PGP implementation in the RIPE DB software

Fri Oct 28 17:49:59 CET 1994

Laurent,
This is great news!
      --Elise

>Laurent Joncheray writes:
> 
> 	I've ported PGP into the RIPE DB software has an authentification
> method for the maitainer stuff. Here is a summary of what i did so far.
> If you're interested in that work and want me to include my extention
> into the RIPE DB software please let me know. It's working and really
> easy to use.
> -- 
> Laurent
> 
> PS: all files available on request.
> 
> -----------------------------------------------------------------------------
> 
> 	PGP implementation in the RIPE software. Summary.
> 	lpj. 10/27/94
> 
> 	Authentication of the maintainer using pgp is defined by
> the 'auth' attribute. The value is 'PGP-FROM <pgp-user-id>'. Example:
> 
> mntner:    LPJ
> descr:     The Boss
> admin-c:   DK58
> tech-c:    MT2
> tech-c:    TB230
> upd-to:    lpj at merit.edu
> mnt-nfy:   lpj at merit.edu
> auth:      PGP-FROM lpj at merit.edu
> mnt-by:    LPJ
> changed:   lpj at merit.edu 941026
> 
> 	The user 'lpj at merit.edu' should have registered is pgp public
> key in the RR. He should signe all updated sent by mail to the RR with
> his secret key.
> 
> Implementation:
> 
> 	The mail is piped through two processes: 'pgp.pl' and 'dbupdate.
> 'dbupdate' is the RIPE tool to process updated from the mail. 'pgp.pl'
> is a perl script which checks the validity of the signature and
> 'unsignes' the mail. If the signature is ok pgp.pl add a new line in
> the mail header with the user ID of the pgp certifyed sender. It also
> add an error code. For example after processing by pgp.pl the mail looks
> like:
> 
> From: Laurent Joncheray <lpj at merit.edu>
> Subject: test 26
> To: lpj at fox.merit.edu
> Date: Thu, 27 Oct 1994 13:00:04 -0400 (EDT)
> X-pgp-signature: lpj at merit.edu
> X-pgp-error: 0
> 
> [...]
> 
> All the pgp envelop has been stripped. pgp.pl reads the signed mail from
> std in and writes the unsigned mail to std out. The dbupdate tool
> authenticates the maintainer by comparing the 'X-pgp-signature' line  with
> the PGP user ID provided in the auth attribute of the maintainer object.
> 
> How to generate a secret/public key
> 
> 	C.f. [PGP]. Sum up: use 'pgp -kg'
> 
> How to register a public key
> 
> 	C.f. [PGP]. Sum up: generate the public key from you key ring
> by using 'pgp -kxa <your-pgp-user-id> <file-where-to-store-the-key>'.
> Send <file-where-to-store-the-key> to the RR manager. 
> The RR call the user to check the public key (with the key's fingerprint)
> and certify it.
> 
> A.O.B
> 	The RR needs to agree on who owns the public keys (Here it's the
> user id under which dbupdate is run).
> 
> Files:
> 	src/syntax.pl: hacked version to support the PGP-FROM authentication
> 		method.
> 	src/maintainer.pl: hacked version to support the PGP-FROM
> 		authentication method.
> 	src/pgp.pl: the PGP mail filter.
> 	src/dbupdate.sh: a sh script which pipes the mail through pgp.pl
> 		and dbupdate[.pl]
> 	doc/ripe-120++.txt: modified version of ripe-120.txt with support of
> 		the PGP-FROM method
> 	README.PGP: this file
> 
> References:
> 
> 	[PGP]	MIT PGP 2.6.1, ftp://net-dist.mit.edu/pub/PGP/README :-)
> 
> 


-------- Logged at  Tue Nov 1 18:25:58 MET 1994  ---------