-----BEGIN PGP SIGNED MESSAGE----- Privtool Beta Release @(#)README.1ST 1.8 6/30/94 ----------------------------------------------------- Privtool is intended to be a PGP-aware replacement for the standard Sun Workstation mailtool program, with a similar user interface and automagick support for PGP-signing and PGP-encryption. Just to make things clear, I have written this program from scratch, it is *not* a modified mailtool (and I'd hope that the Sun program code is much cleaner than mine 8-) !). When the program starts up, it displays a list of messages in your mailbox, along with flags to indicate whether messages are signed or encrypted, and if they have had their signatures verified or have been decrypted. When you double click on a message, it will be decrypted (requesting your passphrase if neccesary), and/or will have the signature checked, and the decrypted message will be displayed in the top part of the display window, with signature information in the bottom part. The mail header is not displayed, but can be read by pressing the 'Header' button to display the header window. In addition, the program has support for encrypted mailing list feeds, and if the decrypted message includes another standard-format message it will replace the original message and be fed back into the display processing chain. When composing a message or replying to one, the compose window has several check-boxes, including one for signature, and one for encryption. If these are selected, then the message will be automatically encrypted and/or signed (requesting your passphrase when neccesary) before it is sent. Being an Beta release, there are a number of bugs and nonfeatures : Known Bugs : Message list scrollbar often set to stupid position when loading a mail file. When you save changes to the mail file, it throws away the signature verification and decrypted messages, so that the next time you view a message it has to be verified or decrypted again. 'New mail' indicator in icon does not go away if you open the window and close it again without reading any messages. Known Nonfeatures : Currently if you send encrypted mail to multiple recipients, all must have valid encrpytion keys otherwise you will have to send the message decrypted. Also, the message will be sent encrypted to all users, not just the one who is receiving each copy. 'Add Key' button is enabled and disabled as appropriate, but does not do anything ! A number of other buttons and menu items do not work either. Passphrase is stored in ASCII rather than MD5 form, making it easier for hackers to find if you're on a multi-user machine (of course, you shouldn't be, but many of us are). Kill-by-subject does not work. Ignores Reply-To: lines, and could probably do with an improved mail-reading algorithm. Only one display window, and only one compose window. Message List window code needs rewrite. Code should be more modular to assist with ports to Xt, Motif, Mac, Windows, etc. Not very well documented ! Encrypted messages are saved to mail files in encrypted form. There is currently no option to save messages in decrypted form. No current support for remailers and pseudonyms (this will be added for the final release). Not very well tested on Solaris 2.x. Privtool can be compiled to either use PGPTools, or to fork off a copy of PGP whenever it is needed. There are also a number of different security level options for the passphrase, varying from 'read it from PGPPASS and keep it in memory' to 'request it every time and delete it as soon as possible', via 'request it when neccesary and delete it if it's not used for a while'. See the README file for information on compiling the code, and the user.doc file for user documentation (the little that currently exists). You should also ensure that you read the security concerns section in user.doc before using the program. Mark Grant (mark@unicorn.com) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLhlnt6FlWzerDvH1AQFTSgP9FLNZ30tZyUHYoXJPHHULx8YP+cDsvt+p 4y9x5G+Ng8p8F1wtckNbKZohfWt3BZ28Mqu32hFlP0LECO4gvxXOSID8v16yFzlX ycw+rr0K7yMi8Hj1Cet7dRvP4+eX1Y74KSOiYZbMcocKdRVAf9xJ9wP6b78eQFVl 442JXYx6edI= =Ylvb -----END PGP SIGNATURE-----