Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANTw=MMqLkMsjTitwA5aWi6N5fJdTmP8FfqV8LtgMQGrSd9XUQ@mail.gmail.com>
Date: Fri, 3 Feb 2012 23:20:35 -0500
From: Michael Gilbert <michael.s.gilbert@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: distros & linux-distros embargo period and message format

2012/2/3 Solar Designer:
> On Fri, Feb 03, 2012 at 10:00:24PM -0500, Michael Gilbert wrote:
>> On Fri, Feb 3, 2012 at 8:45 PM, Solar Designer wrote:
>> > Yet the delay itself matters too.  There are different opinions as to
>> > whether it is "the important aspect" or not.
>>
>> That's why I think its more appropriate to defer such decisions to the
>> researcher who understands the complexity of the problem at hand (of
>> course hopefully allowing negotiation with those affected to choose a
>> disclosure date that can be met).
>
> That's what we have now, right?
>
>> > [...] I need a tool - a program to mass-decrypt a
>> > PGP/MIME mbox, producing another mbox.  I think such a program might be
>> > generally useful.  Well, or alternatively I need to introduce a
>> > different mechanism for the archive - not treat it as a regular
>> > subscriber like I intended to.
>>
>> Completely unfleshed out, but a pseudo-bash script along the lines of
>> the following should do it:
>>
>>   echo "" > newmbox
>>   gpg-agent --allow-preset-passphrase
>>   /usr/lib/gnupg2/gpg-preset-passphrase --preset <cache id>
>>   cat mbox | while read line; do
>>       test <header> && echo $line >> /tmp/header
>>       test <body> && echo $line >> /tmp/body
>>       if [ <end off body> ]; then
>>           cat /tmp/header >> newmbox
>>           cat /tmp/body | gpg --decrypt >> newmbox
>>       fi
>>   done
>>   /usr/lib/gnupg2/gpg-preset-passphrase --forget
>>
>> Obviously a bit more work there to figure out appropriate conditionals
>> to put in the angle brackets.
>
> Unless I am missing something, this doesn't handle MIME at all - so it
> won't do the trick.

I was trying to keep it simple.  I got the impression that your
concern was potentially needing to enter a passphrase to individually
decrypt each message.  Anyway, just throw in the appropriate munpack
calls above to handle the mime parts.

Best wishes,
Mike

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.