[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Winsock & PGP Integration



-----BEGIN PGP SIGNED MESSAGE-----

It has been a long discussed and desired feature for MS-Windows
users to be able to integrate PGP functionality into the various
Windows Sockets based mail and news readers.  After a discussion
with Raph and Pierre at the cypherpunks meeting this weekend, I
took a look at the paradigm that premail uses and gave some
thought to how this same concept could be applied in the Windows
environment.

On a Un*x machine, premail works by impersonating the mail
transfer agent and intercepting the flow of mail in each
direction, adding encryption, signing, and anonymous remail
services in a rather elegant fashion.  As the mail system under
Un*x (indeed, the entire OS) is designed to be a "piped and glued
together" batch of smaller utilities, premail's method works well
and is very 'unix-like'.

How to achieve the same under Windows with winsock based SLIP or
PPP access?  The various mail agents such as Eudora and Chameleon
are integrated packages that do everything from using SMTP and POP
for mail transfer to providing the user agent that reads and
writes mail. There really is no simple way to wedge into the
package and replace or supplement functionality.

Except one.  What all of these agents have in common is that they
interface with the Windows Sockets API to establish TCP streams
that are used in the POP and SMTP protocols.  Since these are well
known and standardized protocols, this gives us our toehold.

Picture this.  Using a replacement WINSOCK.DLL, we can intercept
those specific API calls that an application would use to open the
appropriate sockets and establish a TCP stream to a particular
remote socket.  For all other API calls, we hand these off to the
"real" WINSOCK.DLL (that we have renamed and loaded after our DLL
has loaded).  Our replacement DLL now has the ability to make the
mail application think it is talking to a remote SMTP or POP
process, when in fact, it is talking to our agent on the local
machine.  Our local agent spoofs the SMTP protocol, accepts the
mail, does all the neat crypto stuff, and stores the mail in an
outbound queue.  At whatever preprogrammed intervals, _our_ agent
makes the _real_ SMTP call to the remote and delivers the mail.

The reverse process would work as well.  Our local agent
periodically makes a POP call to the remote end, retrieves mail,
and stores it in an inbound queue. Again, we do all the neat
crypto stuff, and finally the next time Eudora or whatever mail
agent is in use makes its POP run, we spoof POP and deliver the
mail to the mail program.

A little thought on this and I realized that this could be a
generalized process.  Want to implement an anonymous remailer
under Windows?  Use this mechanism and replace "neat crypto stuff"
with "even neater anonymous remailing stuff."  Majordomo for
Windows?  No problem, same method. By intercepting the flow of
mail in each direction, there is no limit to the stuff you could
come up with.

Why bother fiddling with Windows anyway, when one has all the
beauty and power of Un*x at one's disposal (such as Linux)?  Well,
think about where the personal computing sector is going to grow
in about six months or so with the advent of Windows95.  Okay,
it's a great OS for what it is designed for, but it doesn't have
pipes or perl or twenty or thirty command line parameters for
every executable.  So what.  I garauntee that there will be more
laptops and desktop PC's with Windows95 than with any flavor of
Un*x.

If we are to promote and encourage, as well as make the tools for,
the use of strong crypto by the average Joe, then Windows is where
it is at.

I've just enough Windows programming experience to know that the
scheme I worked out above is feasible and would work well.  On the
other hand, I have no experience with Windows Sockets at the api
level, nor with any implementation of SMTP or POP (though I know
the protocols themselves well.)

Yep.  It would be cool to write a message in Chameleon (such as
this one), press the send button, and have a dialog box pop up
asking me if I wanted to sign, encrypt, or remail this message.
Or to have it done automatically for me.  And this would work with
existing mailers today.  Sheesh, somebody burst my bubble.

Comments, criticisms, suggestions, and especially financial
donations, are quite welcome :)

=======================================================================
Johnathan Corgan       "Violence is the last refuge of the incompetent"
[email protected]                       -Isaac Asimov
PGP Public Key:        http://www-swiss.ai.mit.edu/~bal/pks-toplev.html
Or send email to:      [email protected] Subj: GET jcorgan
=======================================================================

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBLu0w2k1Diok8GKihAQGdnQP8DiqQt3820dhKHY3dbXAZnl/11eEce4z+
/oFZMKVBHlCJAxCSucnK31dcyRbvXiOkAt9x9EMinXC26VWh3sETd+YbaJNznkx6
VmM1UNID2bQ+Xpcc4ANJQx6CgPrRxspr3reVeuFv7QLtKGMy5Mucl5mXGp829f6i
Gj7NMlhcu+s=
=rgyq
-----END PGP SIGNATURE-----