PGP Signature Support for WinPack
---------------------------------

PLEASE NOTE - THIS SYSTEM IS NOT FOR USE IN THE UK! IT IS SUPPLIED
UNDER THE STRICT UNDERSTANDING THAT YOU SHOULD NOT ATTEMPT TO USE IT
ON THE UK NETWORK. PGP SIGNATURES ARE ILLEGAL ON PACKET IN THE UK!

The files in this package should enable you to both add PGP signatures
to messages sent from WinPack and also to check signatures on incoming
personal mail and bulletins.

First a disclaimer - I am unable to properly test these programs
because the UK Radiocommunications Agency has ruled that PGP
signatures on packet messages are illegal. I have done a small amount
of testing by sending messages to myself between two systems linked
via ethernet, but this is hardly a thorough test. (It is also very
boring!)

Requirements
------------
You need a copy of PGP 2.6 or similar. You need to understand it well
enough to be able to create yourself a key pair and to add other
people's public keys to your ring.

Installation
------------
Put !!PGPCHK.EXE in WINPACK\SERVERS\RECEIVE, if you want to check
signatures in bulls as well as in personal mail, put another copy in
WINPACK\SERVERS\BULLS.

Put ~~PGPSIG.EXE and PGPSIG.INI in WINPACK\SERVERS\SEND.

Make a directory WINPACK\PGP, put RUNPGP.BAT and RUNPGP.PIF in it.
Edit RUNPGP.BAT so that the path to PGP.EXE is correct. Do the same
with RUNPGP.PIF - use the Win 3.1 PIF editor, or right click and then
"Properties" in Win95.

In Use
------
All incoming messages are scanned for PGP "clear text" signatures. Any
messages that appear to contain a signature will have the signature
checked for validity and a report attached to the top of the message.
The signature is not removed from the message - this is a change to
how the original version of !!PGPCHK worked.

Signatures will be added to all outgoing messages, according to the
settings in PGPSIG.INI - YOU MUST edit this file, read the comments in
it, and set it up for your own use! DON'T use the defaults - they are
useless.

A signature cannot be added to a message until the message is about to
be forwarded. If it is added any earlier then the message may be
edited and the signature will become invalid. This means that you have
to be there when the messages are forwarded so you can input your pass
phrase. The alternative to this is to use the PGPPASS environment
variable to set the pass phrase - this is covered in the PGP docs.

7plus
-----
7plus is a problem - I cannot find a way of adding a signature with
ASCII transport armor whilst leaving the message text unaltered. PGP
decides the file isn't ASCII and converts it all to radix-64 armor.
Therefore the default is that no attempt is made to sign 7plus
messages. However, just because I can't work out how to do it doesn't
mean it is impossible! For anyone who wants to experiment, the PGP
flags can be changed by editing PGPSIG.INI and 7PLUS_SIGN can be
changed to "TRUE". If you work out how to do it - tell me!

Messages From Servers
---------------------
The default is that messages from servers are not signed. If you want
to sign them, edit PGPSIG.INI and change SIGN_SERVER_MESSAGES to
"TRUE".

Foreign Languages
-----------------
It is possible that the problem which occurs with 7plus messages being
converted to radix-64 armor may also occur with some non-English text
messages that contain extended ASCII characters. I welcome any
comments on this.


Roger Barker
G4IDE @ GB7IDE.#22.GBR.EU
roger@peaksys.demon.co.uk

21 June 96

