SPY HILL Research Spy-Hill.net


Poughkeepsie, New York [DIR] [UP]

Using PGP (Pretty Good Privacy) with Pine


The Pine e-mail program can easily be configured to use PGP (Pretty Good Privacy), both for receiving PGP messages and for sending them. To use PGP with pine you need to make a one-time change to your .pinerc file, and you must have some simple filter scripts installed on your system.
[Receiving] [Sending] [Configuration]

Pine is a well-known e-mail program for Unix and Windows computers. It is relatively easy to use PGP (Pretty Good Privacy) with Pine to send and receive e-mail which is encrypted and/or digitally signed. A small amount of intial work is required to configure Pine and your computer to work with PGP (as described below).

The computer noether.vassar.edu at Vassar has already been configured to use PGP with pine.


Receiving

Once your system has been configured to use PGP with Pine (see below), you don't have to do anything out of the ordinary to read a PGP encrypted or signed message. Pine will automatically process the message through PGP. All you will have to do is enter your passphrase at the appropriate time if it is needed.

Sending

Once your system has been configured to use PGP with Pine (see below), it is relativly easy to send a message which is either digitally signed or encrypted to the recipient, using "sending filters".

As usualy, you press ^X to send your message. Pine will then present a menu allowing you to either send the message unfiltered or to select a sending filter. Select the "pgpsign" filter to sign but not encrypt the message, or select the "pgpencrypt" filter to encrypt (and sign) the message. Enter your passphrase as prompted, and the message is then sent.



Configuration

To use PGP with Pine you need to have several filter programs installed, and you need to modify your .pinerc file to tell Pine how to deal with PGP messages by using those filters. Here's what you need to do:
  1. Make sure the filter programs named here exist on your system. The filter programs are pgpkeyadd, pgpdecode, pgpencrypt, and pgpsign. If you don't have these programs you can copy them from
    ftp://noether.vassar.edu/pub/myers/src/pgp-filters/pgp-filters-1.8.tar.gz
    These can be installed anywhere as long as they are accesible and executable. For a system-wide installation you might put them in /usr/local/bin. For a personal installation you can put them in your own bin or .pgp directory.

    If you are using the ITD login service at Michigan then the filters may already be installed in /usr/um/pgp/contrib/. If you are using noether.vassar.edu they are already installed in /usr/local/bin.

  2. Edit your .pinerc file and add the following:
    # This variable takes a list of programs that message text is piped into
    # after MIME decoding, prior to display.
    display-filters=_BEGINNING("-----BEGIN PGP PUBLIC")_  /usr/local/bin/pgpkeyadd,
    	_BEGINNING("-----BEGIN PGP")_	/usr/local/bin/pgpdecode
    
    # This defines a program that message text is piped into before MIME
    # encoding, prior to sending
    sending-filters=/usr/local/bin/pgpsign,
    	/usr/local/bin/pgpencrypt _RECIPIENTS_
    
    If the display-filters= and sending-filters= lines already exist then you should replace them, or add to them. Note that they must begin in column 1, no indentation is allowed.

    Change the path to the filter scripts from /usr/local/bin to the path to wherever the filter scripts are kept on your system, such as /usr/um/pgp/contrib/ or /home/mavassar/.pgp. For best security you want to use the full path name here, not rely on a PATH which might get changed.



Last modified: 19 January 2005 Copyright © 2005 by Spy Hill Research http://spy-hill.net /help/PGPnPine.html