[E-privacy] (no subject)
Anonymous
remailer at remailer.xganon.com
Fri Aug 17 14:04:53 CEST 2001
Ciao a tutti,
cercano aiuto!
From: Cassandra of Troy <Use-Author-Address-Header@[127.1]>
Newsgroups: alt.privacy.anon-server
Subject: "bashful": a UNIX shell script for nym configuration
Date: Mon, 14 Aug 2001 07:27:13 -0000
Hi all,
I posted yesterday or so about my fledgling project tentatively called
"bashful": a set of shell scripts and accompanying data files which
eventually aim to automate nym configuration messages. I think the
portability factor (every UNIX has bash or a compatible shell, and has
or can easily get the text utilities needed) might make this a worthy
idea. I should have admitted that I do not know enough about bash
scripting to be able to make a reasonable determination in that regard
(my code speaks for itself, and surely looks amateurish.)
I would be happy to see someone come out with an implementation of
this in perl or python. My main hope is to see a working UNIX nym
client made available. I put a copyright notice in my previous post,
but if someone else improves on this I will happily transfer my claim
to the copyright. (Besides, it's not easy for an anonymous or
pseudonymous person to try to enforce a copyright. :)
Note that I am learning this, both the bash and the GNU text utilities
parts, as I go along. Please, if you know bash scripting, don't laugh
at my ineptitude -- help me out instead. At least you have to admit
that I'm trying to fill a void here.
With all that said, I spent a day tearing out hair, upgrading this
mess quite a bit. I've added in some new functionality. You still have
to manually designate your remailers and edit your data files, but the
encrypt-key (and decryption script) generation has been added in. The
PGP version strings are now replaced with "N/A".
Where do I need help?
1. Cleaning up the code. I may not be aware of proper usage of the
utilities I have chosen, or of other commonly available (GNU)
tools which might do the job better. Similarly, my scripting
technique is very poor. It could use more loops and better
utilization of resources (like a single sed process where I put
in two.) HELP!! ( Cassie != coder )
2. Adding functionality. This thing should present a menu for
selection of remailers, complete with statistics and remailer
capabilities. Some options should be configured from a config
file (.bashfulrc or whatever) instead of using string values
built in to the script or to the 0, 1, 2 and 3 data files. It
needs variable Nym-Command capabilities, multiple reply-blocks,
varied probability reply-blocks, varied-length remailer chains
in reply-blocks, and more. While I'm sure I can eventually
learn how to do all this, the community will have a more useful
tool sooner if someone with experience can help out (or even
take over the project.)
3. Set up some Web space. Nothing fancy. I don't mind doing the
HTML, but I can't pseudonymously maintain a site. What would be
cool would be some procmail recipes such that I e-mail files to
you with appropriate headers, and your procmail runs a script
which uploads the files to the server. I think I can do the
procmail part of it.
4. Related projects. It would be nice to duplicate most of the
functionality of JBN2, but that doesn't fit with the UNIX
philosophy of "one tool, one job". We don't really need a SMTP
client nor a stats retriever, but it would be nice to be
automate things like preparing outgoing messages (selecting
remailer chains, encrypting, formatting for the MTA.) A script
to retrieve and automatically process "remailer-key" and other
similar messages (as opposed to getting stats and keys from a
centralized authority, which is a weak spot in JBN) would be a
good idea. What I hope to see is a backend-system which would
work behind any standard MUA and MTA/LDA, providing a seamless
interface to sending nym mail and managing accounts.
5. New ideas? Cassie's brain is old, and some of the neural
synapses don't snap like they used to. :)
I know there is a need and a growing demand for this ... see posts
<kx1e7.402585$lq1.84528225 at typhoon.austin.rr.com> and
<qz1e7.402589$lq1.84530710 at typhoon.austin.rr.com> which just came in a
short while ago. UNIX gives us the power to do spectacular things on
our own, but why should we all have to reinvent the wheel?
So don't be bashful, folks. Step up and volunteer in the best spirit
of the free software community. Let's see if we can win some GNU/Linux
converts out of the JBN and QS crowds! :)
Bashfully yours,
Cassie
user "unknown" at the redneck nymserver (gacracker dot org)
* * *
-----Attachments
Note: many of the "FIXME" notes have been removed, but not necessarily
because the issues were resolved. I'm not going to restate everything
I wrote above in comments in the scripts.
-----Attachment 1 of 7, the "bashful" script:
#!/bin/sh
### "bashful" master script for nym commands - 2001/08/10
### preliminary version, still with fixed remailers
### major rewrites 2001/08/13 -- generates encrypt-keys, writes a
### script which will be called by the decrypt script to set
### encrypt-key variables, and replaces version string with "N/A".
### Copyright (c) 2001, Cassandra of Troy
### Intended for eventual release under the GNU General Public License
###
### Note: there are more FIXMEs than the few I have noted. But this
### system already works, just a little awkward right now.
###
###
# variables
#
#PATH=$HOME/bin:$PATH
PGPR="/usr/bin/pgp +batchmode +force +pubring=$HOME/.pgp/remring.pgp -eat"
PGPN="/usr/bin/pgp +force -u Troy -seat"
### FIXME: These six variables do two jobs. How can I consolidate them
### into just two variables?
EE="echo -e"
XX="\n**\n"
ekg="dd if=/dev/urandom bs=1 count=32"
uu="uuencode -m -"
ct="cut -c2-23"
t2="tail -2"
h1="head -1"
### FIXME: How do I feed strings containing "/" characters in a sed
### script? No matter how I quote it, sed barfs. It thinks I'm
### terminating my replacement pattern and passing unrecognized
### options after it.
## ugly hack to strip "/" characters from encrypt-key strings
tr="tr / Z"
# redneck
export nym="config at redneck.gacracker.org" #0x5613305D
### FIXME: How do I loop these into one command? I tried a "for NUM in
### [0-3] ..." loop, but that didn't work.
export ek0=`$ekg | $uu | $ct | $t2 | $h1 | $tr`
# first (may be a middleman)
export rem1="mixmaster at somewhere"
export ek1=`$ekg | $uu | $ct | $t2 | $h1 | $tr`
# second (may be a middleman)
export rem2="remailer at somewhere.else"
export ek2=`$ekg | $uu | $ct | $t2 | $h1 | $tr`
# third (should not be a middleman)
export rem3="another at anonymous"
export ek3=`$ekg | $uu | $ct | $t2 | $h1 | $tr`
#
###
### now write the decrypt script
#
# variables
NOW=`date +%y%m%d%H%M`
EKF=${HOME}/bin/${NOW}.ekf
#
# create and write the script
touch $EKF
chmod 700 $EKF
echo `head -1 $0` >> $EKF
echo "### nym decrypt keys generated on `date`" >> $EKF
echo "ek3=\"$ek3\"" >> $EKF
echo "ek2=\"$ek2\"" >> $EKF
echo "ek1=\"$ek1\"" >> $EKF
echo "ek0=\"$ek0\"" >> $EKF
echo "FILE=\"$1\"" >> $EKF
echo "export ek3 ek2 ek1 ek0 FILE" >> $EKF
### Note: the "DEC" script does the actual work; it remains static.
echo "\$HOME/bin/DEC" >> $EKF
#
###
## show variables for troubleshooting
#echo ek3=$ek3
#echo ek2=$ek2
#echo ek1=$ek1
#echo ek0=$ek0
## experimented with this
#echo "Enter secret key passphrase for \
#`head -2 0 | grep From | cut -f2 -d" "`@`echo $nym | cut -f2 -d@`:"
#read PGPPASS
###
# Building reply-block
#
# start at the bottom, work up
# File "3", final remailing headers
# put in the encrypt-key and asterisks ...
sed s/ek3/"$ek3"/ 3 > 3.tmp
##cat 3.tmp && read ?"3.tmp"
# ... and encrypt to rem3
$PGPR -o 3.asc 3.tmp $rem3
sed s/"2.6.2"/"N\/A"/ 3.asc > 3.na
# File "2", in the middle, the plot thickens; ugly with the double seds:
### FIXME: How the hell do you get sed to make another pass over the
### same data?
sed s/rem3/$rem3/ 2 | sed s/ek2/"$ek2"/ > 2.tmp
# add on the previous PGP output, **, then encrypt it
cat 3.na >> 2.tmp
$EE $XX >> 2.tmp
##cat 2.tmp && read ?"2.tmp"
$PGPR -o 2.asc 2.tmp $rem2
sed s/"2.6.2"/"N\/A"/ 2.asc > 2.na
# File "1", the first remailer
sed s/rem2/$rem2/ 1 | sed s/ek1/"$ek1"/ > 1.tmp
# add on the previous PGP output, **, then encrypt it
cat 2.na >> 1.tmp
$EE $XX >> 1.tmp
##cat 1.tmp && read ?"1.tmp"
$PGPR -o 1.asc 1.tmp $rem1
sed s/"2.6.3ia"/"N\/A"/ 1.asc > 1.na
# File "0", the nym command
sed s/rem1/$rem1/ 0 | sed s/ek0/"$ek0"/ > 0.tmp
# add on the previous PGP output, **, then sign and encrypt it
cat 1.na >> 0.tmp
$EE $XX >> 0.tmp
##cat 0.tmp && read ?"0.tmp"
#
###
###
# finishing the nym configuration message
#
## Experimented with this:
## set and export variables for asymetric key encryption
#PGPPASSFD=0
#export PGPPASS PGPPASSFD
$PGPN -o nym.asc 0.tmp $nym
sed s/"2.6.3ia"/"N\/A"/ nym.asc > nym.na
echo "\"nym.na\" is the file to mail to $nym"
### FIXME: When everything works reliably we'll want to clean up the
### temporary files used. For now, it's nice to be able to refer
### to them and check how things went.
-----end attachment 1
-----Attachment 2 of 7, data file "0" used by the script (contains the
nym server headers and commands)
Config:
From: unknown
Nym-Commands: +acksend name="Cassandra of Troy"
Reply-Block:
::
Anon-To: rem1
Encrypt-Key: ek0
::
Encrypted: PGP
-----end attachment 2
FIXME: we need to make the nym account name configurable by menu or rc
file, and give a menu of Nym-Commands. Also need a section to
extract and insert a public key for a new account or change of
key. Also, we should support multiple reply-blocks and
variable probabilities.
-----Attachment 3 of 7, data file "1" (contains commands for the first
remailer in the chain)
::
Anon-To: rem2
Latent-Time: +2:00r
Encrypt-Key: ek1
::
Encrypted: PGP
-----end attachment 3
FIXME: Latent-Times and other commands need to be configurable.
-----Attachment 4 of 7, data file "2" (contains commands for the
second remailer in the chain)
::
Anon-To: rem3
Latent-Time: +3:00r
Encrypt-Key: ek2
::
Encrypted: PGP
-----end attachment 4
-----Attachment 5 of 7, data file "3" (contains commands for the final
remailer in the chain) Slight change: added the asterisks in
here, instead of using the script to write them to 3.tmp.
::
Anon-To: me at my-email-address
Latent-Time: +4:00r
Encrypt-Key: ek3
**
-----end attachment 5
-----Attachment 6 of 7, the decryption script $HOME/bin/DEC
#!/bin/sh
### nym mail decryption script - 2001/08/11
### enhanced 2001/08/13 -- encrypt-key variables from other script[s]
#usage
#if $FILE="" do
# echo "Usage: $0 filename\n filename will be replaced with decrypted nym message"
# exit 1
#fi
# first get PGP passphrase
echo "Enter PGP secret key passphrase:"
read PGPPASS
export PGPPASS
# other variables
export PGPPASSFD=0
PGP="/usr/bin/pgp +batchmode +force -o TMP.pgp"
#PGPrsa="/usr/bin/pgp +batchmode +force +pubring=/var/spool/mix/pubring.pgp -o TMP.pgp"
#OUCH="echo \"PGP error, aborting\" ; exit 2"
###
# New dynamic encrypt-key section
#
for EK in $ek3 $ek2 $ek1 $ek0
### FIXME: The exit code from PGP didn't work. I'd like to put in some
### simple error handling, but how?
do echo $EK | $PGP $FILE #|| echo "aborted" ; continue
# echo "paused - Enter to continue"
# read junk
cp TMP.pgp $FILE
done
#
###
###
# secret key decryption
#
echo $PGPPASS | $PGP $FILE
# || echo "PGP error, aborting" ; exit 2
mv TMP.pgp $FILE
#
###
echo "\"$FILE\" is the decrypted nym message now."
-----end attachment 6
-----Attachment 7 of 7: a sample autogenerated script "0108131600.ekf"
#!/bin/sh
### nym decrypt keys generated on Mon Aug 13 16:00:00 GMT 2001
ek3="oOUCc0NmQP5xkUmxZrb4Zw"
ek2="tOfIkRJRTX4Ncdwb9BFXK4"
ek1="eHvd9ksySX3XsOSr3ApQKs"
ek0="CDSxwtG3lSYVjwjZbqhG+C"
FILE="$1"
export ek3 ek2 ek1 ek0 FILE
$HOME/bin/DEC
-----end attachment 7
More information about the E-privacy
mailing list