Adventures in GPG (very little of which have to do with GPG)

[Ben Scott]

 This was received off-list, but may contain Potentially Useful
Information(TM), so I'm sending my reply to the list.  All
names/addresses have been removed to protect the innocent (or the
guilty, as the case may be).

On 3/19/07, [CENSORED] wrote:
> Because of Ted's post on gnhlug-discuss recently, I thought I'd let you
> know that no gpg mail has arrived from you.

  For my part, this is due to a combination of things, including:

1. Illness on Friday.
2. Getting general Unix mail services working on my home PC.
3. Getting tied up trying to figure out a good way to get mail out of
Gmail and on to my PC.
4. Futzing around with a private key stored on a floppy diskette.
5. Having more important things to worry about than items 2 through 4
(such as item 1).

  For #2, I mean the ability for me to type "mail
somebody at example.com" at the shell prompt, and have a good chance of
the mail getting through.  Until now, this hasn't been important to
me, but it is needed for caff.  (On my PC, mail to the outside world
is sent from Pine, which has options to handle all that stuff.
Systems within my organization (i.e., my apartment) were fine.  But
not too many MXs accept mail from "bscott at blackfire.bscott.local"
coming from a dynamic IP address.)

  The solution was to use Sendmail's "generic re-writing" facility,
AKA generics table.  Oh, and I had Sendmail route everything through
my ISP.  I had to add three lines to my /etc/mail/sendmail.mc file:

define(`SMART_HOST', `smtp.comcast.net')
FEATURE(genericstable, `hash -o /etc/mail/genericstable')
GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomains')

  Then I had to create an /etc/mail/genericsdomains file, to tell
Sendmail which domains to rewrite for:

localhost
localhost.localdomain
blackfire
blackfire.bscott.local

  And finally, to create the /etc/mail/genericstable file, with the
rewrite rule:

bscott  dragonhawk at example.com

  I know other mailers can handle this, too, but I'm still using
Sendmail.  (Why?  Because it's what I know, and it's what came with
Fedora 6.  It's easier for me to add small bits of knowledge about
Sendmail than it is to add all the knowledge about, e.g., Postfix.
Which kinda sucks, because I'm as sure as I can be that Sendmail is
the least-easy way to do things in the long run.  ~sigh~)

  #3 is an interesting challenge, which I should have seen coming.
I've got maybe a dozen or so signed key messages in my Gmail account.
I want to get just those messages out of Gmail and on to my PC.  I do
not, however, want to POP *all* of the 7004 messages on my Gmail
account to my PC, just to get those dozen or so messages.  I've been
experimenting with third-party Gmail-to-IMAP gateway hacks, but this
stuff is by nature pretty kludgey.

  (Of course, #3 isn't preventing me from *sending* mail with signed
keys, but working on a problem is more interesting than typing
passphrases and key IDs.)

  #4 was me being a Luddite, and paranoid.  I stored my private key on
a floppy diskette.  I wanted removable media because the world's best
firewall is a 2-inch air gap.  I used a floppy because it's still the
most universal media out there.  This led to interesting challenges
when it came to things like "How do I make a backup copy, with only
one floppy drive?" and "Hmmm, can I use a RAM disk without worrying
about data remanence due to the swap file?"  Being too close to the
problem, it was some time before it occurred to me that I could use a
$5 USB flash drive with floppy disks for backup, and get the best of
both worlds.  Dope slap for me.

  As the subject line notes, very little of the above actually has to
do with GPG.  This is why IT managers scream when people say, "But
it's just one little program."  It's never that easy...

"When we try to pick out anything by itself, we find it hitched to
everything else in the universe."  -- John Muir

-- Ben