Previous Next Table of Contents

4. Secrets

To create signatures, decrypt messages, or use nyms, you need to set up a ``premail secrets'' file. If you will only be using premail to encrypt outgoing mail, you can skip this section.

The default filename is /tmp/.premail-secrets.$< , where $< is equal to your numeric user id. To change the filename, use a preferences line such as this one:

$config{'premail-secrets'} = '/mnt/cryptdisk/premail-secrets';

If you don't know your numeric user id, you can find it by running ``echo $uid'' (from csh or tcsh), ``echo $UID'' (from sh or bash), or:

perl -e 'print "$<;\n"'

The premail secrets file has this format:

$pgppass{'user'} = 'PGP passphrase for user';
$pgppass{'alternate'} = 'PGP passphrase for alternate';
$penetpass = 'Passphrase for anon.penet.fi';

However, make sure your premail secrets file has restrictive permissions, so other people on your system can't read your passphrases! This command is well recommended (substituting your actual user id, of course):

chmod 600 /tmp/.premail-secrets.7437

4.1 Logging in and logging out

Generally, premail stores its secrets file in the /tmp directory. In some cases, this is good enough security. In other cases, it might be better to store the file encrypted most of the time, and only decrypt it when necessary. To use this capability of premail, first set a passphrase with:

premail -setpass

You will be prompted for a passphrase. You can use the same passphrase as for your PGP key, or a different one, depending on how many passphrases you want to remember. This command leaves you logged in with the new passphrase set.

Note: the secrets file must already exist before setting the password on it. If not, there will be an error message.

To log out:

premail -logout

You might consider adding this command to your .logout file, so that it occurs automatically every time you log out of your account.

To log in again:

premail -login

If you are running on a system with X, then premail will automatically pop up a window to log in whenever the secrets are needed. If you are not running X, and the secrets are needed, you will get an error. In this case, you can log in manually and try the command again.


Previous Next Table of Contents