CryptorBundle-1.3
-----------------
This is the bundle which reenables NeXTMail-Encryption. It uses
PGP, one of the best encryption software which is available for
free.
CryptorBundle-1.3 comes as a fat bundle, compiled for m68k, intel,
sparc and hppa. It works ONLY on NeXTSTEP 3.2 and 3.3, later versions may
work or not. See the file 'CHANGES' about things that have changed
since the former version of the bundle.
Don't forget to read the FAQ before mailing me !!!
*** Note:
CryptorBundle does not contain a PGP executable. You MUST get
pgp (versions >= 2.6) from the ftp-archives and install it yourself.
***************************************************************************
0. Copyright
------------
The PGP program and documentation as included in the bundle is
Copyright Philip R. Zimmermann, 1990-1994. See the file 'pgpdoc2.txt'.
The bundle-software is copyrighted by Thomas Funke. You may distribute
and use it under license, included in the file
COPYING. You may not remove that file from the bundle and you may
not remove this README file.
1. Support
----------
This software comes without support, and without any warranty of
any kind. If you need support, contact the author, Thomas Funke:
thomas@gamelan.shnet.org.
But note: Support is available only for a small fee.
Bug reports are free and welcome :-)
2. Why CryptorBundle-1.3 ?
--------------------------
NeXT has prepared Mail.app with public key encryption software
since NS3.0. But because of US law, they were not allowed to export
encryption software. The infamous three-letter-companies would mind ....
Thus the standard Mail.app comes without encryption SW. Now you
can reenable this again, have NeXT's original GUI for public key
mail encryption: Browse through your public keys, add keys to your
key list just by drag and drop, send encrypted messages and decipher
encrypted messages (if you have the public key, of course ... ).
All this is done inside Mail.app: No services add-on necessary,
just the usual NeXT-way as NeXT has prepared it already.
3. How safe is it ?
-------------------
Well, probably much safer than NeXT has originally planned. The
algorithm used to encrypt is 'RSA', probably not hackable.
It uses the well known (free) PGP program, thus if you already
have PGP keys, you can still use them with the new bundle.
4. How does it work ?
---------------------
Well, you should read the included PGP-docs. You should also have
some idea 'what is public key encryption'. If you have a support
contract with me, I might explain all this stuff to you.
So I just describe how to use it under Mail.app:
4.1 Key generation
As key generation with PGP is much more complicate (and safe) than
what NeXT has originally planned, you still have to do this at the
command line. To generate your own private (and public) key, use the
command
pgp -kg
Be sure first that you have installed
everything as described later.
When pgp asks you for the User ID, you have to enter either your
mail-address (like user@foo.bar.edu) or, and this is preferred,
your name and mail-address in the following format:
Joe User <user@foo.bar.edu>
Of course you can still use any other user IDs you like, but that
makes later uses quite inconvenient.
When PGP asks you for your pass phrase, enter a pass phrase you
can remember but cannot be guessed easily. The pass phrase is like
a password: Without it you cannot decipher encrypted mails.
4.2 Browsing keys
Start Mail.app, click on 'Tools -> Encryption keys' or
Info->Encryption keys in Mail-3.3. You'll see
all (public) keys in your keyring. If you want to remove a key,
just select it and press the 'remove'-button. The key-browser shows
two (identical) text fields, which show the mail address of the
corresponding key (actually the user ID). The key-ID is not shown,
maybe I'll include this in a later version.
4.3 Adding (public) keys
Click 'Tools -> Encryption keys' in Mail.app.
If someone sends you his public key (unencrypted, of course), you
just drag it from the mail into the browser key field. If the key
(identified by it's key ID) is already there, nothing will happen,
otherwise it'll be added to the keyring.
If you want to add a pgp key from an ascii file to your keyring,
take care that the extension of the file is ".key", then just drag
the file from the workspace into the key field of the key browser.
4.4 Sending public keys to other people.
Open a mail compose window. Select NeXTMAIL. Click 'Tools ->
Encryption keys' and select the key you wish to send. Drag this
key into your compose window.
Now send the mail as usual.
If you want to save a key in an ascii file, just command-drag the
key into Edit.app - the ascii key will be in a Edit window which
you can save under another name for example.
4.5 Sending encrypted mails
Open a compose window. On the far right you'll see 2 small buttons
you didn't see on your standard Mail.app before: The upper button
switches mail encryption, the lower button is the 'Read receipt'
button (which has become smaller now).
Switch the upper button with the lock closed.
Type your mail as usual and finally send it.
Now there are 2 possibilities: If the address is in the keyring,
that key will be used. If not, a browser will open and you can
select which key to use. Because the mail-address and the key ID
should be corresponding (as described under 4.1), you'll usually
not see the browser, but everything will work automagically.
BUG WARNING: Reply addresses in Mail.app are always formed like
"To: Joe User <user@site.com>". Unfortunately, this would lead to
an error if you use encrytpion so you have to edit the address to
look like "user@site.com".
4.6 Decrypting mails
If someone sends you an encrypted mail, you'll see a small lock at
the mail browser. To read the mail, NeXT asks you "Please enter
your private key". Of course you'll not enter the key itself :-),
but enter your PGP pass phrase which you hopefully remember (see
4.1). If everything is OK, you'll see the decrypted mail, otherwise
you can try again.
5. Installation
---------------
*** Note Mail 3.3 ******************************************************
If you are running Mail-3.3, you don't need to perform 5.1. Just
copy the bundle to one of ~/Library/Mail, /LocalLibrary/Mail, /NextLibrary/Mail:
cp -pr cryptor.bundle /LocalLibrary/Mail
************************************************************************
*** Note Mail 3.2 ******************************************************
To install CryptorBundle-1.3, you must change a few files in
/NextApps/Mail.app. Remember: It will not work on NEXTSTEP versions
less than 3.2 !
5.1 Copy the directory 'cryptor.bundle' into /NextApps/Mail.app:
cp -pr cryptor.bundle /NextApps/Mail.app
Be sure to have the permissions to do this :-)
************************************************************************
5.3 Define the environment variable PGPPATH to be "~/.pgp". Don't forget
to include this in your .zshrc / .cshrc or whatever shell you use.
export PGPPATH=~/.pgp [for zsh users]
setenv PGPPATH ~/.pgp [for tcsh or csh users]
5.4 Create a directory '.pgp' in your home directory. This directory will
include all necessary PGP-Files.
Copy the included .pgp directory into your home dir:
cp -pr sample.pgp ~/.pgp
Finally copy the documentation there, too ! This is neccessary
to be able to generate keys !
cp doc/pgpdoc*.txt ~/.pgp
Now create a key pair for yourself.
Finally the pgp-directory should look like the following:
/thomas/.pgp> ls -al
total 16
drwxr-xr-x 2 thomas 1024 Apr 19 18:17 ./
drwxr-xr-x 26 thomas 2048 Apr 18 17:59 ../
-rw-r--r-- 1 thomas 3768 Feb 23 20:33 config.txt
-rw-r--r-- 1 thomas 3712 Feb 17 14:41 pgp.hlp
-rw------- 1 thomas 745 Apr 19 17:09 pubring.bak
-rw------- 1 thomas 643 Apr 19 17:11 pubring.pgp
-rw------- 1 thomas 24 Apr 19 18:17 randseed.bin
-rw------- 1 thomas 692 Feb 23 22:37 secring.bak
-rw------- 1 thomas 992 Apr 19 17:09 secring.pgp
You may edit config.txt for your needs.
But note: Don't change the line 'verbose = 0' !!!
5.8 [Optional] Install the man-page
-----------------------------------
Copy the man page from doc/pgp.1 to an appropriate place.
(usr/local/man/man1 for example).
5.9 New dwrite
--------------
Enter the following dwrite from a shell:
dwrite Mail Encrypt NO
This will keep the padlock open, thus not encrypting
mails as a default.
6. Using existing pgp-keys
--------------------------
If you have already pgp installed on your machine, you can use your
installation as before. Just create the ~/.pgp directory as mentioned
above and add symbolic links to your key-files (pubring.pgp,
secring.pgp, randseed.bin).
7. BUGS
-------
The installation is not really smooth. And if you did the installation
wrong, you might experience strange effects. But generally it should
not disturb your normal use of Mail.app [no warranty for this :-)]
If something goes wrong, you might consult the console-window from
workspace which might have any messages .
8. THANKS
---------
Thanks to Next Inc. for the interface for mail encryption.
Thanks to Philip R. Zimmermann for developing PGP.
Thanks to Ernst Kloecker <ernst@cs.tu-berlin.de> for being the
best beta-tester.
Thanks to Rene' Kulschewski <rene@prz.tu-berlin.de> for the 4-fat-compiles.
9. FTP-sites in the US
----------------------
Because CryptorBundle no longer contains PGP, it is *NOT* illegal
to put the bundle on a ftp-server.
These are the contents of the former NiCE NeXT User Group NeXTSTEP/OpenStep software archive, currently hosted by Netfuture.ch.