Decrypting GPG/PGP email messages

1) What would you use to decrypt the messages? The GPG module created by
Andrew Kuchling is declared "incomplete" and "no more maintained" on his
web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
game.
I think I'd just run gpg as an external command. I've done that from
perl scripts and it's pretty simple.
Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
other module?
Oh hey, I didn't know about that, I'll have to look at it. I started
writing something similar a long time ago and got as far as being able
to decrypt straightforward messages, and have been meaning to get back
to it. But it's great if someone else is doing it more seriously.q
2) I did not find any mention of _encrypted attachments_ on the Net. Does
anybody know of a tutorial or a guide that explains how to encrypt (with
Thunderbird/Enigmail) and decrypt (with Python) the (ANSI text) files
attached to a email message?

I know you will shake you head sadly but... I really have to perform such
a suicidal task (even if for a short time and just for internal use).

I have to send by email (over the open internet) a XML file containing
_system commands_ (yes: the kind of stuff like "rm -dfr /") to a server
and have a Python program sitting on this server, fetching and parsing the
e-mail message and executing the commands (maybe with _root privileges_).

Of course, I want to be sure that only the allowed people is able to send
such dangerous messages to my server so I will ask my users to encrypt and
digitally sign their messages using Thunderbird, Enigmail and GPG as
described in this very fine tutorial:

http://goldenspud.com/webrog/archive...crypt-encrypt/

So far, so good, but I still have a couple of doubts about the server
side:

1) What would you use to decrypt the messages? The GPG module created by
Andrew Kuchling is declared "incomplete" and "no more maintained" on his
web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
other module?
What about using the command line program via os.pipeX("gpg...")?
I've done it this way when I needed to _create_ encrypted mail attachments
using python (you'll need different gpg options for decrypting):

pipe_in, pipe_out = os.popen2("/usr/bin/gpg -q -r KEYID -s"
"--passphrase-fd 0 --batch --no-tty -a -o - -e '%s'"
% path_to_temporary_file)
pipe_in.write("passphrase")
pipe_in.close()

# read encrypted file from pipe_out
pipe_out.close()

2) I did not find any mention of _encrypted attachments_ on the Net. Does
anybody know of a tutorial or a guide that explains how to encrypt (with
Thunderbird/Enigmail) and decrypt (with Python) the (ANSI text) files
attached to a email message?

AB> Of course, I want to be sure that only the allowed people is able to send
AB> such dangerous messages to my server so I will ask my users to encrypt and
AB> digitally sign their messages using Thunderbird, Enigmail and GPG ...
What benefit is there in encrypting the messages? It would only prevent
people intercepting the message from seeing what's inside, but it won't
give you any additional protection on the server.

And if somebody can intercept the messages there is a much bigger danger:
They could save the message and replay it later. You can't protect against
this with encryption (well, with encryption they won't know what they
are doing). Neither with a digital signature. Only checking timestamps,
keeping track of the messages received and/or a challenge/response system
will help in this case.
AB> 1) What would you use to decrypt the messages? The GPG module created by
AB> Andrew Kuchling is declared "incomplete" and "no more maintained" on his
AB> web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
AB> game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
AB> other module?

AB> Of course, I want to be sure that only the allowed people is able to send
AB> such dangerous messages to my server so I will ask my users to encrypt and
AB> digitally sign their messages using Thunderbird, Enigmail and GPG ...
What benefit is there in encrypting the messages? It would only prevent
people intercepting the message from seeing what's inside, but it won't
give you any additional protection on the server.

And if somebody can intercept the messages there is a much bigger danger:
They could save the message and replay it later. You can't protect against
this with encryption (well, with encryption they won't know what they
are doing). Neither with a digital signature. Only checking timestamps,
keeping track of the messages received and/or a challenge/response system
will help in this case.
AB> 1) What would you use to decrypt the messages? The GPG module created by
AB> Andrew Kuchling is declared "incomplete" and "no more maintained" on his
AB> web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
AB> game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
AB> other module?

AB> Of course, I want to be sure that only the allowed people is able to send
AB> such dangerous messages to my server so I will ask my users to encrypt and
AB> digitally sign their messages using Thunderbird, Enigmail and GPG ...
What benefit is there in encrypting the messages? It would only prevent
people intercepting the message from seeing what's inside, but it won't
give you any additional protection on the server.

And if somebody can intercept the messages there is a much bigger danger:
They could save the message and replay it later. You can't protect against
this with encryption (well, with encryption they won't know what they
are doing). Neither with a digital signature. Only checking timestamps,
keeping track of the messages received and/or a challenge/response system
will help in this case.
AB> 1) What would you use to decrypt the messages? The GPG module created by
AB> Andrew Kuchling is declared "incomplete" and "no more maintained" on his
AB> web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
AB> game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
AB> other module?

PR> PGP/GPG have their own base64 encoding called "ascii armor" in PGP
PR> lingo. This stuff predates widespread use of MIME and traditionally,
PR> PGP messages are sent as ascii armored plain text, not attachments.

>> Alessandro Bottoni <al****************@infinito.it> (AB) wrote:

AB> Of course, I want to be sure that only the allowed people is
AB> able to send such dangerous messages to my server so I will ask
AB> my users to encrypt and digitally sign their messages using
AB> Thunderbird, Enigmail and GPG ...

What benefit is there in encrypting the messages? It would only
prevent people intercepting the message from seeing what's inside, but
it won't give you any additional protection on the server.
Whenever a message contains sensitive information, it is a good idea to
crypt it. Humans, and not only computers, may be harmful! :-) There
are cases where information may not leak, when it vehicles private
information about people. Companies also have industrial secrets. The
mere fact that two people are communicating is often a secret in itself.
And if somebody can intercept the messages there is a much bigger danger:
They could save the message and replay it later. You can't protect against
this with encryption (well, with encryption they won't know what they
are doing). Neither with a digital signature.

FP> Protection against replay is easily guaranteed by sequencing requests,
FP> that is, including a sequence number within the message, each originator
FP> his sequence. A digital signature prevents someone from tampering with
FP> the sequence number without being detected.

What benefit is there in encrypting the messages? It would only prevent
people intercepting the message from seeing what's inside, but it won't
give you any additional protection on the server.
You are right. Bad guys can still try to send garbage to my system and, with
some luck, can mess everything up. After reading your message I decided to
add some more control over what the remote user can do and how he can reach
the server:
- a list of allowed users (based on e-mail identity plus OTP, see below)
- a list of allowed commands (still with root-level ones, I'm afraid)
- chroot for the most dangerous commands, when possible
It is still dangerous but, frankly, I could not do any better.
And if somebody can intercept the messages there is a much bigger danger:
They could save the message and replay it later. You can't protect against
this with encryption (well, with encryption they won't know what they
are doing). Neither with a digital signature. Only checking timestamps,
keeping track of the messages received and/or a challenge/response system
will help in this case.
You are right again. As a consequence, I decided to add a one-time-password
to the encrypted message, in order to be sure of the sender identity and of
the uniqueness of the message (the OTP works as a sequence item identifier,
as well).

I'm going to use my own implementation of OTP because the existing mechanism
are devoted to protect the remote login channel and cannot be easily
adapted to my weird e-mail-based mechanism. Anyway, I'm going to use a
(encrypted) very long pseudo-random alpha-numeric sequence as a OTP so it
should be quite safe.
If you only sign, it will be sufficient, but there is a more complete one
(including decryption) in
http://trac.t7a.org/isconf/file/trun.../isconf/GPG.py

I'm going to use my own implementation of OTP because the existing
mechanism are devoted to protect the remote login channel and cannot
be easily adapted to my weird e-mail-based mechanism. Anyway, I'm
going to use a (encrypted) very long pseudo-random alpha-numeric
sequence as a OTP so it should be quite safe.