(Large Message!) S/MIME mail support for PINE

2 views
Skip to first unread message

Nancy McGough

unread,
Apr 21, 2002, 11:07:17 AM4/21/02
to
On 21 Apr 2002 Thorsten Glaser (ty...@netcologne.de) wrote:
> I have put the scripts which include documentation as a SH
> archive below, the license is BSD/MIT-style.
> [ deleted ]

Because you used this header

X-No-Archive: Yes

Your message is probably not going to be archived on Google so
I'm not going to be able to link to it on my Pine page. Can you
please either post again without using `X-No-Archive: Yes' or
post a URL where people can get your script?


> _ _ __ _
> / \._ _ ._ |_)(_ | \ ._ o._ _ __ ._ _ o._ _
> \_/|_)(/_| ||_)__)|_/ |_)|| |(/_ | |(_) \/|||_|_>
> | |

cool sig!


Thanks,
Nancy
^x

REFERENCE:
The message I'm replying to -- and this entire thread & group --
will probably not be available at

<http://groups.google.com/groups?selm=Pine.BSO.4.43.02042...@arx.rog.eu.tc>

--
ii Main Pine Page: <http://www.ii.com/internet/messaging/pine/>

Nancy McGough <http://www.ii.com/> Infinite Ink
--= Sent via Pine 4.44: IMAP, NNTP & ESMTP for Unix/Win/MacOS X =--

Thorsten Glaser

unread,
Apr 21, 2002, 11:30:13 AM4/21/02
to
begin electrogrammati illius Nancy McGough

> X-No-Archive: Yes

I realized it right in the moment I hit ^X Y.
Hrm...

Maybe I should use personalities so no X-SMIME: No gets into my
newsgroup postings either...

>cool sig!

Figlet. /usr/ports/misc/figlet if I am not mistaken.

So, I hope this is better (I still wait for feedback,
but am pleased you want to link to it).

From ty...@netcologne.de Sun Apr 21 15:27:37 2002
Date: Sun, 21 Apr 2002 11:17:57 +0001
From: Thorsten Glaser <ty...@netcologne.de>
Newsgroups: comp.mail.pine, comp.unix.bsd.openbsd.misc
Subject: (Large Message!) S/MIME mail support for PINE

Hello all,

I find myself having finished writing a couple of scripts
which add support for sending S/MIME signed eMails via
PINE. Receiving support is done via a | (pipe) filter,
and news posting is not affected at all.
I have tested this on OpenBSD 3.1-current as of April 18th
on the i386 platform using an older PINE 4.43, compiled
on OpenBSD 3.0-current via the ports system.

I have put the scripts which include documentation as a SH

archive below, the license is BSD/MIT-style. Please feel free
to test it and give feedback by reply and/or private mail.

I have tried hard to make the scripts error-less, even rewriting
a whole bunch of lines (converting from while read... to ed), but
I am not sure whether the script does behave well in all cases.

Testing messages have been sent in text/plain and multipart/mixed,
both normally and opaquely signed, and could be verified with
MS Outlook Express and (of course) openssl smime.

The files are intended to be put 0555 in /usr/local/bin.
Note that the password is only scrambled a bit and put into
the environment, but I feel this is better than unprotected keys.

Thanks four your patience,
-Thorsten

--- snip pine-smime.shar
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# pine.smime
# pine.smime.init
#
echo x - pine.smime
sed 's/^X//' >pine.smime << 'END-of-pine.smime'
X#!/bin/sh -
X#
X# smime for PINE, Version 1.12
X# Documentation: see end of file.
X#
X# Copyright (c) 2002 Th.Glaser <ty...@netcologne.de> - All rights reserved.
X# This notion shall be kept with any substantial copy, no matter what kind
X# of, out of the work, be it on paper, electromagnetic or dumped to brain.
X# Permission is hereby granted to any person obtaining a copy of this work
X# to deal in the work, without restrictions, including unlimited rights to
X# use, copy, modify, merge, publish, distribute, sublicense or sell copies
X# of the work, and to permit persons to whom the work is furnished to also
X# do so, as long as due credit is given to the original author and contri-
X# butors and the following disclaimer is kept at a prominent place, in all
X# copies or substantial portions of the work and accompanying documents:
X# This work is provided "AS IS", without warranty of any kind, neither ex-
X# press nor implied, including, but not limited to, the warranties of mer-
X# chantability, fitness for particular purposes and noninfringement. In NO
X# event shall the author and contributors be liable for any claim, damages
X# or other liability, whether in an action of contract, tort or otherwise,
X# arising from, out of or in connection with or dealings in the work.
X# This agreement shall be governed, in all respects, by Germanic laws with
X# Bad Godesberg (Bonn) as designated site of court.
X
XR=`mktemp` || exit 0
XS=`mktemp` || exit 0
XT=`mktemp` || exit 0
Xtrap 'rm -f $R $S $T ; exit 0' 0
X
Xecho "Received: by S/MIME submit 1.00 on `date`" >$R
Xcat >$T
Xed -s $T <<EOF
X1,/^$/-1W $R
X1,/^$/d
XW $S
Xq
XEOF
X
Xgrep -i '\(^Content-\)\|\(^MIME\)' $R >$T || \
X echo 'Content-Type: text/plain; charset=iso-8859-1' >$T
Xecho "" >>$T
Xcat $S >>$T
XQ=NO
XQP=""
Xgrep -i '^X-SMIME:' $R >$S && Q=OK
Xgrep -i OPAQ $S >/dev/null && QP="-nodetach"
Xgrep -i NO $S >/dev/null && Q=NO
Xgrep -iv '\(^Content-\)\|\(^MIME\)\|\(^X-SMIME:\)' $R >$S
X
Xcat $T >$R
Xif [ -n "$SMIMEPWD" ]; then
X export SMPW=`echo "$SMIMEPWD" | /usr/games/caesar 14`
X unset SMIMEPWD
X QP="$QP -passin env:SMPW"
Xfi
Xif [ "$Q" = OK ]; then
X openssl smime -sign -rc2-128 -signer ~/.ssh/mime.cer \
X -inkey ~/.ssh/mime.key $QP -in $T -out $R 2>~/.smime.log || Q=FAIL
X [ "$Q" = FAIL ] || rm -f ~/.smime.log
X unset SMPW
X unset QP
X echo "X-Autoconverted: to S/MIME status $Q" >>$S
Xfi
Xcat $S $R >$T
X
Xsendmail -oem -oi -t <$T
X
X# Documentation:
X# Set PINE up so it uses this script as its mail submission agent
X# (use sendmail-path=/usr/local/bin/pine.smime option in .pinerc)
X# Start PINE via the pine.smime.init script, it will ask you
X# for your password you protected your S/MIME key with.
X# The key and cert have to reside in ~/.ssh/mime.{key,cer}
X# Add "X-SMIME: NO" to your user-defined headers to ease later use.
X#
X# If you receive a S/MIME mail, do the following manually, because
X# there is no way to automate it in PINE:
X# press | (PIPE), set to RAW if not yet set (press ^W), set
X# the command to the following and execute:
X# openssl smime -verify
X# Note: "Verification Successful\n" can be anywhere in the viewer body
X# because it is put to stderr and pine is, err, slightly buggy.
X# So you should use the unverified part of the message, or, for opaquely
X# signed messages, s/Verification Successful\n// after saving.
X#
X# To send a signed mail, press ^R (Rich Headers) in Composer and change
X# "X-SMIME: No" to a value not containing "NO" or "OPAQ" (case-insensitive).
X# If you choose OPAQ, the clear-signing will be deactivated, i.e.
X# the message will only be visible to S/MIME capable clients.
END-of-pine.smime
echo x - pine.smime.init
sed 's/^X//' >pine.smime.init << 'END-of-pine.smime.init'
X#!/bin/sh -
X#
X# smime for PINE, Version 1.12
X# This is the askPass module.
X#
X# Copyright (c) 2002 Th.Glaser <ty...@netcologne.de> - All rights reserved.
X# Derived from material Copyright (c) 2002 OpenBSD, Theo de Raadt.
X# This notion shall be kept with any substantial copy, no matter what kind
X# of, out of the work, be it on paper, electromagnetic or dumped to brain.
X# Permission is hereby granted to any person obtaining a copy of this work
X# to deal in the work, without restrictions, including unlimited rights to
X# use, copy, modify, merge, publish, distribute, sublicense or sell copies
X# of the work, and to permit persons to whom the work is furnished to also
X# do so, as long as due credit is given to the original author and contri-
X# butors and the following disclaimer is kept at a prominent place, in all
X# copies or substantial portions of the work and accompanying documents:
X# This work is provided "AS IS", without warranty of any kind, neither ex-
X# press nor implied, including, but not limited to, the warranties of mer-
X# chantability, fitness for particular purposes and noninfringement. In NO
X# event shall the author and contributors be liable for any claim, damages
X# or other liability, whether in an action of contract, tort or otherwise,
X# arising from, out of or in connection with or dealings in the work.
X# This agreement shall be governed, in all respects, by Germanic laws with
X# Bad Godesberg (Bonn) as designated site of court.
X
Xecho -n 'Passphrase: '
Xstty -echo
Xset -o noglob
Xread SMIMEPW
Xset +o noglob
Xstty echo
Xexport SMIMEPWD=`echo "$SMIMEPW" | /usr/games/caesar 12`
Xexec ${1:-pine}
END-of-pine.smime.init
exit
--- snap

See you,
-Thorsten
end
--

Eduardo Chappa

unread,
Apr 22, 2002, 12:12:33 PM4/22/02
to
*** Thorsten Glaser (ty...@netcologne.de) wrote in comp.mail.pine on Apr 21,...:

:) I find myself having finished writing a couple of scripts which add
:) support for sending S/MIME signed eMails via PINE. Receiving support is
:) done via a | (pipe) filter, and news posting is not affected at all. I
:) have tested this on OpenBSD 3.1-current as of April 18th on the i386
:) platform using an older PINE 4.43, compiled on OpenBSD 3.0-current via
:) the ports system.

Have you taken a look at the "contrib/" directory in the source code of
Pine? There seems to be support of s/mime as far back as version 4.33,
through a patch included there. Maybe you can update the patch to newer
versions of Pine (provided that it works, which I haven't checked).

--
Eduardo
http://www.math.washington.edu/~chappa/pine/

jpd

unread,
Apr 22, 2002, 12:54:34 PM4/22/02
to
On Mon, 22 Apr 2002 16:46:20 +0000, Thorsten Glaser <ty...@netcologne.de> wrote:
[snip]
>
> I haven't, because the ports system of OpenBSD compiles my packages,
[snip]
> Patching is also a bit difficult in the automated process.

No, 'tis not.

Look in /usr/ports/mail/pine/patches, for example.


--
j p d (at) d s b (dot) t u d e l f t (dot) n l .

Eduardo Chappa

unread,
Apr 22, 2002, 1:17:29 PM4/22/02
to
*** Thorsten Glaser (ty...@netcologne.de) wrote in comp.mail.pine today:

:) >Have you taken a look at the "contrib/" directory in the source code
:) >of Pine? There seems to be support of s/mime as far back as version
:) >4.33, through a patch included there. Maybe you can update the patch
:) >to newer versions of Pine (provided that it works, which I haven't
:) >checked).
:)
:) I haven't, because the ports system of OpenBSD compiles my packages, so
:) I usually don't have to look through the sources any longer. Sometimes
:) I still do, though, but _this_ I never saw.

You may find a couple of useful things in the source code, so maybe it's
time for you to look at it.

:) Patching is also a bit difficult in the automated process.

it's probably one line in a script, but again, if you compiled by
yourself, you can read the instructions on how to build pine (with the
patch) by seeing the source code.

:) However, I found the diff via google, but I am too lazy to integrate
:) and re-compile (on a Pentium-75 reasonable...).

Being lazy? Hmm.. And you took the time to write a script? Hmm... and
write/copy (a very wordy) license? Hmm... doesn't sound right. It sounds
like you believe that using pipe is the right way to go, which is fine. My
question was if you had taken a look at the source code, which you already
answered.

When I first wrote a patch for building Pine in cygwin, each time I built
it, took me 1 hour, and I tested it several times (and that wasn't the
only problem!). I still believe that it doesn't have to do with being
lazy, but more on which method you believe in more.

:) And still, why patch pine when openssl smime is way more ripe and
:) better tested.

Finally, I think a patch is a good thing. Once tested enough it may become
part of the source code (assuming acceptance of it by the Pine team), and
if so, it may relieve you from installing third party software. Of course,
there may be some other issues with adding a patch, like licensing
problems, but still, a patch is not necessarily a bad thing, especially
when it works :).

--
Eduardo
http://www.math.washington.edu/~chappa/pine/

Reply all
Reply to author
Forward
0 new messages