Newsreaders that support PGP, GPG, RIPEM, etc.
Since alt.security.keydist is intended for people who use both netnews and public key encryption, I’ve decided to add a quick list of software that helps people use public key encryption on Usenet.
This list is dominated by PGP and GPG plug-ins. That’s not a bias of the webmaster — I’ll list any public key encryption application that works with Usenet — just a reflection of the fact that OpenPGP is the most popular encryption format. Likewise, the list is skewed towards Windows and UNIX systems, but programs for other operating systems are mentioned when possible. If you know a newsreader (or add-on) that supports the use of public key encryption (whether it’s OpenPGP, S/MIME, or something more obscure), feel free to e-mail the webmaster of this site.
EMACS
If you use EMACS to read newsgroups, you’re a tougher geek than me. You probably don’t need my help with anything. Anyway, mailcrypt allows EMACS to PGP– and GPG-sign mail messages; I’m guessing it works with news messages, because EMACS programmers hate putting limits on themselves. RIPEM shipped with its own EMACS routines. (Presumably, lisp routines can provide EMACS with an interface to any command-line encryption application, it’s just that no EMACS programmers like the other programs.)
Forté Free Agent
A lot of Free Agent users used to swear by a program called PGPeep, but that doesn’t seem to be available anymore. There is, however, a way to use
PGPmail(v4.5) with Free Agent.
Google Groups
There are three different issues that need to be taken into account when trying to use public key encryption through Google’s web-based Usenet service.
Posting signed articles requires you to paste the signed message into Google’s web form. The MIT, NAI, and PGP Inc. versions of PGP for Windows all have a “Current Window” function that will sign messages in the form, as long as the mouse pointer is in the form window. (GPGshell has a similar function for GPG-users.) For other encryption programs (and front-ends), you’ll probably have to use the operating system’s cut-and-paste functions.
Verifying signed articles also requires the use of OS cut-and-paste functions. (The “Clipboard” command of PGP For Windows, WinPT, and GPGshell all work with messages appearing on Google web pages.)
Using MIME-formatted encryption is touch-and-go. As far as I can tell, Google Groups does archive “multipart/signed” messages (including PGP/MIME and S/MIME), as well as messages posted “text/plain”. Messages I’ve posted with “application” media types (such as “application/pgp-keys” or “application/ripem”) are not appearing in Google Groups. Messages posted through Google Groups, of course, are always sent as “text/plain”.
Mozilla Messenger
The mail/news reader included with the Mozilla web browser has built-in S/MIME support, but it does not allow users to post S/MIME-signed messages to Usenet. (It’s actually a bit passive-agressive on this subject — the S/MIME commands still appear in the menus, but Mozilla won’t let users assign security certificates to news accounts.)
The Enigmail plug-in provides good GPG integration for the UNIX and Windows versions of Mozilla, including the ability to post GPG-signed messages to newsgroups.
Outlook Express
Microsoft’s mail/news reader has built in support for S/MIME, and can post S/MIME-signed messages to newsgroups.
Support for PGP 2.x and 5.x can be added to Outlook Express for Windows by installing Mollusc, a shareware plug-in. PGP Personal Desktop includes its own Outlook Express plug-in that will sign netnews messages.
Support for GPG can be added to OE for Windows with GPGOE by Lee Evans. (GPGOE is also available as part of WinPT, which will install GPG, GPGOE, and a generic Windows front-end. WinPT could be a good choice if you need recommend a GPG package to total newbies.)
G DATA Software AG also publishes an Outlook plug-in called MUA, but I haven’t tested it.
Netscape Messenger
Mollusc will add support for PGP 2.x or PGP 5.x to Netscape Communicator, but both Navigator and PGP are getting seriously out-of-date. If you’re still using them, consider upgrading to Mozilla. The netnews interface is better, and there’s a GPG plug-in available.
pine
Pine (the original combined mail/news reader) has more encryption add-ons than I can keep track of. Most of them advertise themselves as supported encrypted e-mail, but some of them probably work for news also.
The venerable nic.funet.fi FTP server (a treasure trove of 1990s encryption software) lists several utilities that add PGP support to pine.
For GPG users, there’s Topal and MagicPGP (which also supports most command-line versions of PGP).
slrn
gnupg.sl allows slrn to sign messages (and verify signed messages) using GPG.
tin
mail_tin integrates UCBmail, tin, and PGP.
Yarn
The Yarn offline mail/news reader uses MS-DOS batch files to interface with encryption programs. It only ships with batch files for PGP, but I wrote some batch files for yarn that support GPG, RIPEM, and Sifr.