Short: Autom. signs & archives (PGP) w/GUI Author: jensthi@ifi.uio.no (Jens Toivo Berger Thielemann) Type: util/arc,util/crypt Architecture: m68k-amigaos Note: This utility is recommended by Peter Simons, author of PGPAmiga! The full recommendation is put at the end of this readme file, signed with Peter's key. >>> THE PROBLEM <<< ~~~~~~~~~~~ For some years now, "lamers" and other idiots have had the chance to play with other computer artists work - adding viruses, changing code, adding banners to the executable, releasing fake 'upgrades' to get their name out, etc. This has been possible, as the end-user has no way to check that the files still are the same as when the author released it, and that no hidden 'features' have been added. >>> THE SOLUTION <<< ~~~~~~~~~~~~ With PGP and MD5SUM, authors distributing their works have been given tools to make sure no one have 'fun' with their work, as the end-user has the possibility to check that the file's origin really is correct. Any modifications to the files in the archive will thus be detected, as a file with 'finger prints' is included, which only can be created by the author. However, making such a file with message digests, signing it and finally archiving all the files are usually a quite big, boring and time-consuming task. Not anymore. >>> INTRODUCING... <<< ~~~~~~~~~~~~~~ SignArch, now with fully featured Graphical User Interface! Point'n'click, use ReqTools requesters to select the files to be archived and ZIP! (or rather: LHA! :), everything is SIGNED with pgp, ARCHIVED with lha and READY to distribute - it's even EASIER than using LhA itself! Of course, you may save the settings and files to a parameter file, which may be processed with an external script, so you don't have to repoint and reclick each time! If you're doing internal distribution, optional encryption of final archive is supported, also for multiple receivers. Although a Graphical User Interface is included, even CLI lovers will enjoy the package, as a LhA 'substitute' will take parameters almost as LhA (even wildcards when signing), and automagically both include signatures and archive everything. A special script is also included for adding signatures to existing archives. Thus, lovers of both worlds should be satisfied. >>> REQUIRES <<< ~~~~~~~~ - An Amiga with Kick 2.04 or higher. - ARexx and PGP 2.3a.3 or higher properly installed, in the path. - MD5SUM (included with PGP) and LhA in the path. - reqtools.library (NOT included! Get this from somewhere else) - rexxreqtools.library (optional, not included) By the way, this package does of course include a signed file with message digests, be suspicious if that one is missing! >>> RECOMMENDATION <<< ~~~~~~~~~~~~~~ -----BEGIN PGP SIGNED MESSAGE----- I can really recommend Jens' SignArc utility. I have tested the beta version for bugs and enforcer hits and I couldn't find any in the time I used it. I also didn't notice any flaws in the way he uses PGP. SignArc, in combination with PGP, is really useful for securing your software against hackers modifying the distribution. And not only that, it makes the compilation of release archives in general a lot easier than before. I will use it myself to assemble the distributions of my own software, including PGP. Sincerely, Peter Simons -----BEGIN PGP SIGNATURE----- Version: 2.6.2i beta iQCVAgUBL1OdwA9HL1s0103BAQHoEgP/SPyJSyjHro8XBxyihtKLcL/JYD19ccri fnqf93/dY6Wuc78x2Y7tJHp9/Plhh+GH0Ej8v04Lptn13jel33j1moPG5ORg7316 NppMALshvL/z3Q92tftn57jHh4DbCsCU/j+WFzFRb9/fw7/qfFhNWLL66im4Q/h8 4EYmcLswJTA= =Re8l -----END PGP SIGNATURE-----