upgpverify: email signature handler
verifies a PGP signed or encrypted and signed message
on stdin, checks the user id or key id against a database, if wanted,
and starts another program, providing the payload of the PGP message
on an own file descriptor.
upgpverify is designed to work under qmail. It can handle MIME
and non-MIME (traditional PGP format) messages. It handles
base64 and quoted-printable.
upgpverify also sets a few environment variables containing
various header of the incoming email.
Supported PGP / GPG versions:
- GPG 1.0.4 (earlier version are possibly okay, too, but have
not been tested).
- PGP 2.6.x (tested with 2.6.3is)
- PGP 5.0i (tested with some 5.0i1b version)
upgprules is used to compile rules for upgpverify.
Rules, if used, may allow or deny access for certain keys, and also
set environment variables.
Many more changes may be found in the ChangeLog file in the
source distribution. This list only includes user visible changes
and changes done in reaction to user input:
0.3.3 - 2001-04-13
- 0.3.8 - 2001-10-02
- added a --max-len option to restrict the size of the
- 0.3.6,0.3.7 - 2001-09-11
- work around "make check" problems with pgp5 and gpg (1.05+)
- 0.3.5 - 2001-09-02
- switched to new packaging system.
- fixed a bug where there payload of the message may have been
printed without a separating empty line before it.
- 0.3.4 - 2001-04-25
- upgpverify mistreated messages without an empty line before the
boundary ending the payload.
- output change: the message on $MESSAGE_FD is prefixed by 0 or
more MIME headers, followed by an empty line.
0.3.2 - 2001-02-23
- upgpverify can now also deal with signed news articles with
x-pgp-sig header field. See the description of the
--allow-x-pgp-sig and --require-x-pgp-sig options.
- added --allow-is-default option, changing the default of the
rule file handling to allow access if no matching key is in
the rule file (it has to be in the key ring, of course).
0.3.1 - 2001-02-13
- allow input to be read from a pipe
- stop gpg from automatically downloading public keys from a
key server (use the --allow-key-retrieve if you need this).