details. |
|
889 |
||
890 |
||
891 |
\chapter{Notes} |
|
892 |
||
893 |
This chapter includes a number of notes, explanations and further details.
|
|
894 |
||
895 |
\section{The Pine/Alpine patches, and sending other attachments} |
|
896 |
||
897 |
||
898 |
What does the (first) patch to Alpine do? It removes some of the safety |
|
899 |
checking when changing the content-type (\verb|_MIMETYPE_|) in a filter. |
|
900 |
Normally, if the returned content-type is not text/*, then the entire |
|
901 |
content-type is dropped by Alpine. |
|
902 |
||
903 |
||
904 |
||
905 |
The patch instead adds a flag, ‘\verb|topal_hack|’, and sets this if the |
|
906 |
returned content-type is not text. From time-to-time, we |
|
907 |
pretend that the body is normal text. We take a little care to check
|
|
908 |
if this message is already a multipart message, so hopefully, the normal
|
|
909 |
sending of attachments still works. However, these attachments are
|
|
910 |
\emph{not} encrypted or signed by Topal. You will need to separately |
|
911 |
process them before attaching them in Alpine (\eg, using the |
|
912 |
command-line mode described in section~\ref{sec:nonpine}) or add them |
|
913 |
using Topal's attachment menu (if you are using Topal's MIME sending features). |
|
914 |
||
915 |
||
916 |
The second patch file \marginpar{New from Topal release~65 for Alpine~2.00.} |
|
917 |
slightly modifies some of the mail reading code to allow .mailcap
|
|
918 |
settings to act directly on top-level multipart messages. But see |
|
919 |
section~\ref{sec:crash-second-patch} if you find Alpine crashes when |
|
920 |
this patch is used.
|
|
921 |
||
922 |
||
923 |
\section{Key IDs and keylists} |
|
924 |
||
925 |
||
926 |
Topal internally lists keys by their fingerprint. It uses GPG to look
|
|
927 |
up key fingerprints by using whatever GPG can cope with.
|
|
928 |
||
929 |
||
930 |
||
931 |
Duplicate keys are silently suppressed. Removing a key only removes
|
|
932 |
one instance, so if somehow you've coerced Topal to list duplicates
|
|
933 |
(which is quite easy, since adding a key with its short key ID, and |
|
934 |
the same key with its fingerprint will add two identical keys). |
|
935 |
||
936 |
||
937 |
The way that Topal chooses the keys is as follows:
|
|
938 |
\begin{itemize}\item |
|
939 |
For each recipient email address (supplied by Pine) |
|
940 |
\begin{enumerate}\item |
|
941 |
For each matching line in keylist, use the key ID to get a
|
|
942 |
fingerprint, and add the key to the list. \item If there are no |
|
943 |
matching lines in keylist, try to get a fingerprint via just that
|
|
944 |
email address (but exclude \verb|xk| configuration entries). |
|
945 |
\end{enumerate} |
|
946 |
\end{itemize} |
|
947 |
||
948 |
||
949 |
||
950 |
The keylist is a way to say, ‘for this particular email address, use
|
|
951 |
this particular key’. In your \verb|config| file, include lines |
|
952 |
such as
|
|
953 |
\begin{lstlisting} |
|
954 |
ake=50973B91,philb@soc.plym.ac.uk |
|
955 |
ake=50973B91,pjb@lothlann.freeserve.co.uk |
|
956 |
\end{lstlisting} |
|
957 |
These mean ‘use key 50973B91 for the given email addresses’. |
|
958 |
Similarly,
|
|
959 |
\begin{lstlisting} |
|
960 |
xk=50973B91 |
|
961 |
\end{lstlisting} |
|
962 |
means ‘don't use key 50973B91’. There are also similar |
|
963 |
\verb|sake| and \verb|sxk| options for selection of secret keys |
|
964 |
via the (recommended) \verb|--read-from| option (page~\pageref{pg:readFrom}). |
|
965 |
||
966 |
For S/MIME, the same lists are used. If a key isn't relevant (an |
|
967 |
S/MIME key when using OpenPGP or \vv) it is ignored. |
|
968 |
Importantly, you need to use \verb|sake|/\verb|sxk| to give the |
|
969 |
signing key for S/MIME, as \verb|my-key| only applies to OpenPGP |
|
970 |
usage.
|
|
971 |
||
972 |
\section{Sending defaults} |
|
973 |
||
974 |
\marginpar{New in release~68.} |
|
975 |
verb|sd| lines in your \verb|config| file can assign a default to a key ID or email address. |
|
976 |
The special string \verb|@ANY@| matches any email address (or |
|
977 |
key). |
|
978 |
The \emph{last matching} \verb|sd| expression applies, so use |
|
979 |
\verb|@ANY@| first. |
|
980 |
||
981 |
The individual letters mean\\ |
|
982 |
||
983 |
\begin{centering} |
|
984 |
\begin{tabular}[t]{ll} |
|
985 |
\verb|n|&no GPG\\ |
|
986 |
\verb|e|&encrypt\\ |
|
987 |
\verb|s|&sign and encrypt\\ |
|
988 |
\verb|c|&clearsign\\ |
|
989 |
\end{tabular} |
|
990 |
\begin{tabular}[t]{ll} |
|
991 |
\verb|I|&inline plain\\ |
|
992 |
\verb|A|&app pgp\\ |
|
993 |
\verb|M|&multipart\\ |
|
994 |
\verb|E|&multipart encapsulated\\ |
|
995 |
\verb|P|&S/MIME (not OpenPGP)\\ |
|
996 |
\end{tabular} |
|
997 |
||
998 |
\end{centering} |
|
999 |
||
1000 |
||
1001 |
\begin{samepage} |
|
1002 |
\noindent Example: |
|
1003 |
\begin{quote} |
|
1004 |
\verb|sd=pjb@lothlann.freeserve.co.uk,eI| |
|
1005 |
\end{quote} |
|
1006 |
means that the default settings for the given address are encryption
|
|
1007 |
and inline plain.
|
|
1008 |
\end{samepage} |
|
1009 |
||
1010 |
Topal will warn you if you are sending to multiple recipients,
|
|
1011 |
\verb|sd| has selected encryption, and not all of the recipients have |
|
1012 |
keys. However, it won't stop you continuing and sending an email that
|
|
1013 |
some recipients can't read.
|
|
1014 |
||
1015 |
||
1016 |
\section{Sendmail-path configuration}\label{sec:smp-config} |
|
1017 |
||
1018 |
||
1019 |
\marginpar{New in release~73.} |
|
1020 |
\verb|sc| lines in your \verb|config| file assign a \verb|sendmail-path| |
|
1021 |
command to the ‘from’ (sending) |
|
1022 |
email address.
|
|
1023 |
Again, the special expression \verb|@ANY@| matches any email address |
|
1024 |
(but not key id's) and the last matching \verb|sd| expression applies. |
|
1025 |
||
1026 |
Example:
|
|
1027 |
\begin{quote} |
|
1028 |
\verb|sc=pjb@lothlann.freeserve.co.uk,mstmp -a default| |
|
1029 |
\end{quote} |
|
1030 |
means that emails sent using that address will actually be sent using
|
|
1031 |
the (external) \verb|msmtp| program. If you are using Topal as a |
|
1032 |
\verb|sendmail-path|, you must ensure that there is a suitable |
|
1033 |
\verb|sc| line, as Topal does not actually know how to send email. |
|
1034 |
||
1035 |
||
1036 |
\subsection{Additional (bcc) recipients} |
|
1037 |
||
1038 |
Note that \verb|msmtp| can add additional recipients, \eg, |
|
1039 |
\begin{quote} |
|
1040 |
\verb|mstmp -a default -- pjb@lothlann.freeserve.co.uk| |
|
1041 |
\end{quote} |
|
1042 |
||
1043 |
\subsection{Message-ID munging} |
|
1044 |
||
1045 |
The \verb|sendmail-path| mode can also modify Message-IDs and Content-IDs. The |
|
1046 |
configuration option \verb|replace-ids| controls this. If set to 0, |
|
1047 |
nothing is changed; 1 causes the Message-ID to be altered; and 2 (the |
|
1048 |
default) alters both Message-ID and Content-IDs (of attachments). |
|
1049 |
||
1050 |
The Message-ID is altered from the standard Alpine form of |
|
1051 |
\begin{quote} |
|
1052 |
\verb|<alpine.DEB.2.02.1103063481092.1140@somewhere.com>| |
|
1053 |
\end{quote} |
|
1054 |
to
|
|
1055 |
\begin{quote} |
|
1056 |
\verb|<1103063481092.1140.NCYBIHRU%user@somehost.org>| |
|
1057 |
\end{quote} |
|
1058 |
The email address used in the replacement is based on the From line.
|
|
1059 |
||
1060 |
\subsection{Send tokens} |
|
1061 |
||
1062 |
The \verb|sendmail-path| mode also enables the \verb|st| (send token) lines in the |
|
1063 |
\verb|config| file. These lines have the form |
|
1064 |
\begin{quote} |
|
1065 |
\verb|st=user@example.org,somepasswordstring| |
|
1066 |
\end{quote} |
|
1067 |
If the Message-ID is altered and there is a matching send token, the |
|
1068 |
original Message-ID is encrypted and stored in the headers. |
|
1069 |
Additionally, a header is added based on this token, the Message-ID |
|
1070 |
and From line. This can be used to match inbound emails (self blind |
|
1071 |
copies) via procmail, \eg, |
|
1072 |
\begin{lstlisting} |
|
1073 |
:0fw |
|
1074 |
* ^From: .*\<user@example.org\>$ |
|
1075 |
| /usr/local/bin/topal --check-send-token somepasswordstring |
|
1076 |
||
1077 |
:0: |
|
1078 |
* ^X-Topal-Check-Send-Token: yes$ |
|
1079 |
.topal-cc/ |
|
1080 |
\end{lstlisting} |
|
1081 |
This causes emails apparently from \verb|user@example.org| to be |
|
1082 |
passed to Topal, which checks the headers. If the header token
|
|
1083 |
matches for that password, a new header, \verb|Topal-Check-Send-Token: yes| is added. |
|
1084 |
Then procmail can filter on the basis of this header.
|
|
1085 |
||
1086 |
\subsection{Missing attachments trap} |
|
1087 |
||
1088 |
\marginpar{New in Topal 73.} If set, the configuration line |
|
1089 |
\verb|attachment-trap=on| causes Topal to complain if the message contains |
|
1090 |
the string “attach” but it does not have any attachments.
|
|
1091 |
||
1092 |
This is only effective if Topal is running as a
|
|
1093 |
\verb|sendmail-path|. |
|
1094 |
||
1095 |
\section{Errors} |
|
1096 |
||
1097 |
||
1098 |
Bad things happening should result in Topal setting its exit status to
|
|
1099 |
‘failed’, so Pine should detect this and not send your email.
|
|
1100 |
||
1101 |
||
1102 |
Bug reports are welcome: send them by email to me (contact details in section~\ref{sec:author}). |
|
1103 |
||
1104 |
||
1105 |
\section{Saving encrypted attachments} |
|
1106 |
||
1107 |
||
1108 |
If an attachment is a plaintext PGP ASCII-armoured message, then Topal |
|
1109 |
will be invoked by Pine. You probably want to say ‘no’ when asked
|
|
1110 |
here (beware of your configuration options here). Otherwise, you'll |
|
1111 |
get a decrypted file with the original attachment filename, plus the
|
|
1112 |
various Topal headers.
|
|
1113 |
||
1114 |
||
1115 |
\section{Locale problems} |
|
1116 |
||
1117 |
||
1118 |
GPG does not do any encoding of input data. This means that the
|
|
1119 |
encoding is dependent on Pine/Alpine and Topal. If a message is sent |
|
1120 |
with one encoding and received by a user running in a different
|
|
1121 |
locale, then we might end up with a good message not verifying (\ie, |
|
1122 |
bad signature). |
|
1123 |
||
1124 |
||
1125 |
||
1126 |
I currently have no way to automatically fix this. However, the
|
|
1127 |
\verb|--ask-charset| option will ask if you want to change the encoding. If you |
|
1128 |
know that the message was written by a UTF-8 user (and you're in a |
|
1129 |
different locale), this might help. (This only happens if a bad |
|
1130 |
signature is returned.) |
|
1131 |
||
1132 |
||
1133 |
||
1134 |
I know it's a kludge. I'd be interested to hear success and failure
|
|
1135 |
reports.
|
|
1136 |
||
1137 |
||
1138 |
\section{“\texttt{Couldn't find certificate needed to sign.}”} |
|
1139 |
||
1140 |
||
1141 |
A regular query (for both Topal and other OpenPGP filters) concerns |
|
1142 |
the message “\texttt{Couldn't find certificate needed to sign.}” This message |
|
1143 |
is part of Alpine's S/MIME support: it is nothing to do with Topal. |
|
1144 |
One option is to turn off the internal S/ MIME support via the |
|
1145 |
(hidden) config option ("\verb|S/MIME -- Turn off S/ MIME|"). |
|
1146 |
||
1147 |
||
1148 |
||
1149 |
\section{Cleaning up the cache} |
|
1150 |
||
1151 |
||
1152 |
You might want to run something like
|
|
1153 |
\begin{quote} |
|
1154 |
\verb|find ${HOME}/.topal/cache -mtime +7 | xargs rm| |
|
1155 |
\end{quote} |
|
1156 |
to remove all the cache files that are a bit old (in this example, 7 |
|
1157 |
days old or older). |
|
1158 |
||
1159 |
||
1160 |
\section{Remote and server mode} |
|
1161 |
||
1162 |
||
1163 |
When remote is invoked in a sending menu: |
|
1164 |
||
1165 |
\begin{itemize} |
|
1166 |
\item The host has to be chosen for \verb|ssh|/\verb|scp|. \item Because Topal |
|
1167 |
might be outside the normal path, you'll be asked for that too. |
|
1168 |
\item The sender \verb|scp|s the relevant files into |
|
1169 |
\verb|.topal/server|. \item The sender calls |
|
1170 |
\begin{quote} |
|
1171 |
\verb|ssh (server) -remotesend ...|
|
|
1172 |
\end{quote} |
|
1173 |
or |
|
1174 |
\begin{quote} |
|
1175 |
\verb|ssh (server) -remotesendmime ...|\end{quote} |
|
1176 |
. \item The invocation of
|
|
1177 |
\verb|-remotesend| or \verb|-remotesendmime| triggers the server to |
|
1178 |
run a new instance of Topal on the local computer. \item When
|
|
1179 |
that instance is finished, the relevant files are copied back, along |
|
1180 |
with the return value. |
|
1181 |
\end{itemize} |
|
1182 |
||
1183 |
For receiving: if decrypt-not-cached/decrypt-cached are set to 2 |
|
1184 |
(ask), then as well as offering to decrypt (yes or no), it will also |
|
1185 |
offer remote decryption. The caching settings are irrelevant at this |
|
1186 |
point. |
|
1187 |
||
1188 |
||
1189 |
\section{Working with GPG Agent} |
|
1190 |
||
1191 |
||
1192 |
The \verb|use-agent| configuration option has three values:
|
|
1193 |
(1) never use an agent, (2) only use it for decryption and (3) always use |
|
1194 |
it. Don't put GPG's \verb|--[no-]use-agent| options in any other
|
|
1195 |
configuration options. |
|
1196 |
||
1197 |
Notes: |
|
1198 |
\begin{enumerate}\item |
|
1199 |
\verb|--no-use-agent| is deprecated in some versions of GPG.
|
|
1200 |
\item If you change \verb|trustlist.txt| (when using \verb|gpgsm|, |
|
1201 |
\ie, GnuPG for S/MIME) then remember to send the \verb|HUP| signal |
|
1202 |
to your current GPG agent. |
|
1203 |
\end{enumerate} |
|
1204 |
||
1205 |
||
1206 |
||
1207 |
\section{Decryption prerequisite} |
|
1208 |
||
1209 |
||
1210 |
This relates to the configuration option \verb|decrypt-prereq|.
|
|
1211 |
||
1212 |
If empty (the default), this is |
|
1213 |
ignored. Otherwise, if decryption is required (\ie, a non-cached
|
|
1214 |
encrypted block is found) it will run the command stated (this should |
|
1215 |
be just the command name, with no arguments). If the command's exit |
|
1216 |
status is |
|
1217 |
0, then decryption continues. If not, then no decryption is attempted. |
|
1218 |
||
1219 |
||
1220 |
||
1221 |
I've introduced this for the case where decryption keys are not always |
|
1222 |
available. It is a nuisance for Topal to offer to decrypt when it |
|
1223 |
cannot. Example: the secret key ring is kept on removable media. |
|
1224 |
Then set |
|
1225 |
\begin{quote} |
|
1226 |
\verb|decrypt-prereq=/path/to/topal-decrypt-prereq|
|
|
1227 |
\end{quote} |
|
1228 |
The |
|
1229 |
executable file \verb|/path/to/topal-decrypt-prereq| contains
|
|
1230 |
something like |
|
1231 |
\begin{quote} |
|
1232 |
\verb|mount grep /path/of/keyring > /dev/null|
|
|
1233 |
\end{quote} |
|
1234 |
This returns 0 if that path is found, and 1 otherwise. |
|
1235 |
||
1236 |
\section{Crash with second patch when reading multipart messages}\label{sec:crash-second-patch} |
|
1237 |
||
1238 |
Some Alpine crashes have been traced to the second Topal patch. |
|
1239 |
||
1240 |
This occurs when you have compiled Alpine using this patch, but not |
|
1241 |
set up your \verb|.mailcap| configuration
|
|
1242 |
appropriately. |
|
1243 |
||
1244 |
\section{New releases} |
|
1245 |
||
1246 |
To be notified of new releases of Topal, send an email to me. |
|
1247 |
||
1248 |
||
1249 |
\section{Interoperability} |
|
1250 |
||
1251 |
I have tested Topal's interoperability with MS Outlook (both IMAP and |
|
1252 |
Exchange) and Thunderbird. It works in all tested cases, except as |
|
1253 |
follows. |
|
1254 |
\begin{itemize} |
|
1255 |
\item At least one instance of MS Exchange rewrites the content-*
|
|
1256 |
headers of inbound clearsigned messages with attachments, which results in |
|
1257 |
the signature failing to verify. This also affects messages sent |
|
1258 |
from Thunderbird and MS Outlook. However, it does not apply to all MS |
|
1259 |
Exchange systems. |
|
1260 |
\item MS Outlook and Thunderbird do not handle clearsigned messages
|
|
1261 |
properly when the clearsigned message is itself part of a |
|
1262 |
multipart/mixed message. The only way to reliably send messages to |
|
1263 |
users of these systems is via the \verb|sendmail-path| mode.
|
|
1264 |
\end{itemize} |
|
1265 |
||
1266 |
||
1267 |
\section{Hints} |
|
1268 |
||
1269 |
\begin{itemize}\item |
|
1270 |
Consider using GPG's \verb|--trusted-key| option in Topal's
|
|
1271 |
\verb|gpg-options| configuration setting. This is useful if you keep your
|
|
1272 |
secret keys offline. \item Use the \verb|--read-from| option (page~\pageref{pg:readFrom}), especially if you |
|
1273 |
use multiple roles rather than setting \verb|my-key|.
|
|
1274 |
\end{itemize} |
|
1275 |
||
1276 |
\chapter{Author}\label{sec:author} |
|
1277 |
||
1278 |
||
1279 |
Phil Brooke wrote this, partially out of boredom, but mostly because |
|
1280 |
he wanted a GPG/Pine add-on to do exactly what he wants. There are |
|
1281 |
many similar programs. |
|
1282 |
||
1283 |
||
1284 |
||
1285 |
If you like this program, please tell me. If you'd like it better |
|
1286 |
with changes, please tell me what changes you want. If particular |
|
1287 |
items on the ‘To do’ list are important to you, let me know. In |
|
1288 |
particular, if you find bugs, feel free to tell me the details by |
|
1289 |
email. |
|
1290 |
||
1291 |
||
1292 |
||
1293 |
||
1294 |
||
1295 |
I can be emailed on |
|
1296 |
\href{mailto:pjb@lothlann.freeserve.co.uk}{\tt pjb@lothlann.freeserve.co.uk}. |
|
1297 |
||
1298 |
||
1299 |
||
1300 |
My key ID is 0x50973B91; the key is available from web pages and public key |
|
1301 |
servers. |
|
1302 |
||
1303 |
||
1304 |
||
1305 |
If you want to send snailmail to me, email me for my (physical) address. |
|
1306 |
||
1307 |
\chapter{Licence} |
|
1308 |
||
1309 |
||
1310 |
This program is free software: you can redistribute it and/or modify |
|
1311 |
it under the terms of the GNU General Public License version 3 as |
|
1312 |
published by the Free Software Foundation. |
|
1313 |
||
1314 |
||
1315 |
This program is distributed in the hope that it will be useful, |
|
1316 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
1317 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
1318 |
GNU General Public License for more details. |
|
1319 |
||
1320 |
||
1321 |
You should have received a copy of the GNU General Public License |
|
1322 |
along with this program. If not, see \url{http://www.gnu.org/licenses/}. |
|
1323 |
||
1324 |
||
1325 |
(See the file \verb|COPYING|.)
|
|
1326 |
||
1327 |
||
1328 |
\chapter{To do} |
|
1329 |
||
1330 |
\begin{itemize}\item |
|
1331 |
Planned releases: |
|
1332 |
\begin{itemize}\item |
|
1333 |
Improve attachments code (and add some |
|
1334 |
documentation). |
|
1335 |
\end{itemize} |
|
1336 |
||
1337 |
\item Better error
|
|
1338 |
handling, particularly when missing dependencies such as |
|
1339 |
mime-construct or metamail. |
|
1340 |
\item Add signal handlers.
|
|
1341 |
\item
|
|
1342 |
Catch GPG keyboard interrupt. |
|
1343 |
\item Should we check that the
|
|
1344 |
infile matches the cache file even if the MD5 hash matches? (We'd |
|
1345 |
need to store the infile in the cache as well.) |
|
1346 |
\item Check
|
|
1347 |
through code: all external calls should check return values. |
|
1348 |
||
1349 |
\item Refactor code.
|
|
1350 |
\item Add interrupt option at very beginning
|
|
1351 |
of execution? (which would bring up the configuration menu?) |
|
1352 |
||
1353 |
\item Associate extra options with particular keys?
|
|
1354 |
\item
|
|
1355 |
Configuration routine for managing keys/config/keylist? |
|
1356 |
\item
|
|
1357 |
Implement rest of configuration menu. |
|
1358 |
\item Make a much nicer
|
|
1359 |
interface all round.... |
|
1360 |
\item Separate out all the constant
|
|
1361 |
strings -- so that we can have internationalization. |
|
1362 |
\item
|
|
1363 |
Context-sensitive help throughout (modify mkhelp to create multiple |
|
1364 |
procedures, or do it by number?); add COPYING option? |
|
1365 |
\item More
|
|
1366 |
receiving/decrypt options: include both plaintext and |
|
1367 |
ciphertext. |
|
1368 |
\item Add periodic cache cleanup when Topal is
|
|
1369 |
invoked? |
|
1370 |
\item Add logging for workaround mode (report time of
|
|
1371 |
email processing (include PID); indicate if the file was changed or |
|
1372 |
not)? |
|
1373 |
\end{itemize} |
|
1374 |
||
1375 |
\chapter{Change log} |
|
1376 |
||
1377 |
The change log is kept in a separate file, \url{Changelog.html}. |
|
1378 |
||
1379 |
\end{document} |