Mercurial > emacs
comparison man/pgg.texi @ 56927:55fd4f77387a after-merge-gnus-5_10
Revision: miles@gnu.org--gnu-2004/emacs--cvs-trunk--0--patch-523
Merge from emacs--gnus--5.10, gnus--rel--5.10
Patches applied:
* miles@gnu.org--gnu-2004/emacs--gnus--5.10--base-0
tag of miles@gnu.org--gnu-2004/emacs--cvs-trunk--0--patch-464
* miles@gnu.org--gnu-2004/emacs--gnus--5.10--patch-1
Import from CVS branch gnus-5_10-branch
* miles@gnu.org--gnu-2004/emacs--gnus--5.10--patch-2
Merge from lorentey@elte.hu--2004/emacs--multi-tty--0, emacs--cvs-trunk--0
* miles@gnu.org--gnu-2004/emacs--gnus--5.10--patch-3
Merge from gnus--rel--5.10
* miles@gnu.org--gnu-2004/emacs--gnus--5.10--patch-4
Merge from gnus--rel--5.10
* miles@gnu.org--gnu-2004/gnus--rel--5.10--patch-18
Update from CVS
* miles@gnu.org--gnu-2004/gnus--rel--5.10--patch-19
Remove autoconf-generated files from archive
* miles@gnu.org--gnu-2004/gnus--rel--5.10--patch-20
Update from CVS
| author | Miles Bader <miles@gnu.org> |
|---|---|
| date | Sat, 04 Sep 2004 13:13:48 +0000 |
| parents | |
| children | c5e16264557d |
comparison
equal
deleted
inserted
replaced
| 56926:f8e248e9a717 | 56927:55fd4f77387a |
|---|---|
| 1 \input texinfo @c -*-texinfo-*- | |
| 2 | |
| 3 @setfilename ../info/pgg | |
| 4 | |
| 5 @set VERSION 0.1 | |
| 6 | |
| 7 | |
| 8 @copying | |
| 9 This file describes the PGG. | |
| 10 | |
| 11 Copyright (C) 2003 Free Software Foundation, Inc. | |
| 12 Copyright (C) 2001 Daiki Ueno. | |
| 13 | |
| 14 @quotation | |
| 15 Permission is granted to copy, distribute and/or modify this document | |
| 16 under the terms of the GNU Free Documentation License, Version 1.1 or | |
| 17 any later version published by the Free Software Foundation; with no | |
| 18 Invariant Sections, with no Front-Cover Texts, and with no Back-Cover | |
| 19 Texts. A copy of the license is included in the section entitled ``GNU | |
| 20 Free Documentation License''. | |
| 21 @end quotation | |
| 22 @end copying | |
| 23 | |
| 24 @dircategory Emacs | |
| 25 @direntry | |
| 26 * PGG: (pgg). Emacs interface to various PGP implementations. | |
| 27 @end direntry | |
| 28 | |
| 29 @settitle PGG @value{VERSION} | |
| 30 | |
| 31 | |
| 32 @titlepage | |
| 33 @title PGG | |
| 34 | |
| 35 @author by Daiki Ueno | |
| 36 @page | |
| 37 | |
| 38 @vskip 0pt plus 1filll | |
| 39 @insertcopying | |
| 40 @end titlepage | |
| 41 @page | |
| 42 | |
| 43 @node Top | |
| 44 @top PGG | |
| 45 This manual describes PGG. PGG is an interface library between Emacs | |
| 46 and various tools for secure communication. PGG also provides a simple | |
| 47 user interface to encrypt, decrypt, sign, and verify MIME messages. | |
| 48 | |
| 49 @menu | |
| 50 * Overview:: What PGG is. | |
| 51 * Prerequisites:: Complicated stuff you may have to do. | |
| 52 * How to use:: Getting started quickly. | |
| 53 * Architecture:: | |
| 54 * Parsing OpenPGP packets:: | |
| 55 * Function Index:: | |
| 56 * Variable Index:: | |
| 57 @end menu | |
| 58 | |
| 59 @node Overview | |
| 60 @chapter Overview | |
| 61 | |
| 62 PGG is an interface library between Emacs and various tools for secure | |
| 63 communication. Even though Mailcrypt has similar feature, it does not | |
| 64 deal with detached PGP messages, normally used in PGP/MIME | |
| 65 infrastructure. This was the main reason why I wrote the new library. | |
| 66 | |
| 67 PGP/MIME is an application of MIME Object Security Services (RFC1848). | |
| 68 The standard is documented in RFC2015. | |
| 69 | |
| 70 @node Prerequisites | |
| 71 @chapter Prerequisites | |
| 72 | |
| 73 PGG requires at least one implementation of privacy guard system. | |
| 74 This document assumes that you have already obtained and installed them | |
| 75 and that you are familiar with its basic functions. | |
| 76 | |
| 77 By default, PGG uses GnuPG, but Pretty Good Privacy version 2 or version | |
| 78 5 are also supported. If you are new to such a system, I recommend that | |
| 79 you should look over the GNU Privacy Handbook (GPH) which is available | |
| 80 at @uref{http://www.gnupg.org/gph/}. | |
| 81 | |
| 82 @node How to use | |
| 83 @chapter How to use | |
| 84 | |
| 85 The toplevel interface of this library is quite simple, and only | |
| 86 intended to use with public-key cryptographic operation. | |
| 87 | |
| 88 To use PGG, evaluate following expression at the beginning of your | |
| 89 application program. | |
| 90 | |
| 91 @lisp | |
| 92 (require 'pgg) | |
| 93 @end lisp | |
| 94 | |
| 95 If you want to check existence of pgg.el at runtime, instead you can | |
| 96 list autoload setting for desired functions as follows. | |
| 97 | |
| 98 @lisp | |
| 99 (autoload 'pgg-encrypt-region "pgg" | |
| 100 "Encrypt the current region." t) | |
| 101 (autoload 'pgg-decrypt-region "pgg" | |
| 102 "Decrypt the current region." t) | |
| 103 (autoload 'pgg-sign-region "pgg" | |
| 104 "Sign the current region." t) | |
| 105 (autoload 'pgg-verify-region "pgg" | |
| 106 "Verify the current region." t) | |
| 107 (autoload 'pgg-insert-key "pgg" | |
| 108 "Insert the ASCII armored public key." t) | |
| 109 (autoload 'pgg-snarf-keys-region "pgg" | |
| 110 "Import public keys in the current region." t) | |
| 111 @end lisp | |
| 112 | |
| 113 @menu | |
| 114 * User Commands:: | |
| 115 * Selecting an implementation:: | |
| 116 * Caching passphrase:: | |
| 117 * Default user identity:: | |
| 118 @end menu | |
| 119 | |
| 120 @node User Commands | |
| 121 @section User Commands | |
| 122 | |
| 123 At this time you can use some cryptographic commands. The behavior of | |
| 124 these commands relies on a fashion of invocation because they are also | |
| 125 intended to be used as library functions. In case you don't have the | |
| 126 signer's public key, for example, the function @code{pgg-verify-region} | |
| 127 fails immediately, but if the function had been called interactively, it | |
| 128 would ask you to retrieve the signer's public key from the server. | |
| 129 | |
| 130 @deffn Command pgg-encrypt-region start end recipients &optional sign | |
| 131 Encrypt the current region between @var{start} and @var{end} for | |
| 132 @var{recipients}. When the function were called interactively, you | |
| 133 would be asked about the recipients. | |
| 134 | |
| 135 If encryption is successful, it replaces the current region contents (in | |
| 136 the accessible portion) with the resulting data. | |
| 137 | |
| 138 If optional argument @var{sign} is non-nil, the function is request to | |
| 139 do a combined sign and encrypt. This currently only work with GnuPG. | |
| 140 @end deffn | |
| 141 | |
| 142 @deffn Command pgg-decrypt-region start end | |
| 143 Decrypt the current region between @var{start} and @var{end}. If | |
| 144 decryption is successful, it replaces the current region contents (in | |
| 145 the accessible portion) with the resulting data. | |
| 146 @end deffn | |
| 147 | |
| 148 @deffn Command pgg-sign-region start end &optional cleartext | |
| 149 Make the signature from text between @var{start} and @var{end}. If the | |
| 150 optional third argument @var{cleartext} is non-@code{nil}, or the | |
| 151 function is called interactively, it does not create a detached | |
| 152 signature. In such a case, it replaces the current region contents (in | |
| 153 the accessible portion) with the resulting data. | |
| 154 @end deffn | |
| 155 | |
| 156 @deffn Command pgg-verify-region start end &optional signature fetch | |
| 157 Verify the current region between @var{start} and @var{end}. If the | |
| 158 optional third argument @var{signature} is non-@code{nil}, or the function | |
| 159 is called interactively, it is treated as the detached signature of the | |
| 160 current region. | |
| 161 | |
| 162 If the optional 4th argument @var{fetch} is non-@code{nil}, or the | |
| 163 function is called interactively, we attempt to fetch the signer's | |
| 164 public key from the key server. | |
| 165 @end deffn | |
| 166 | |
| 167 @deffn Command pgg-insert-key | |
| 168 Retrieve the user's public key and insert it as ASCII-armored format. | |
| 169 @end deffn | |
| 170 | |
| 171 @deffn Command pgg-snarf-keys-region start end | |
| 172 Collect public keys in the current region between @var{start} and | |
| 173 @var{end}, and add them into the user's keyring. | |
| 174 @end deffn | |
| 175 | |
| 176 @node Selecting an implementation | |
| 177 @section Selecting an implementation | |
| 178 | |
| 179 Since PGP has a long history and there are a number of PGP | |
| 180 implementations available today, the function which each one has differs | |
| 181 considerably. For example, if you are using GnuPG, you know you can | |
| 182 select cipher algorithm from 3DES, CAST5, BLOWFISH, and so on, but on | |
| 183 the other hand the version 2 of PGP only supports IDEA. | |
| 184 | |
| 185 By default, if the variable @code{pgg-scheme} is not set, PGG searches the | |
| 186 registered scheme for an implementation of the requested service | |
| 187 associated with the named algorithm. If there are no match, PGG uses | |
| 188 @code{pgg-default-scheme}. In other words, there are two options to | |
| 189 control which command is used to process the incoming PGP armors. One | |
| 190 is for encrypting and signing, the other is for decrypting and | |
| 191 verifying. | |
| 192 | |
| 193 @defvar pgg-scheme | |
| 194 Force specify the scheme of PGP implementation for decrypting and verifying. | |
| 195 The value can be @code{gpg}, @code{pgp}, and @code{pgp5}. | |
| 196 @end defvar | |
| 197 | |
| 198 @defvar pgg-default-scheme | |
| 199 Force specify the scheme of PGP implementation for encrypting and signing. | |
| 200 The value can be @code{gpg}, @code{pgp}, and @code{pgp5}. | |
| 201 @end defvar | |
| 202 | |
| 203 @node Caching passphrase | |
| 204 @section Caching passphrase | |
| 205 | |
| 206 PGG provides a simple passphrase caching mechanism. If you want to | |
| 207 arrange the interaction, set the variable @code{pgg-read-passphrase}. | |
| 208 | |
| 209 @defvar pgg-cache-passphrase | |
| 210 If non-@code{nil}, store passphrases. The default value of this | |
| 211 variable is @code{t}. If you were worry about security issue, however, | |
| 212 you could stop caching with setting it @code{nil}. | |
| 213 @end defvar | |
| 214 | |
| 215 @defvar pgg-passphrase-cache-expiry | |
| 216 Elapsed time for expiration in seconds. | |
| 217 @end defvar | |
| 218 | |
| 219 @node Default user identity | |
| 220 @section Default user identity | |
| 221 | |
| 222 The PGP implementation is usually able to select the proper key to use | |
| 223 for signing and decryption, but if you have more than one key, you may | |
| 224 need to specify the key id to use. | |
| 225 | |
| 226 @defvar pgg-default-user-id | |
| 227 User ID of your default identity. It defaults to the value returned | |
| 228 by @samp{(user-login-name)}. You can customize this variable. | |
| 229 @end defvar | |
| 230 | |
| 231 @defvar pgg-gpg-user-id | |
| 232 User ID of the GnuPG default identity. It defaults to @samp{nil}. | |
| 233 This overrides @samp{pgg-default-user-id}. You can customize this | |
| 234 variable. | |
| 235 @end defvar | |
| 236 | |
| 237 @defvar pgg-pgp-user-id | |
| 238 User ID of the PGP 2.x/6.x default identity. It defaults to | |
| 239 @samp{nil}. This overrides @samp{pgg-default-user-id}. You can | |
| 240 customize this variable. | |
| 241 @end defvar | |
| 242 | |
| 243 @defvar pgg-pgp5-user-id | |
| 244 User ID of the PGP 5.x default identity. It defaults to @samp{nil}. | |
| 245 This overrides @samp{pgg-default-user-id}. You can customize this | |
| 246 variable. | |
| 247 @end defvar | |
| 248 | |
| 249 @node Architecture | |
| 250 @chapter Architecture | |
| 251 | |
| 252 PGG introduces the notion of a "scheme of PGP implementation" (used | |
| 253 interchangeably with "scheme" in this document). This term refers to a | |
| 254 singleton object wrapped with the luna object system. | |
| 255 | |
| 256 Since PGG was designed for accessing and developing PGP functionality, | |
| 257 the architecture had to be designed not just for interoperability but | |
| 258 also for extensiblity. In this chapter we explore the architecture | |
| 259 while finding out how to write the PGG backend. | |
| 260 | |
| 261 @menu | |
| 262 * Initializing:: | |
| 263 * Backend methods:: | |
| 264 * Getting output:: | |
| 265 @end menu | |
| 266 | |
| 267 @node Initializing | |
| 268 @section Initializing | |
| 269 | |
| 270 A scheme must be initialized before it is used. | |
| 271 It had better guarantee to keep only one instance of a scheme. | |
| 272 | |
| 273 The following code is snipped out of @file{pgg-gpg.el}. Once an | |
| 274 instance of @code{pgg-gpg} scheme is initialized, it's stored to the | |
| 275 variable @code{pgg-scheme-gpg-instance} and will be reused from now on. | |
| 276 | |
| 277 @lisp | |
| 278 (defvar pgg-scheme-gpg-instance nil) | |
| 279 | |
| 280 (defun pgg-make-scheme-gpg () | |
| 281 (or pgg-scheme-gpg-instance | |
| 282 (setq pgg-scheme-gpg-instance | |
| 283 (luna-make-entity 'pgg-scheme-gpg)))) | |
| 284 @end lisp | |
| 285 | |
| 286 The name of the function must follow the | |
| 287 regulation---@code{pgg-make-scheme-} follows the backend name. | |
| 288 | |
| 289 @node Backend methods | |
| 290 @section Backend methods | |
| 291 | |
| 292 In each backend, these methods must be present. The output of these | |
| 293 methods is stored in special buffers (@ref{Getting output}), so that | |
| 294 these methods must tell the status of the execution. | |
| 295 | |
| 296 @deffn Method pgg-scheme-lookup-key scheme string &optional type | |
| 297 Return keys associated with @var{string}. If the optional third | |
| 298 argument @var{type} is non-@code{nil}, it searches from the secret | |
| 299 keyrings. | |
| 300 @end deffn | |
| 301 | |
| 302 @deffn Method pgg-scheme-encrypt-region scheme start end recipients &optional sign | |
| 303 Encrypt the current region between @var{start} and @var{end} for | |
| 304 @var{recipients}. If @var{sign} is non-nil, do a combined sign and | |
| 305 encrypt. If encryption is successful, it returns @code{t}, otherwise | |
| 306 @code{nil}. | |
| 307 @end deffn | |
| 308 | |
| 309 @deffn Method pgg-scheme-decrypt-region scheme start end | |
| 310 Decrypt the current region between @var{start} and @var{end}. If | |
| 311 decryption is successful, it returns @code{t}, otherwise @code{nil}. | |
| 312 @end deffn | |
| 313 | |
| 314 @deffn Method pgg-scheme-sign-region scheme start end &optional cleartext | |
| 315 Make the signature from text between @var{start} and @var{end}. If the | |
| 316 optional third argument @var{cleartext} is non-@code{nil}, it does not | |
| 317 create a detached signature. If signing is successful, it returns | |
| 318 @code{t}, otherwise @code{nil}. | |
| 319 @end deffn | |
| 320 | |
| 321 @deffn Method pgg-scheme-verify-region scheme start end &optional signature | |
| 322 Verify the current region between @var{start} and @var{end}. If the | |
| 323 optional third argument @var{signature} is non-@code{nil}, it is treated | |
| 324 as the detached signature of the current region. If the signature is | |
| 325 successfully verified, it returns @code{t}, otherwise @code{nil}. | |
| 326 @end deffn | |
| 327 | |
| 328 @deffn Method pgg-scheme-insert-key scheme | |
| 329 Retrieve the user's public key and insert it as ASCII-armored format. | |
| 330 On success, it returns @code{t}, otherwise @code{nil}. | |
| 331 @end deffn | |
| 332 | |
| 333 @deffn Method pgg-scheme-snarf-keys-region scheme start end | |
| 334 Collect public keys in the current region between @var{start} and | |
| 335 @var{end}, and add them into the user's keyring. | |
| 336 On success, it returns @code{t}, otherwise @code{nil}. | |
| 337 @end deffn | |
| 338 | |
| 339 @node Getting output | |
| 340 @section Getting output | |
| 341 | |
| 342 The output of the backend methods (@ref{Backend methods}) is stored in | |
| 343 special buffers, so that these methods must tell the status of the | |
| 344 execution. | |
| 345 | |
| 346 @defvar pgg-errors-buffer | |
| 347 The standard error output of the execution of the PGP command is stored | |
| 348 here. | |
| 349 @end defvar | |
| 350 | |
| 351 @defvar pgg-output-buffer | |
| 352 The standard output of the execution of the PGP command is stored here. | |
| 353 @end defvar | |
| 354 | |
| 355 @defvar pgg-status-buffer | |
| 356 The rest of status information of the execution of the PGP command is | |
| 357 stored here. | |
| 358 @end defvar | |
| 359 | |
| 360 @node Parsing OpenPGP packets | |
| 361 @chapter Parsing OpenPGP packets | |
| 362 | |
| 363 The format of OpenPGP messages is maintained in order to publish all | |
| 364 necessary information needed to develop interoperable applications. | |
| 365 The standard is documented in RFC 2440. | |
| 366 | |
| 367 PGG has its own parser for the OpenPGP packets. | |
| 368 | |
| 369 @defun pgg-parse-armor string | |
| 370 List the sequence of packets in @var{string}. | |
| 371 @end defun | |
| 372 | |
| 373 @defun pgg-parse-armor-region start end | |
| 374 List the sequence of packets in the current region between @var{start} | |
| 375 and @var{end}. | |
| 376 @end defun | |
| 377 | |
| 378 @defvar pgg-ignore-packet-checksum | |
| 379 If non-@code{nil}, don't check the checksum of the packets. | |
| 380 @end defvar | |
| 381 | |
| 382 @node Function Index | |
| 383 @chapter Function Index | |
| 384 @printindex fn | |
| 385 | |
| 386 @node Variable Index | |
| 387 @chapter Variable Index | |
| 388 @printindex vr | |
| 389 | |
| 390 @summarycontents | |
| 391 @contents | |
| 392 @bye | |
| 393 | |
| 394 @c End: | |
| 395 | |
| 396 @ignore | |
| 397 arch-tag: 0c205838-34b9-41a5-b9d7-49ae57ccac85 | |
| 398 @end ignore |