<<< Date Index >>>     <<< Thread Index >>>

Re: mutt and plaintext passwords : muttrc encryption ?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday, July 28 at 09:29 PM, quoth Michael Kjorling:
> I haven't tried it, but I can't get it out of my head... wouldn't 
> sourcing through a pipe something that sets the sensitive stuff 
> work?
>
> Something like this:
>
> source "gpg -d sensitivestuff.gpg |"

No. That can't work (but we can salvage this idea). First, let me 
explain why it can't work.

Think about it: what does the "source" command tell mutt to do? It 
tells mutt "read the file with the following name". Even in situations  
where ending an item in a pipe means something to mutt, it means "use 
the output of this command in place of this variable whenever you need 
it". This is useful for doing things such as "set 
signature='fortune|'". That is very similar to "set 
signature=`fortune`", with the ONLY difference being that in the first 
case (with the pipe), mutt runs the command every time it needs the 
value of $signature whereas (in the case of backtics) mutt runs it 
only when reading the muttrc file.

With that in mind, re-examine the idea of using "source". Does it make 
sense to say "use the output of this command whenever you need the 
value of ... source?".

What you're looking for is something like the equivalent of an "eval" 
command, instead of "source" (if you've done much shell scripting, 
you'll understand the difference), because that's the usual name of a 
command meaning "treat the following string as a set of commands, and 
execute/evaluate the commands". Unfortunately, mutt doesn't have an 
"eval" equivalent---largely because mutt's rc file is not a scripting 
language (and probably never will be), even though it sometimes seems 
like it is.

That said, there is something to be said for your idea. Check this 
out: what you CAN do is get mutt to use a named pipe. Like so (I'm 
separating the commands to keep my lines short; you can combine most 
of these):

     set my_mkfifo=`mkfifo -m 600 ~/.muttfifo`
     set my_decryptit=`gpg --decrypt ~/.mutt.gpg -o ~/.muttfifo`
     source ~/.muttfifo
     set my_cleanup=`rm ~/.muttfifo`

Eh? Eh? Nice, no? ;)

Come to think of it, we could do the same thing with all my temp-file 
ideas. And we can even handle MTAs this way:

     # this is all one line:
     set sendmail="rm -f ~/.msmtprc; mkfifo -m 600 ~/.msmtprc; gpg
     --decrypt ~/.msmtprc.gpg -o ~/.msmtprc; msmtp"

~Kyle
- -- 
Genius may have its limitations but stupidity is not thus handicapped.
                                                      -- Elbert Hubbard
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!

iEYEARECAAYFAkiOP5gACgkQBkIOoMqOI15G2gCfVPc/1UAVZyVrt3G826OBusVh
NV8AoPQGMirMA1YP6etWragGUXrDNryD
=MOIv
-----END PGP SIGNATURE-----