[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: why pgp sucks
Eric Hollander <[email protected]> writes:
>if i use a command like
> pgp filename
>it will automatically figure out the right thing to do with the file. if
>it's encrypted, and i have the key, it will attempt to decrypt it. if it
>contains keys, it will ask if i want to add them to my keyring. if it's
>signed, it checks the signature.
>this sucks!
>if i'm trying to write a program to automatically process incoming mail (for
>instance, to see if it's encrypted with a specific key), i certainly don't
>want to have the possibility of people being able to add garbage to my
>keyring just by mailing it to me.
In my remailer, I use: pgp -f < infile > outfile. This won't add keys.
If you capture standard error you can parse it (grep is probably good
enough) to see whether the message was signed, encrypted, had a bad
signature, had keys, etc.
Hal