There is an implementation of SHA1 in the eternity server software distribution, or here is the code standalone as a tgz file (tarred and gnu zipped) [sha1.tgz] or as a zip file [sha1.zip], also you can use a slower perl5 version [sha1.pl]. (Would a Win95/NT user like to compile SHA1 for 95/NT, sign and mail me the patches/binary for SHA1?)
URL: http://censored.eternity/
If you do choose to set the Cache option, the possible
values are:
Cache: yes
Cache: encrypted
Cache: no
The purpose of the Cache setting is to allow you as publisher of the
document to describe your preferences about how careful you would like
the server to be in not keeping copies of your document around. You
can choose to allow the server to keep copies to speed up accesses, or
if you are more paranoid you can make sure the server doesn't keep
copies itself. The most paranoid setting is no. The
least paranoid is yes.
If you set the setting to yes, your document will be cached which will mean that your document will be available more quickly, and will rely less on you reposting the document to ensure it is available in USENET. However if the eternity server is raided, your document will be sitting on it's disk.
If you set the setting to no, your document will not be cached, which will mean that the document will always have to be read from the eternity servers newspool. If the eternity server is raided, it's cache directory will be empty.
The encrypted setting is somewhere between the other two settings in security. Documents are cached, but they are encrypted in the cache. The level of protection this offers the eternity server depends on how well known the URL is. If the URL is openly published, this option only adds security by obscurity over a setting of yes.
The default if you miss this option off is directory.
Exdirectory documents mean that people will not know your document is available at the eternity server unless you tell people about the URL, or you link to it from another eternity document or ordinary web document (or unless they guess it, or the eternity server operator observes you accessing that URL).
Another use for exdirectory documents is for inline images, or a series of pages linked to from a home page. You probably only want a directory listing for the home page.
For normal, single document submissions you could add, or equivalently leave the option out:
Options: directory
An example might be:
Description: Freds censored books
The description option is optional, so you can omit it, if you think your URL is obvious enough without further explanation.
To create an unsigned eternity document:
To do this, if your document is named "test.html", you would run PGP with the "-a" option, like this:
pgp -a test.html
PGP will create a document called "test.asc" which you will need to use in the next step.
URL: http://censored.eternity/
Description: Freds censored books
Cache: yes
-----BEGIN PGP MESSAGE-----
...
-----END PGP MESSAGE-----
Where the lines begining with ----- and the information between these lines is the output of the previous step, your ascii-armored document.
So to encrypt the "test.txt" document you created in the previous step, you do:
pgp -c -z"eternity" test.txt
It may ask you if you want to over-write "test.asc" as this file will already exist. Say yes.
On unix you would run:
echo -n http://censored.eternity/ | sha1
The SHA1 hash of the above URL is: 44ad6b2e9b27fc680e95986ce14de9d4decd8d6a
The "-n" option to echo ensures that a newline character is not included in the hash.
I would be interested to hear from a windows person what the easiest way to acheive this under DOS is.
Another use for signed documents is to create non-updateable documents. To acheive this you sign your document, and then discard the private key. After this you couldn't update the document if you wanted to. If you are being threatened by censors being unable to remove the document might be in your advantage.
(A later version of the eternity server software might prevent other people updating unsigned documents, by disabling the updating of unsigned documents altogether).
To create a signed eternity document:
pgp -kg to create a new pgp key.
pgp -kxa fred key.asc Where "fred" is the user id you chose for your new key.
To do this, if your document is named "test.html", you would run PGP with the "-a" option, like this:
pgp -sa test.html -u fred
Where fred is the user id of the key you wish to sign the document with.
PGP will create a document called "test.asc" which you will need to use in the next step.
URL: http://censored.eternity/
Description: Freds censored books
Cache: yes
-----BEGIN PGP MESSAGE-----
...
-----END PGP MESSAGE-----
Where the lines begining with ----- and the information between these lines is the output of the previous step, your ascii-armored document.
Then your new document would look like:
URL: http://censored.eternity/
Description: Freds censored books
Cache: yes
-----BEGIN PGP MESSAGE-----
...
-----END PGP MESSAGE-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----
So to encrypt the "test.txt" document you created in the previous step, you do:
pgp -c -z"eternity" test.txt
It may ask you if you want to over-write "test.asc" as this file will already exist. Say yes.
On unix you would run:
echo -n http://censored.eternity/ | sha1
The SHA1 hash of the above URL is: 44ad6b2e9b27fc680e95986ce14de9d4decd8d6a
The "-n" option to echo ensures that a newline character is not included in the hash.
I would be interested to hear from a windows person what the easiest way to acheive this under DOS is.
Another more secure option is to instead encrypt the document with the SHA1 of the URL with a 1 prefixed. That is for the example URL of http://censored.eternity/, the password would be:
% echo -n 1http://censored.eternity/ | sha1
08e2bc27d0e5d8058db7f2de9e0a28cb2dd7298c
%
Then you would replace step 6 above with this command:
% pgp -c"08e2bc27d0e5d8058db7f2de9e0a28cb2dd7298c
This method has the advantage that if someone does not know the URL they won't be able to decrypt the eternity document in the news spool. For paranoid use with this option I guess you should really set the document to exdirectory, otherwise someone could just try all of the listed URLs to see which one it is.
For best security in fact you should use only private eternity servers. (Where a private server is one your run on your local machine).
To password encrypt your eternity document, you would replace step 3 above with the command:
% pgp -sac test.html -u fred -z"password"