[Mimedefang] PGP automation?

Paul Murphy Paul.Murphy at argentadiscovery.com
Fri Aug 3 04:53:07 EDT 2007 

Gary,

I did something similar to this in a previous position, using GnuPG to support inspection of PGP messages as they passed through MD.  The code checked that all messages to some domains were encrypted, that there were no plain text parts in the message, and that any encrypted message also included the corporate key so that we could recover the contents if required.

The MD server had a copy of the public keys for all staff, and the private key for the company.  The pass phrase for this is the weak link - it had to be coded into the MD filter, or read from a file.  The requirement was that anyone sending PGP messages had to have been authorised to do so, had to use the corporate key in addition to their own and recipient keys, and had to encrypt 100% of the message, since they had a habit of sending messages which said things like "See attached encrypted file, which shows details of how our new project X is going, and especially how our new product Y has great results".  Users, eh?  Gotta love em...

I also ran into some problems where occasionally messages would cause the GnuPG support modules to get a bit confused - the decrypt process would take 100% of the CPU, and fail to die even after the MD slave handling the message had timed out and been killed.  The sending system then retried the same message, with the same result, so even my 4-way server could be crippled by a single message which hit this bug.

There are at least 3 Perl modules which try to interface to PGP, so its up to you which to use - I used Mail::GPG because it had the facilities I wanted at the time, but things have moved on since then, and you'll probably want to re-examine them and use whatever seems most current/popular.   Especially as the version I used had the problem noted above with some messages.

Attached are fragments of my functions which handled this - I defined domains where encryption was mandatory (plus exceptions) in hashes, which were then referenced using the sender and recipient addresses or domains as keys.  If I was doing it again now, I'd probably implement this differently, but it worked.

The tricky bit is implementing a policy which works.  I had all sorts of exceptions to get around the bug mentioned above (e.g. .PGP files assumed to be encrypted since they caused the problem), plus because all messages had to be fully encrypted, how do you handle automatically-added disclaimers, null parts, or messages where the body is "see encrypted attachment", I had to jump through hoops to make sure that the filter still worked, and didn't block trivial cases.

For a case where you want seamless encryption "on the fly", the easiest approach is to use specific keys for each domain, and have the private key on the MD server.  The filter then detects that messages are to that domain, and then for each message part which is not a container (multipart/alternative for example - any part where the MIME entity has no body), you need to extract the contents, encrypt them, add them back to the message as a new part, and remove the original part.  In theory this is easy - in practice the modern versions of PGP instead support whole-message encryption (including attachments) which then builds a specific MIME structure, which you'd have to replicate.

Its an interesting project, but not one I'd like to undertake myself, having been through some of the pain of doing parts of it before...

Paul.
-- 

-------------------------------------------------------
Paul Murphy
Head of I.T.
Argenta Discovery
Tel. 01279 645 554
Fax. 01279 645 646



_______________________________________________________________________
Argenta Discovery Ltd, 8-9 Spire Green Centre, Harlow, Essex, CM19 5TR
Registered in England No. 3671653
_______________________________________________________________________ 

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: filter.txt
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20070803/f2def579/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: check_pgp.txt
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20070803/f2def579/attachment-0001.txt>

More information about the MIMEDefang mailing list