Differences between current version and revision by previous author of HowToMuttGnuPGPGPHOWTO.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 3 | Last edited on Friday, October 29, 2004 10:08:45 am | by StuartYeates | |
| Older page: | version 2 | Last edited on Friday, June 7, 2002 1:07:08 am | by perry | Revert |
@@ -1,1348 +1 @@
-
-
-
-Mutt-i, GnuPG and PGP Howto
-
-
-
-----
-
-!!!Mutt-i, GnuPG and PGP Howto
-
-!!Andreacutes Seco
-AndresSH@ctv.es and J.Horacio M.G.
-homega@ciberia.esv1.2, February 2000
-
-
-----
-''This document briefly explains how to configure ''Mutt-i'', ''PGP'' and
-''GnuPG'' in its diferents versions (2.6.x, 5.x and GnuPG), noting the
-common problems that can occur while sending signed or encrypted mail to
-be read by mail clients not PGP/MIME compliants as defined in RFC2015 and
-in other operating systems. It also includes an example of procmail
-configuration to send the public keys automatically to received e-mails
-asking for it, as a key servers does.''
-----
-
-
-
-
-!!1. Introduction
-
-
-
-
-!!2. Copyright and discharge of responsability
-
-
-
-
-!!3. Sending mail to and receiving mail from the internet
-
-
-
-
-!!4. Mutt configuration
-
-
-
-
-!!5. PGP and GnuPG
-
-
-*5.1 PGP2
-
-*5.2 PGP5
-
-*5.3 GnuPG
-
-
-
-
-
-!!6. PGP and Mutt integration
-
-
-*6.1 Optional configuration files
-
-*6.2 General Configuration Variables
-
-*6.3 PGP2 configuration variables
-
-*6.4 PGP5 configuration variables
-
-*6.5 GnuPG configuration variables
-
-*6.6 Mixed configuration variables
-
-
-
-
-
-!!7. Interesting Macros for Mutt
-
-
-*7.1 Signing on the message body without using PGP/MIME with PGP5
-
-*7.2 Signing on the message body without using PGP/MIME with GnuPG
-
-*7.3 Modifying the alias file and reloading it
-
-*7.4 More macro examples
-
-
-
-
-
-!!8. Procmail notes and tips
-
-
-*8.1 Configuring Procmail to send automatically your public keys
-
-*8.2 Verify and decrypt automatically messages without PGP/MIME
-
-*8.3 Change MIME type for messages with keys inside without PGP/MIME
-
-
-
-
-
-!!9. Interchanging signed/encrypted messages with different MUAs and platforms
-
-
-
-
-!!10. Programs and versions used
-
-
-
-
-!!11. More information
-----
-
-!!1. Introduction
-
-
-This document explains how to configure ''Mutt-i'', ''PGP'' and
-''GnuPG'' in its diferents versions (2.6.x, 5.x and GnuPG) to quickly
-start using a mail reader with encryption and digital signing
-capabilities.
-
-
-For this purpose, example configuration files will be included to help you
-starting with it. To obtain maximum performance and to use all the
-features of the programs that we will be using, it will be necesary to
-read its documentation and to reconfigure the example files.
-
-
-Also, some problems derived from not using RFC2015 about PGP/MIME by many
-mail user agents in Linux and other operating systems will be comented.
-
-
-An aditional procmail configuration example will be showed to enable our
-mail client to send a public key on request.
-
-
-This document has been translated from the Spanish original by Andreacutes Seco
-AndresSH@ctv.es, and revised
-and corrected by Jordi Mallach Peacuterez
-jordi-sd@softhome.net and
-J.Horacio M.G.
-homega@ciberia.es. It was finished in October 1999. We would like
-to thanks Roland Rosenfeld
-roland@spinnaker.de, Christophe Pernod
-xtof.pernod@wanadoo.fr,
-Denis Alan Hainsworth
-denis@cs.brandeis.edu and Angel Carrasco
-acarrasco@jet.es for their
-corrections and suggestions.
-
-
-
-----
-
-!!2. Copyright and discharge of responsability
-
-
-This document is copyright (c) 1999 Andres Seco and J.Horacio
-M.G., and it's free. You can distribute it under the terms of the
-__GNU General Public License__, which you can get at
-http://www.gnu.org/copyleft/gpl.html. You can get unofficial
-translated issues somewhere in the internet, as well as the Spanish
-translated copy at
-http://visar.csustan.edu/~carlos/gpl-es.html or Lucas
-http://www.lucas.org.
-
-
-Information and other contents in this document are the best of our
-knowledge. However, we may have make errors. So you should determine if
-you want to follow the instructions given in this document.
-
-
-Nobody is responsible for any damage in your computers and any other loss
-derived from the use of the information contained herein.
-
-
-THE AUTHORS AND MAINTAINERS ARE NOT RESPONSIBLE FOR ANY DAMAGE INCURRED
-DUE TO ACTIONS TAKEN BASED ON INFORMATION CONTAINED IN THIS DOCUMENT.
-
-
-Of course, we are open to all type of suggestions and corrections on the
-content of this document.
-
-
-
-----
-
-!!3. Sending mail to and receiving mail from the internet
-
-
-This document does not deal with exchanging mail messages between local
-machine and other nodes (inside a local area network or over the
-internet). This exchange should be carried out by messages transfer agents
-(MTAs) such as sendmail
-http://www.sendmail.org, qmail
-http://www.qmail.org, exim
-http://www.exim.org, smail
-ftp://ftp.planix.com/pub/Smail, etc.
-
-
-In this document it is presupposed that this method of send/receive
-messages outside of the local computer is already installed and working in
-a correct way. If you can send a message and read your mail with the
-mail command from the command line in your computer,
-
-
-
-
-$ mail -s <subject> <user@domain.net>
-write here the text, and finish with an alone point in the next line
-.
-
-
-
-you must have installed any type of MTA that is doing the messages
-transfer. In other way, you can get documentation about setting it up in
-the manual pages of ''smail'':
-
-
-
-
-$ man smail
-
-
-
-or the MTA that you have, and ''fetchmail'':
-
-
-
-
-$ man fetchmail
-
-
-
-or in other similar document that makes reference to those programs.
-
-
-
-----
-
-!!4. Mutt configuration
-
-
-Next file is a valid example to start using ''Mutt'' in a basic way,
-including paths for alias file, sent messages and postponed messages. You
-can further personalize it attending to the ''Mutt'' manual indications
-and /usr/doc/mutt/ or /usr/doc/mutt-i/.
-
-
-Simple example of ~/.muttrc:
-
-
-
-
-
-set folder=~/Mail
-set alias_file=.alias
-set postponed=.postponed
-set record=!SendMessages
-set signature=.signature
-my_hdr From: Name Surname <Name@domain.com>
-source =.alias
-
-
-
-
-It is necesary that the directory ~/Mail exists, that is
-the one that appears as an "equal to" sign in the configuration file
-.muttrc (that is, =.alias is to ''Mutt'' as
-~/Mail/.alias, and =.postponed is to ''Mutt''
-~/Mail/.postponed). Nevertheless it is possible to have
-these files in another directory provided we indicate the complete path in
-~/.muttrc, and we have the necesary permissions to work in
-this directory.
-
-
-It is also necesary to personalize the my_hdr line with the name and
-electronic mail address you need. In the ~/Mail/.signature
-file you caninclude the signature that will appear in all the messages
-that are sent.
-
-
-This configuration file can end up being made very big, so it is common to
-separate some of its commands in different files. For the time being, the
-''PGP'' or ''GnuPG'' configuration lines are easily detachable, and the
-keyboard macros that we will personalize. To do that, it will be necesary
-to add the following lines to the ~/.muttrc file:
-
-
-
-
-
-source = ~/Mail/.mutt.macros
-source = ~/Mail/.gnupgp.mutt
-
-
-
-
-and to use the ~/Mail/.mutt.macros and
-~/Mail/.gnupgp.mutt files to put in them the keyboard
-macros and the ''PGP'' or ''GnuPG'' configuration that are commented
-forward.
-
-
-To get a more extensive and complete information over the use and
-configuration of ''Mutt'', and about advanced features, see the Mutt
-manual
-http://www.mutt.org.
-
-
-
-----
-
-!!5. PGP and GnuPG
-
-
-To use anyone of the versions of ''PGP'' with ''Mutt-i'', first it will
-be necesary to configure ''PGP'' properly in the way that the public keys
-file (public keys ring) and the private keys file (private keys ring) will
-exist. It is convenient to previously test PGP from the command line to
-assure that it signs and encrypt correctly.
-
-
-Remember that the ''PGP'' versions that exist for ''Unix'' are 2.6.3(i) and 5.(i), that we call __PGP2__ and __PGP5__ respectively forward. __GnuPG__ is a new encrypt system, being developed in these days, in an advanced state of development, open source and free, in many aspects better than __PGP__ (see GnuPG mini howto
-http://www.dewinter.com/gnupg_howto).
-
-
-We will also clarify that ''PGP'', as being a program developed in the
-US, is restricted by certain exporting laws about programs that include
-cryptographic code; this is the reason for the existance of an
-international version to almost all binary versions, and it is noted with
-the "__i__" letter (__pgp - pgpi__).
-
-
-
-
-!!5.1 PGP2
-
-
-
-''PGP2'' generates keys with the RSA
-http://www.rsa.com,algorithm and it uses IDEA
-http://www.ascom.ch as the encryption
-algorithm. Both are propietary algorithms and its use is restricted by its
-respectives patents.
-
-
-To run it correctly, you must have it installed, as well as having a directory called ~/.pgp, containing the configuration file pgp-i.conf and the private and public keys rings files, pubring.pgp and secring.pgp respectively.
-
-
-
-
-!!5.2 PGP5
-
-
-
-The keys generated by ''PGP5'' are __DSS/DH__ (Digital Signature
-Standard / Diffie-Helman). PGP5 uses __CAST__, __Triple-DES__, and
-__IDEA__ as encrypt algorithms. PGP5 can work with encrypted or signed
-data with ''RSA'' (PGP2), and use that keys to sign or encrypt (with the
-keys generated with PGP2, because PGP5 can not generate that type of
-keys). In the other hand, PGP2 can not use the ''DSS/DH'' keys from
-PGP5; this creates incompatibility problems, because many users continue
-using PGP2 with ''Unix/Linux''.
-
-
-To run PGP5 correctly, in the ~/.pgp directory you will
-have the public and private key rings (pubring.pkr and
-secring.skr respectively), and the configuration file pgp.cfg.
-
-
-In the case that you have installed the both versions of ''PGP'' (PGP2
-installed and configured before PGP5), we will create the configuration
-file ~/.pgp/pgp.cfg of PGP5 as a simbolic link to the
-~/.pgp/pgp-i.conf configuration file,
-
-
-
-
-~/.pgp$ ln -s pgp-i.conf pgp.cfg
-
-
-
-adding the following lines at the end of the file
-~/.pgp/pgp-i.conf:
-
-
-
-
-
-!PubRing = "~/.pgp/pubring.pkr"
-!SecRing = "~/.pgp/secring.skr"
-!RandSeed = "~/.pgp/randseed.bin"
-
-
-
-
-The files with the keys rings of the different versions can cohexist
-without any problem in the same directory.
-
-
-
-
-!!5.3 GnuPG
-
-
-
-__GnuPG__ is a program with the same functions that the previous. The
-difference with ''PGP'', ''GnuPG'' do not uses algorithms with
-restrictive patents. ''PGP'' is free for personal uses but not comercial
-jobs and its development is closed. ''GnuPG'' is free to be used in any
-job and it is open source, as our favorite operating system (also its
-implementation and development is made mainly in ''Linux'').
-
-
-The keys generated by ''GnuPG'' are of the type __DSA/!ElGamal__
-(''Digital Signature Algorithm'', also known as ''DSS''). Is totaly
-compatible with ''PGP'', except with the use of restricted patents
-algorithms ''RSA'' and ''IDEA''. Anyway, it is posible to implement
-certain compatibility with that (see GnuPG mini howto
-http://www.dewinter.com/gnupg_howto to get it interacting with
-PGP2 and PGP5).
-
-
-
-----
-
-!!6. PGP and Mutt integration
-
-
-The operation to carry out in the outgoing messages (sign, encrypt or
-both) is chosen exactly before presing "y" to send the
-message, inside the option menu that is visible with the
-"p" option. Once you have choosen the operation to carry
-out, only the line ''PGP'' in the message header showed in the screen
-will change, but until you send the message with "y" you
-won't be asked to insert the pass phrase to activate the sign of the
-message or the public keys to use to encrypt in the case that no receptors
-were found in our public keys ring.
-
-
-__NOTE:__ In the case that the pass phrase was mistyped when it was asked
-for, ''Mutt'' seems to be "hung", but that's not true, it is
-waiting for it to be retyped. To do this, push the <Enter> key
-and delete the pass phrase from memory with <Ctrl>F. Next we
-repeat the message sending with ("y") and retype the pass
-phrase.
-
-
-Through this procedure, ''Mutt'' will use ''PGP/MIME'' to send the
-message, and one more file will appear in the list of files to be sent
-with the sign (if we only select to sign) or it will encrypt the complete
-message (all its ''MIME'' parts) and it will only leave two MIME parts,
-the first with the PGP/MIME version and the second with the encrypted
-message (with all its MIME parts inside) and signed (if we selected to do
-it).
-
-
-__Note:__ By some reasons, if the receptor mail user agent can not use
-''MIME'', we may need that the sign will be included inside the message
-body. See section about ''application/pgp'' with
-PGP5 and with
-GnuPG.
-
-
-''Mutt'' will try to verify the sign or decrypt automatically the
-incoming messages that use ''PGP/MIME''. See section
-Procmail notes and tips, in which it is
-commented how to change the ''MIME'' type automatically to the incoming
-messages that do not set its ''MIME'' type correctly.
-
-
-
-
-!! 6.1 Optional configuration files
-
-
-
-In the next sections you can find modifications to the ''Mutt''
-configuration file to use
-PGP2,
-PGP5, and
-GnuPG
-easily.
-
-
-To do that, a new configuration file that we called .gnupgp.mutt
-(that's our name, you can call it any other name setting the name of this
-file into the main configuration file ~/.muttrc).
-
-
-This can be done including the complete path (its location) of the
-configuration file .gnupgp.mutt, in a line at the end of the
-~/.muttrc file. The directory in which we put this and
-other optional configuration files can be anywhere, if we have correct
-permissions (in a previous section we included it inside the
-~/Mail/) directory, or any other inside our home directory,
-with any name:
-
-
-
-
-~$ mkdir mutt.varios
-
-
-
-in which we copy (or create) the optional configuration file
-.gnupgp.mutt, and next we set the origin of this file in the
-.muttrc file with the source command, like the following:
-
-
-
-
-
-source ~/mutt.varios/.gnupgp.mutt
-
-
-
-
-Now ''Mutt'' will accept configuration variables in .gnupgp.mutt as if it were in .muttrc directly.
-
-
-This method is a good way to avoid having a very big, unsorted
-configuration file, and can be used to set any other group of
-configuration variables in other separate file. For example, as before, if
-we use ''vim'' as the default editor in ''Mutt'', we can tell to
-.muttrc to use a different configuration file .vimrc that we use
-when using ''vim'' from the command line. First, copy
-~/.vimrc to our optional configuration files directory
-~/mutt.varios/ and set it with other name (ex.
-vim.mutt):
-
-
-
-
-$ cd /home/user
-~$ cp .vimrc mutt.varios/vim.mutt
-
-
-
-next change the configuration variables that we want to be different in
-''vim'' as the ''Mutt'' editor, and finally modify .muttrc to
-reflect this change:
-
-
-
-
-
-set editor="/usr/bin/vim -u ~/mutt.varios/vim.mutt"
-
-
-
-
-With this last line we are setting Mutt to use an external editor,
-''Vim'', with the needed configuration options.
-
-
-
-
-!! 6.2 General Configuration Variables
-
-
-
-There are some variables that we will use globally with the three public
-key encrypt programs with ''Mutt''. These variables are boolean, and can
-be __set__ (activated) or __unset__ (deactivated).
-
-
-In the configuration file (~/.muttrc, or
-~/mutt.varios/.gnupgp.mutt, or whatever you use), the sign
-(__#__) is a comment and will be ignored. So, we will use it from
-here in advance to comment each variable:
-
-
-
-
-; __unset pgp_autosign__:
-
-# if this variables is set, ''Mutt'' will ask to sign all the
-# outbound messages.
-(1)
-
-
-; __unset pgp_autoencrypt__:
-
-# if this variable is set, ''Mutt'' will ask to encrypt all the
-# outbound messages.
-(1)
-
-
-; __set pgp_encryptself__:
-
-# save an encrypted copy of all sent messages that we want to encrypt
-# (need the general configuration variable set copy=yes).
-
-
-
-; __set pgp_replysign__:
-
-# when you answer a signed message, the response message will be
-# signed too.
-
-
-
-; __set pgp_replyencrypt__:
-
-# when you answer an encrypted message, the response message
-# will be encrypted too.
-
-
-
-; __set pgp_verify_sig=yes__:
-
-# Do you want to automatically verify incoming signed messages?
-# Of course!
-
-
-
-; __set pgp_timeout=<n>__:
-
-# delete pass phrase from the memory cache <n> seconds
-# after typing it.
-(2)
-
-
-; __set pgp_sign_as="0xABC123D4"__:
-
-# what key do you want to use to sign outgoing messages?
-# __Note:__ it is posible to set it to the user id, but
-# this can be confuse if you have the same user id with different keys.
-
-
-
-; __set pgp_strict_enc__:
-
-# use "quoted-printable" when PGP requires it.
-
-
-
-; __unset pgp_long_ids__:
-
-# Do not use 64 bits key ids, use 32 bits key ids.
-
-
-
-; __set pgp_sign_micalg=<some>__:
-
-# message integrity check algorithm, where
-# <some> is something from the next:
-(3)
-
-
-
-
-*__pgp-mda5__
-to RSA keys
-*
-
-*__pgp-sha1__
-to DSS (DSA) keys
-*
-
-*__pgp-rmd160__
-*
-
-
-
-
-In the three next sections the configuration variables to each of the PGP
-versions will be explained. The fourth section will explain how to modify
-the variables if you use more than one PGP version.
-
-
-(1)
- as ''Mutt'' requires to type the passphrase every
-time you want to sign or select the receipts if you want to encrypt, it
-may be unconvenient to set this variable. Possibly you may want to unset
-this variable. This is specially true encrypting messages, as you don't
-have all the public keys of the message receipts.
-
-
-(2)
- depending on the number of messages that we sign or
-decrypt, we would like to maintain the pass phrase in cache memory more or
-less time. This option avoid you from type the pass phrase each time you
-sign a new message or decrypt an incoming message. __Warning:__
-maintaining the pass phrase in cache memory is not secure, specially in
-network connected systems.
-
-
-(3)
- this is only necesary with the key that we use to
-sign. When the key is selected from the compose menu, ''Mutt'' will
-calculate the algoritm.
-
-
-
-
-!! 6.3 PGP2 configuration variables
-
-
-
-To use PGP2 with ''Mutt-i'' you need to add the following lines to the
-~/mutt.varios/.gnupgp.mutt file:
-
-
-
-
-
-set pgp_default_version=pgp2
-set pgp_key_version=default
-set pgp_receive_version=default
-set pgp_send_version=default
-set pgp_sign_micalg=pgp-md5
-set pgp_v2=/usr/bin/pgp
-set pgp_v2_pubring=~/.pgp/pubring.pgp
-set pgp_v2_secring=~/.pgp/secring.pgp
-
-
-
-
-As you know, the ~/.pgp/pubring.pgp and secring.pgp
-files must exist. More information on PGP2 with the man pgp command.
-
-
-
-
-!! 6.4 PGP5 configuration variables
-
-
-
-To use PGP5 with ''Mutt-i'' you need to add the following lines to the
-~/mutt.varios/.gnupgp.mutt file:
-
-
-
-
-
-set pgp_default_version=pgp5
-set pgp_key_version=default
-set pgp_receive_version=default
-set pgp_send_version=default
-set pgp_sign_micalg=pgp-sha1
-set pgp_v5=/usr/bin/pgp
-set pgp_v5_pubring=~/.pgp/pubring.pkr
-set pgp_v5_secring=~/.pgp/secring.skr
-
-
-
-
-As you know, the ~/.pgp/pubring.pkr and secring.pkr
-files must exist. More information on PGP 5 with the man pgp5
-command.
-
-
-
-
-!! 6.5 GnuPG configuration variables
-
-
-
-To use ''GnuPG'' with ''Mutt-i'' you need to add the following lines to
-the ~/mutt.varios/.gnupgp.mutt file:
-
-
-
-
-
-set pgp_default_version=gpg
-set pgp_key_version=default
-set pgp_receive_version=default
-set pgp_send_version=default
-set pgp_sign_micalg=pgp-sha1
-set pgp_gpg=/usr/bin/gpg
-set pgp_gpg_pubring=~/.gnupg/pubring.gpg
-set pgp_gpg_secring=~/.gnupg/secring.gpg
-
-
-
-
-As you know, the ~/.gnupg/pubring.gpg and secring.gpg
-files must exist. More information on GnuPG with the man gpg.gnupg,
-man gpgm, and man gpg commands.
-
-
-
-
-!! 6.6 Mixed configuration variables
-
-
-
-If you want to use more than one PGP software you need to modify some of
-the variables that we have commented previously. Really, it is only to
-remove the redundant version variables.
-
-
-If, for example, you want to use GnuPG as the default signing tool, all
-menu commands in ''Mutt'' to use GnuPG/PGP would call to this program to
-the signing, decrypting, encrypting, verifying, etc... operations
-To do that you must set the configuration variable $set_pgp_default __once__, so:
-
-
-
-
-
-set pgp_default_version=gpg
-
-
-
-
-now, to use the all three programs, the
-~/mutt.varios/.gnupgp.mutt file could be like this:
-
-
-
-
-
-set pgp_default_version=gpg # default version to use
-set pgp_key_version=default # default key to use
-# in this case, gnupg defines it
-set pgp_receive_version=default # default version to decrypt will be the default
-set pgp_send_version=default # version defined in the first line (gpg)
-set pgp_gpg=/usr/bin/gpg # where to find the GnuPG binary
-set pgp_gpg_pubring=~/.gnupg/pubring.gpg # public key file to GnuPG
-set pgp_gpg_secring=~/.gnupg/secring.gpg # secret key file to GnuPG
-set pgp_v2=/usr/bin/pgp # where to find the PGP2 binary
-set pgp_v2_pubring=~/.pgp/pubring.pgp # public key file to PGP2
-set pgp_v2_secring=~/.pgp/secring.pgp # secret key file to PGP2
-set pgp_v5=/usr/bin/pgp # where to find the PGP5 binary
-set pgp_v5_pubring=~/.pgp/pubring.pkr # public key file to PGP5
-set pgp_v5_secring=~/.pgp/secring.skr # secret key file to PGP5
-
-
-
-
-
-----
-
-!!7. Interesting Macros for Mutt
-
-
-''Mutt'' is highly configurable and its working mode can be modified in a
-very flexible manner if the configuration variables inside .muttrc
-are well configured.
-
-
-Here you can see some macros that help you to generate signed messages
-avoiding the ''PGP/MIME'' standard, to send it to receipts that don't
-support this type of signed messages following the ''PGP/MIME''
-standard, and to edit the alias file and reload it without exiting
-''Mutt'' (this last macro is not related to ''PGP/GnuPG'', it is
-presented only as an example to show the macro power in ''Mutt'').
-
-
-It is possible to tell Mutt the key bindings you want to use with
-''PGP/GnuPG''. Even when some of this options are yet configured, we
-can change it or add others easily modifiying the configuration file.
-
-
-
-
-!! 7.1 Signing on the message body without using PGP/MIME with PGP5
-
-
-
-Before existing ''PGP/MIME'', the signature in a message was included
-in the message body. This is a very common form of sending signed messages
-in many mail user agents.
-
-
-If we want to sign like this, we have two options, leave the ''MIME''
-type of the message or modify it as application/pgp.
-
-
-To implement this two forms of signing in ''Mutt'', we will add the
-following lines to the ~/mutt.varios/mutt.macros file.
-Previously, we have to set this option file path in the .muttrc main
-configuration file (see
-Optional configuration files):
-
-
-
-
-
-macro compose \Cp "F/usr/bin/pgps\ny"
-macro compose S "F/usr/bin/pgps\ny^T^Uapplication/pgp; format=text; x-action=sign\n"
-
-
-
-
-and now, pressing <Ctrl>p or S we can include the
-signature into the message part that has the cursor on it, just before
-send the message.
-
-
-
-
-!! 7.2 Signing on the message body without using PGP/MIME with GnuPG
-
-
-
-As in the previous case, but with GnuPG. The macros are:
-
-
-
-
-
-macro compose \CP "Fgpg --clearsign\ny"
-macro compose \CS "Fgpg --clearsign\ny^T^Uapplication/pgp; format=text; x-action=sign\n"
-
-
-
-
-
-
-!!7.3 Modifying the alias file and reloading it
-
-
-
-With this macro included in ~/mutt.varios/macros.mutt you
-can edit with ''vi'' (changing the line you can use other editor) the
-alias file without exiting ''Mutt'' pressing <Alt>a.
-
-
-
-
-
-macro index \ea "!vi ~/Mail/.alias\n:source =.alias\n"
-
-
-
-
-
-
-!!7.4 More macro examples
-
-
-
-The next listing has been obtained from Roland Rosenfeld and it shows
-macros to change the default signing/encrypting software and to sign
-without PGP/MIME with GnuPG:
-
-
-
-
-
-# ~/Mail/.muttrc.macros
-# keyboard configuration file for Mutt-i
-# copied, modified and translated from the original:
-#
-################################################################
-# The ultimative Key-Bindings for Mutt #
-# #
-# (c) 1997-1999 Roland Rosenfeld <roland@spinnaker.rhein.de> #
-# #
-# $ Id: keybind,v 1.36 1999/02/20 19:36:28 roland Exp roland $ #
-################################################################
-#
-# To use it, add the next line to ~/.muttrc:
-# source ~/Mail/.muttrc.macros
-#
-# Generic keybindings
-# (for all the Mutt menus, except the pager!)
-# With the next three we can change the encrypting default selected software:
-# <ESC>1 to use GnuPG
-macro generic \e1 ":set pgp_default_version=gpg ?pgp_default_version\n"\
-"Switch to GNU-PG"
-# <ESC>2 to use PGP2
-macro generic \e2 ":set pgp_default_version=pgp2 ?pgp_default_version\n"\
-"Switch to PGP 2.*"
-# <ESC>5 to use PGP5
-macro generic \e5 ":set pgp_default_version=pgp5 ?pgp_default_version\n"\
-"Switch to PGP 5.*"
-#NOTE: Be careful with the last backspace at the end of the previous
-macros. If you write that line and the next in the same line, do not write
-it.
-# index, !OpMain, MENU_MAIN
-# (Main menu)
-# The next macro only runs from the main menu (the one that appears when
-# you starts Mutt). The keys <CTRL>K permit us to extract the public keys
-# from a message if it has (this is known because it has the K letter in
-# the message line):
-macro pager \Ck ":set pipe_decode pgp_key_version=pgp2\n\e\ek:set pgp_key_version=pgp5\n\e\ek:set pgp_key_version=gpg\n\e\ek:set pgp_key_version=default nopipe_decode\n"\ "Extract PGP keys to PGP2, PGP 5, and GnuPG keyrings"
-# pager, !OpPager, MENU_PAGER
-# (Pager menu)
-# It permits the same operations that previous, with the same key combinations,
-# but in this case from the pager menu:
-macro pager \e1 ":set pgp_default_version=gpg ?pgp_default_version\n"\
-"switch to GNUPG"
-macro pager \e2 ":set pgp_default_version=pgp2 ?pgp_default_version\n"\
-"switch to PGP 2.*"
-macro pager \e5 ":set pgp_default_version=pgp5 ?pgp_default_version\n"\
-"switch to PGP 5.*"
-# compose, !OpCompose+!OpGerneric, MENU_COMPOSE
-# (Compose menu)
-# The next operations are used from the compose menu.
-# That is, after you have composed your message and you close it to send it,
-# just before pressing the "Y" key that allows us to send it to the MTA.
-# In this case, we create a menu that appears when you press "P".
-# The options in this menu are going to be bound to MENU_PGP. This are the
-# main use options (encryption and signing).
-bind compose p pgp-menu
-# As many programs can't use PGP/MIME (especially from M$), the <CTRL>P key
-# will allow us to sign "as in the old times" (Application/PGP):
-macro compose \CP "Fgpg --clearsign\ny"
-# The next, <CTRL>S will allow us to sign using PGP/MIME with the private key
-# that we have defined as default. This macro is not necesary, as we can
-# do the same from the "P" menu:
-macro compose \CS "Fgpg --clearsign\ny^T^Uapplication/pgp; format=text; x-action=sign\n"
-
-
-
-
-You can add more macros, and some other are yet configured as default in
-newer versions of Mutt. Some other options include:
-
-
-
-
-
-*<CTRL>K (extract public keys from a message)
-*
-
-*<ESC>K (adjunt a public key to a message)
-*
-
-*<CTRL>F (when using the key phrase to sign or decrypt a message, it is still in memory. With this you can delete it from memory)
-*
-
-*etc...
-*
-
-
-
-To see what other options are activated, you must go to the help menu (?)
-from the menu where you were.
-
-
-
-----
-
-!!8. Procmail notes and tips
-
-!! 8.1 Configuring Procmail to send automatically your public keys
-
-
-
-As this is not the objetive of this Howto, we will comment that the
-securest way to get the public key from anybody is that he gives it to us
-directly by hand.
-
-
-As many times this is not an easy method (how long they are) the people
-can send the public key by electronic mail, or searching it in a key
-server, but none of those methods assure that the obtained key is really
-from whom it seems to be. If you use other communication media considered
-"secure" (searching the owner in the phone listing and asking
-him to read his key "fingerprint" to contrast with the fingerprint from
-the key we have obtained from the non-secure path).
-
-
-What we are going to see is a "tip" to put into the .procmailrc
-from the Procmail mail processor to get back automatically your publick
-key to the remitent when you get a message with a determined text in the
-Subject line:
-
-
-
-
-
-:0 h
-* ^Subject:
[[
]+\/(|send)[[ ]+key pub\>.*
-| mutt -s "Re: $MATCH" `formail -rtzxTo:` </clau/mykey.asc
-
-
-
-
-What it is said in the previous paragraph is: we have a copy in ASCII of
-our public key, in any directory (in this case the /clau
-directory) in a file named mykey.asc; when procmail gets a
-message that include "send key pub" in the Subject: line, send
-the file to the remitent.
-
-
-IMPORTANT: what you have between the brackets is __an space__ and
-__a tab__.
-
-
-
-
-!! 8.2 Verify and decrypt automatically messages without PGP/MIME
-
-
-
-When you receive a signed message that uses PGP/MIME and you open it with
-your preferred MUA (Mutt, isn't it?), it recognizes the message as
-PGP/MIME and checks the signature if you have the remitent public key.
-These messages are the ones that have the "S" in the first part of the
-message line in Mutt:
-
-
-
-
-
-36 S 05/09 Andres Seco Her ( 12K) Al fin
-
-
-
-
-while the encrypted messages have the "P":
-
-
-
-
-
-12 P 03/24 Andres Seco Her (6,3K) Re: FW: Re: Mutt - pgp/gnupg
-
-
-
-
-But if the message is signed and has the "application/pgp"
-MIME type, when you open it Mutt doesn't check its sign, and this sign is
-into the message body, as
here:
-
-
-
-
-
------BEGIN PGP SIGNED MESSAGE-----
-Date: Tue, 25 May 1999 13:04:26 +0200
-From: La Corporacioacuten <bill@reboot.com>
-Subject: Actualizacioacuten S.O.
-To: Sufrido Usuario <pepe@casa.es>
-Sufrido usuario:
-le comunicamos que puede usted adquirir la uacuteltima actualizacioacuten del
-programa O.E. con la adquisicioacuten de nuestro sistema operativo reboot99
-por el moacutedico precio de ... etc.
------BEGIN PGP SIGNATURE-----
-Version: 2.6.3ia
-Charset: noconv
-iKBGNpUBX0235VapRBUy1KklAQGl9wQA3SBMio0bbbajHAnyKMOlx3tcgNG7/UVC
-AbqXcUnyGGOo13Nbas95G34Fee3wsXIFo1obEfgiRzqPzZPLWoZdAnyTlZyTwCHe
-6ifVpLTuaXvcn9/76rXoI6u9svN2cqHCgHuNASKHaK9034uq81PSdW4QdGLgLoeB
-vnGmxE+tGg32=
-=Xidf
------END PGP SIGNATURE-----
-
-
-
-
-To verify it, you must save it and use the command line. But, it is
-possible to convert this MIME messages type with ''Procmail'' to allow
-''Mutt'' to recognize it as ''PGP/MIME''. You only need to add this
-to .procmailrc:
-
-
-
-
-
-:
-* !^Content-Type: message/
-* !^Content-Type: multipart/
-* !^Content-Type: application/pgp
-{
-:0 fBw
-* ^-----BEGIN PGP MESSAGE-----
-* ^-----END PGP MESSAGE-----
-| formail \
--i "Content-Type: application/pgp; format=text; x-action=encrypt"
-:0 fBw
-* ^-----BEGIN PGP SIGNED MESSAGE-----
-* ^-----BEGIN PGP SIGNATURE-----
-* ^-----END PGP SIGNATURE-----
-| formail \
--i "Content-Type: application/pgp; format=text; x-action=sign"
-}
-
-
-
-
-As you can see, this is valid to signed messages and to encrypted messages
-with application/pgp.
-
-
-
-
-!!8.3 Change MIME type for messages with keys inside without PGP/MIME
-
-
-
-When you receive a public key block from a non ''PGP/MIME'' compliant
-MUA, you must save the message body in your disk and then insert it into
-your public key ring, but, including this lines into your .procmailrc
-file, you can include it directly from mutt.
-
-
-
-
-
-:0 fBw
-* ^-----BEGIN PGP PUBLIC KEY BLOCK-----
-* ^-----END PGP PUBLIC KEY BLOCK-----
-| formail -i "Content-Type: application/pgp-keys; format=text;"
-
-
-
-
-Thanks to Denis Alan for this procmail note.
-
-
-
-----
-
-!!9. Interchanging signed/encrypted messages with different MUAs and platforms
-
-
-In the first days, the PGP sign was included inside the text to sign.
-Later, it was included the application/pgp MIME type to show that
-the next attach was the sign or the encrypted PGP message, and finally,
-with the PGP/MIME specification, it was possible to isolate the sign from
-the original affected, to not modify absolutelly and somebody that didn't
-have PGP could view the message as it was originally (only for signed
-messages), without any added text in the beginning or in the end from PGP.
-
-
-The actual situation is that only a few mail user agents (MUAs) are
-capable to integrate PGP to use the PGP/MIME standard, and it is necesary
-to send messages using the old time PGP sign when you know that the
-recipient doesn't recognize PGP/MIME.
-
-
-In Linux, the available mail user agents that are PGP/MIME compliant are
-mutt-i and pine. In Windows, only the Eudora mail client versions 3.x and
-4.x can use PGP/MIME. If you know any other mail user agent that supports
-it, tell us by mail, to include it here.
-
-
-
-----
-
-!!10. Programs and versions used
-
-
-To write this document we have used the next Mutt versions:
-
-
-
-
-
-*Mutt .93i - you can not use GnuPG with this version.
-*
-
-*Mutt .95.3i - all PGP and GnuPG versions can be used.
-*
-
-
-
-And the next PGP and GnuPG versions:
-
-
-
-
-
-*PGPi 5.
-*
-
-*GnuPG .4.3
-*
-
-*GnuPG .9.4
-*
-
-
-
-
-----
-
-!!11. More information
-
-
-The original documentation from where this document has been obtained can
-be found in the man pages from "mutt", "pgp", "pgp5", "gnupg", "procmail",
-in the respectives directories in /usr/doc and in the world wide web
-sites:
-
-
-
-
-
-*Mutt Official Home Page -
-http://www.mutt.org
-*
-
-*GnuPG Main Page -
-http://www.gnupg.org
-*
-
-*PGP International Page -
-http://www.pgpi.com
-*
-
-*Procmail Official Home Page -
-http://www.procmail.org
-*
-
-
-
-The recommendations (request for comments, RFC) that are referenced in
-this document are:
-
-
-
-
-
-*1847 - Security Multiparts for MIME: Multipart/signed and Multipart/encripted
-*
-
-*1848 - MIME Object Security Services
-*
-
-*1991 - PGP Message Exchange Formats
-*
-
-*2015 - MIME Security with Pretty Good Privacy (PGP)
-*
-
-*2440 - OpenPGP Message Format
-*
-
-
-
-and can be found in /usr/doc/doc-rfc and in various sites in the world
-wide web, like
-http://metalab.unc.edu and
-http://nic.mil. You can get information from RFCs in
-RFC-INFO@ISI
.EDU
-
-
-----
+Describe
[HowToMuttGnuPGPGPHOWTO
] here.
