INSTALLATION:
Obtain a copy of the pgp50i-b8 source code from a distribution
archive. The patches contained in the pgp50Diffs.patch file will
work "out of the box" only with this version.
Installation of NXPGP50 proceeds in two segments. First,
installing NXPGP.app, and then installing pgp50.
To install NXPGP50.app using the binary distribution:
o Drag it to /LocalApps or ~/Apps.
If the Workspace warns that links exist, click the Repeat
and "New Link" buttons.
If installing NXPGP50 from the sources, change directories
to the NXPGP50/source directory and perform a make:
o cd NXPGP50/source
o gnumake
o Drag NXPGP50.app to /LocalApps or ~/Apps
[ Be sure to use 'gnumake' rather than just 'make' above ]
To install pgp50i-b8 from the archives perform these steps:
o gunzip -c pgp50i-b8.tar.gz | tar xvf -
Now copy the pgp50Diffs.patch file from the NXPGP50 directory
to the pgp50i-b8 directory:
o cp NXPGP50/pgp50Diffs.patch pgp50i-b8/src
Continue patching and compiling the source code:
o cd pgp50i-b8/src
o configure
o patch < pgp50Diffs.patch
o make
PGP should compile to completion with only warnings. I
haven't fully investigated whether these warnings are bad
in the sense that any of them break the pgp algorithms or
impede security. I know that pgp seems to work correctly -
it generates keys, it encrypts, decrypts and does all the
things you expect pgp to do with no errors (yet).
Now, continue installing with these steps:
o make install
[ The make process may die during the installation of the
pgp man pages. I have not tracked down or fixed this
problem. It is not critical to the proper operation
of pgp ]
We need to make three links of pgp to the NXPGP50.app
directory:
o ln -s /usr/local/bin/pgp /LocalApps/NXPGP50.app/pgpe
o ln -s /usr/local/bin/pgp /LocalApps/NXPGP50.app/pgpv
o ln -s /usr/local/bin/pgp /LocalApps/NXPGP50.app/pgps
Now reboot your machine. Soon after you reboot, the services
generator will notice the addition of NXPGP50, and add the
NXPGP services button to your Services Menu. With these
services, you can encrypt or decrypt selections from programs,
and encrypt or decrypt file and directory selections from the
WorkSpace.
Support for key maintenance through the Services menu is not
included in this version.
NOTES:
NXPGP will not work properly with an unpatched copy of
PGP version 5.0. In its present form, PGP 5.0 will prompt
users for input from the keyboard when errors occur, even
if the +batchmode and +force flags have been set. Since
NXPGP is running PGP as a filter, a prompt for keyboard
input will cause NXPGP to sit and spin. The pgp50Diffs.patch
file includes patches which change the behavior of PGP
under these circumstances to simply abort with an error
message which is subsequently displayed in the Status
Panel of NXPGP.
A few comments about the security of NXPGP. Since NXPGP
is running PGP as a filter, it passes your secret passphrase
to PGP as a command line argument using "-z passphrase" option.
From a security standpoint, this is disastrous on a multi-
user machine. Anyone else logged into the machine can
pick up your passphrase by using a "ps -aux" command.
It is highly recommended NOT to use NXPGP on a machine
with more than one person logged in (this will no longer
be a concern when the PGP API stabilizes, and PGP can be
integrated into NXPGP in a way that the passphrase will
not appear on a command line anywhere).
Your secret passphrase also appears in NSTextFields as
undisplayable text for the duration of the encryption
process. As soon as encryption is finished, any fields
containing the passphrase are cleared. During operation,
the passphrase is moved from the TextFields into internal
memory and stored in an NSString as a component of an
NSMutableArray to be passed to PGP in the argument list.
It is possible for these memory pages to be swapped out
and stored in the swapfile on the disk. It's not clear
to me how long the passphrase would be easily accessible
on the disk after such an operation. There may be a
way to lock memory pages down and keep them from being
swapped. If someone knows how to do this, please email
me at the address below with advice on how this could
be accomplished.
For me, NXPGP is a useful tool. I'm the only person
who uses my computer, and I use PGP primarily as an
envelope to shield my mail from prying eyes in-transit.
NXPGP is not for everyone. But for those who need
"light" security NXPGP can be very convenient.
As always, I appreciate any suggestions for improvements
or additional features.
- Howard Cole
edx@cc.usu.edu
These are the contents of the former NiCE NeXT User Group NeXTSTEP/OpenStep software archive, currently hosted by Netfuture.ch.