解密GPG / PGP电子邮件 [英] Decrypting GPG/PGP email messages
问题描述
我知道你会伤心地摇头,但是......我真的必须执行这样的自杀任务(即使是短时间内仅供内部使用)。
我必须通过电子邮件(通过开放的互联网)发送一个包含
_system commands_的XML文件(是的:像rm -dfr /这样的东西。 )到服务器和
有一个Python程序坐在这个服务器上,获取和解析
电子邮件并执行命令(可能带有_root权限_)。 br />
当然,我想确保只有被允许的人能够将这样的危险消息发送到我的服务器,所以我会要求我的用户加密并且
使用Thunderbird,Enigmail和GPG对他们的消息进行数字签名,因为这个非常精细的教程中描述了
:
http://goldenspud.com/webrog/archive...crypt-encrypt/
到目前为止,这么好,但我仍然对服务器端有一些疑问:
1)你会用什么来解密这些消息?由
Andrew Kuchling创建的GPG模块被宣布为不完整。和不再保持在他的
网页上( http:// www .amk.ca / python / code / gpg )所以我认为它不属于
游戏。你会使用OpenPGP( http://www.aonalu.net/openpgp/python)? 任何
其他模块?
2我没有在网上找到任何关于_encrypted attachments_的提及。
是否有人知道有关如何加密(使用
Thunderbird / Enigmail)和解密(使用Python)(ANSI文本)文件的教程或指南
附在电子邮件上?
TIA
----------------- ------------------
Alessandro Bottoni
亚历山德罗Bottoni< al **************** @ infinito.it>写道:1)你会用什么来解密这些消息?由Andrew Kuchling创建的GPG模块被宣布为不完整。和不再保持在他的
网页上( http://www.amk.ca / python / code / gpg )所以我认为它不属于
游戏。
我想我只是将gpg作为外部命令运行。我已经用
perl脚本完成了这个,而且非常简单。
你会使用OpenPGP( http://www.aonalu.net/openpgp/python)? 任何
其他模块?
哦,嘿,我不知道,我必须看看它。我很久以前开始写一些类似的东西,并且能够解密直截了当的消息,并且已经意味着要回来了
到它。但是,如果其他人更认真地做这件事,那就太棒了。我想要在网上找到_encrypted attachments_。有没有人知道一个教程或指南,解释如何加密(使用Thunderbird / Enigmail)和解密(使用Python)附加到电子邮件消息的(ANSI文本)文件?
PGP / GPG有自己的base64编码,名为ascii armor。在PGP
lingo。这种东西早于广泛使用MIME,传统上,
PGP消息作为ascii装甲纯文本发送,而不是附件。
你只需发送消息,如:
来自:alice
收件人:bob
主题:加密信息
- ---开始PGP消息-----
版本:GnuPG v1.2.1(GNU / Linux)
jA0EAwMC + QyBtnf2kVxgyUgkWXDwnHHu6GR8xYJ4GuorEo8t9B HfExmcwCyUok / z
wZsmoCCdulYjLnAjgU0WZRhe7woCrgy14pzc7PSOhqRPEG1IFJ qeZuM =
= 5l / P
----- END PGP MESSAGE -----
注意完全没有mime头和分隔符。就邮件代理而言,消息只是文本。
我不确定Thunderbird / Enigmail插件是如何工作的。
< posted&邮寄>
Alessandro Bottoni写道:
我知道你会伤心地摇头,但是......我真的必须这样做一个自杀任务(即使是短时间内仅供内部使用)。
我必须通过电子邮件(通过开放的互联网)发送包含
_system commands_的XML文件(是的:像服务器rm -dfr /这样的东西,并且有一个Python程序坐在这个服务器上,获取和解析
电子邮件并执行命令(也许有_root privileges_)。
当然,我想确保只有被允许的人能够将这样危险的消息发送到我的服务器,所以我会要求我的用户加密和
使用Thunderbird,Enigmail和GPG对其消息进行数字签名,如本非常精细的教程所述:
http://goldenspud.c om / webrog / archive ... crypt-encrypt /
到目前为止,这么好,但我仍然对服务器方面有一些疑问:
1)你会用什么来解密这些消息?由Andrew Kuchling创建的GPG模块被宣布为不完整。和不再保持在他的
网页上( http://www.amk.ca / python / code / gpg )所以我认为它不属于
游戏。你会使用OpenPGP( http://www.aonalu.net/openpgp/python)? 任何
其他模块?
如何通过os.pipeX(gpg ...)使用命令行程序?
我这样做了当我需要_create_加密邮件附件
使用python(你需要不同的gpg选项进行解密):
pipe_in,pipe_out = os.popen2 (" / usr / bin / gpg -q -r KEYID -s"
" - passphrase-fd 0 --batch --no-tty -a -o - -e'' %s''"
%path_to_temporary_file)
pipe_in.write(" passphrase")
pipe_in.close()
#从pipe_out读取加密文件
pipe_out.close()
2)我没有发现_encrypted的任何提及网上附件_有没有人知道一个教程或指南,解释如何加密(使用Thunderbird / Enigmail)和解密(使用Python)附加到电子邮件消息的(ANSI文本)文件?
我无法帮助你使用Thunderbird。在最坏的情况下,你必须手动加密你的命令文件,并将加密版本附加到你的邮件。
KMail确实有加密/签名的复选框单独附件......
-
Benjamin Niemann
电子邮件:粉红色at odahoda dot de
WWW: http://www.odahoda.de/
>>>>> Alessandro Bottoni< al **************** @ infinito.it> (AB)写道:
AB>当然,我想确保只有被允许的人才能发送
AB>这样的危险消息到我的服务器,所以我会要求我的用户加密和
AB>使用Thunderbird,Enigmail和GPG对他们的消息进行数字签名...
加密消息有什么好处?它只会阻止人们拦截消息,看看里面有什么,但是它不会给你带来任何额外的保护。
如果有人可以拦截这些消息,则存在更大的危险:
他们可以保存消息并在以后重播。你不能用加密来防止这种情况(好吧,加密他们不知道他们在b $ b做了什么)。没有数字签名。只检查时间戳,
跟踪收到的消息和/或质询/响应系统
将有助于这种情况。
AB> 1)你会用什么来解密消息?由
AB>创建的GPG模块。 Andrew Kuchling被宣布为不完整。和不再保持在他的
AB>网页( http://www.amk.ca/python/code/gpg )所以我认为它不属于
AB>游戏。你会使用OpenPGP( http://www.aonalu.net/openpgp/python)? 任何
AB>其他模块?
如果你只签名,那就足够了,但是有一个更完整的一个
(包括解密)在
http:// trac .t7a.org / isconf / file / trun ... / isconf / GPG.py
-
Piet van Oostrum< pi**@cs.uu.nl>
网址: http://www.cs.uu.nl/~piet [PGP 8DAE142BE17999C4]
私人电子邮件: pi**@vanoostrum.org
I know you will shake you head sadly but... I really have to perform such a
suicidal task (even if for a short time and just for internal use).
I have to send by email (over the open internet) a XML file containing
_system commands_ (yes: the kind of stuff like "rm -dfr /") to a server and
have a Python program sitting on this server, fetching and parsing the
e-mail message and executing the commands (maybe with _root privileges_).
Of course, I want to be sure that only the allowed people is able to send
such dangerous messages to my server so I will ask my users to encrypt and
digitally sign their messages using Thunderbird, Enigmail and GPG as
described in this very fine tutorial:
http://goldenspud.com/webrog/archive...crypt-encrypt/
So far, so good, but I still have a couple of doubts about the server side:
1) What would you use to decrypt the messages? The GPG module created by
Andrew Kuchling is declared "incomplete" and "no more maintained" on his
web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
other module?
2) I did not find any mention of _encrypted attachments_ on the Net. Does
anybody know of a tutorial or a guide that explains how to encrypt (with
Thunderbird/Enigmail) and decrypt (with Python) the (ANSI text) files
attached to a email message?
TIA
-----------------------------------
Alessandro Bottoni
Alessandro Bottoni <al****************@infinito.it> writes:1) What would you use to decrypt the messages? The GPG module created by
Andrew Kuchling is declared "incomplete" and "no more maintained" on his
web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
game.
I think I''d just run gpg as an external command. I''ve done that from
perl scripts and it''s pretty simple.
Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
other module?
Oh hey, I didn''t know about that, I''ll have to look at it. I started
writing something similar a long time ago and got as far as being able
to decrypt straightforward messages, and have been meaning to get back
to it. But it''s great if someone else is doing it more seriously.q
2) I did not find any mention of _encrypted attachments_ on the Net. Does
anybody know of a tutorial or a guide that explains how to encrypt (with
Thunderbird/Enigmail) and decrypt (with Python) the (ANSI text) files
attached to a email message?
PGP/GPG have their own base64 encoding called "ascii armor" in PGP
lingo. This stuff predates widespread use of MIME and traditionally,
PGP messages are sent as ascii armored plain text, not attachments.
You''d just send messages like:
From: alice
To: bob
Subject: encrypted message
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.1 (GNU/Linux)
jA0EAwMC+QyBtnf2kVxgyUgkWXDwnHHu6GR8xYJ4GuorEo8t9B HfExmcwCyUok/z
wZsmoCCdulYjLnAjgU0WZRhe7woCrgy14pzc7PSOhqRPEG1IFJ qeZuM=
=5l/P
-----END PGP MESSAGE-----
Note the complete absence of mime headers and separators. As far as
the mail agents are concerned, the message is just text.
I''m not sure how the Thunderbird/Enigmail plugins work.
<posted & mailed>
Alessandro Bottoni wrote:
I know you will shake you head sadly but... I really have to perform such
a suicidal task (even if for a short time and just for internal use).
I have to send by email (over the open internet) a XML file containing
_system commands_ (yes: the kind of stuff like "rm -dfr /") to a server
and have a Python program sitting on this server, fetching and parsing the
e-mail message and executing the commands (maybe with _root privileges_).
Of course, I want to be sure that only the allowed people is able to send
such dangerous messages to my server so I will ask my users to encrypt and
digitally sign their messages using Thunderbird, Enigmail and GPG as
described in this very fine tutorial:
http://goldenspud.com/webrog/archive...crypt-encrypt/
So far, so good, but I still have a couple of doubts about the server
side:
1) What would you use to decrypt the messages? The GPG module created by
Andrew Kuchling is declared "incomplete" and "no more maintained" on his
web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
other module?
What about using the command line program via os.pipeX("gpg...")?
I''ve done it this way when I needed to _create_ encrypted mail attachments
using python (you''ll need different gpg options for decrypting):
pipe_in, pipe_out = os.popen2("/usr/bin/gpg -q -r KEYID -s"
"--passphrase-fd 0 --batch --no-tty -a -o - -e ''%s''"
% path_to_temporary_file)
pipe_in.write("passphrase")
pipe_in.close()
# read encrypted file from pipe_out
pipe_out.close()
2) I did not find any mention of _encrypted attachments_ on the Net. Does
anybody know of a tutorial or a guide that explains how to encrypt (with
Thunderbird/Enigmail) and decrypt (with Python) the (ANSI text) files
attached to a email message?
I can''t help you with Thunderbird. In the worst case, you''ll have to encrypt
your command file manually and attach the encrypted version to your mail.
KMail does have checkboxes for encrypt/sign every attachment separately...
--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://www.odahoda.de/
>>>>> Alessandro Bottoni <al****************@infinito.it> (AB) wrote:
AB> Of course, I want to be sure that only the allowed people is able to send
AB> such dangerous messages to my server so I will ask my users to encrypt and
AB> digitally sign their messages using Thunderbird, Enigmail and GPG ...
What benefit is there in encrypting the messages? It would only prevent
people intercepting the message from seeing what''s inside, but it won''t
give you any additional protection on the server.
And if somebody can intercept the messages there is a much bigger danger:
They could save the message and replay it later. You can''t protect against
this with encryption (well, with encryption they won''t know what they
are doing). Neither with a digital signature. Only checking timestamps,
keeping track of the messages received and/or a challenge/response system
will help in this case.
AB> 1) What would you use to decrypt the messages? The GPG module created by
AB> Andrew Kuchling is declared "incomplete" and "no more maintained" on his
AB> web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
AB> game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
AB> other module?
If you only sign, it will be sufficient, but there is a more complete one
(including decryption) in
http://trac.t7a.org/isconf/file/trun.../isconf/GPG.py
--
Piet van Oostrum <pi**@cs.uu.nl>
URL: http://www.cs.uu.nl/~piet [PGP 8DAE142BE17999C4]
Private email: pi**@vanoostrum.org
这篇关于解密GPG / PGP电子邮件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
