Top : Open Source : Herbivore : Herbrip
| News |
A Herbivore reference implementation in Python.
Herbrip aims to be an easy-to-use public-key email encryption program; a bit like PGP or GnuPG, but in effortless to use in normal operation, because public keys are exchanged transparently. Also, header lines such as Subject:, and attachments, are automatically encrypted (and decrypted at the other end).
Herbrip is part of my Herbivore initiative to encourage more people to use encrypted email. Herbrip is a command-line implementation of the Herbivore protocol (the name stands for ``Herbivore Reference Implementation in Python'').
At the moment, Herbrip contains a working encryption engine, and ways of integrating it into a Unix email system (MUAs and MTAs). It is a bit fiddly to set up, but once set up it should be transparent in normal operation. Herbrip is pre-alpha software; so, while it works, I don't particularly recommend it for intensive use yet.. In particular, if you want to keep your email secret, you are probsably better off using GnuPG for now.
Herbrip is written in Python. It uses the open source OpenSSL program as its encryption engine. Herbrip was developed in Linux, but should run OK on any Unix-like system with Python 2.0 (or later) and OpenSSL. To connect Herbrip to your existing email software, it helps if you are running Procmail, and Sendmail or a Sendmail-like MTA. Instructions on setting up Herbrip are contained in the downloadable tarball.
Herbrip is known to work with OpenSSL 0.9.6a; I haven't tried it with other versions.
Herbrip normally rund in the background without the user being aware of it. But you can run it manually from the command line, as well. This section explains how to do this.
(1) to set it up, run from the command line:
$ herbrip --create
This will create a ~/.herbivore directory to store information that Herbrip will use on subsequent invokations. it will also create your Herbivore public/private keypair.
(2) to process outgoing email:
$ herbrip --out mailo mailo_p
This takes as input a file mailo which must contain an email message (including header and body) that you intend to send to someone. Herbrip adds headers stating your herbivore public key. If herbrip has a public key for the recipient of the message, the message is encrypted with that key. The resulting output is written to mailo_p.
Note that the --out command only deals with mail sent to one recipient address; to send a message with more than one recipient, multiple output emails are sent, and each email must be dealt with separately; this is what --outd does, where the destination of the mails is determined by the 'dest' config variable. This is explained more fully in the documentation that comes with Herbrip.
(3) to process incoming email:
$ herbrip --in maili maili_p
This reads maili, which must contain an incoming email that you have received. The resulting output email is written to maili_p. Herbrip does two things: firstly it reads the sender's Herbivore public key (if there is one) and adds it to Herbrip's database. Secondly, if the mail is encrypted, Herbrip attempts to decrypt it using your public key.
If you run herbrip without any parameters, you get usage information.
Download:
Older versions of Herbrip are available from the news page. This has the latest news about Herbivore and Herbrip.
By Philip Hunt,
philh@comuno.freeserve.co.uk
Last altered: 9 Feb 2002.