Re: PGP and Mutt

To: debian-user <debian-user@lists.debian.org>
Subject: Re: PGP and Mutt
From: kmself@ix.netcom.com
Date: Sat, 9 Sep 2000 22:47:15 -0700
Message-id: <[🔎] 20000909224715.C24501@ix.netcom.com>
In-reply-to: <[🔎] Pine.LNX.4.21.0009091246290.1883-100000@spider.noah>; from frodo@morgul.net on Sat, Sep 09, 2000 at 12:57:44PM -0400
References: <[🔎] 20000908193831.D11378@ix.netcom.com> <[🔎] Pine.LNX.4.21.0009091246290.1883-100000@spider.noah>

On Sat, Sep 09, 2000 at 12:57:44PM -0400, Noah L. Meyerhans (frodo@morgul.net) wrote:

> On Fri, 8 Sep 2000 kmself@ix.netcom.com wrote:
> 
> > If it helps, my .muttrc is attached.  Note that I've got gpg, not
> > pgp, installed.  I'd recommend you use the same.  There is only one
> > tag in my muttrc which appears relevant, that's the "pgp_autosign"
> > hook.
> > 
> 
> I've got a bit of a followup question.  It's regarding verifying or
> decrypting signed or encrypted messages.  I'm having a horrible time
> getting valid signatures from messages that are signed by mutt's
> built-in gpg/pgp support.
> 
> Say I'm using one of the many mailers that doesn't support gpg
> integration, so I need to save the message and key to disk and use gpg
> manually to check the signatures.  What parts of the message are
> signed, though???  for example, in Karsten's email, there were 3
> message sections: the text, the attached .muttrc, and the gpg sig.  

The signature applies to the entire contents, including attachments, of
the message.  So you have verification that I was the person who wrote
and signed all parts of the mail.  Makes more sense that way, no?

> So I save the message and key to my home dir, download the key, and
> run gpg on the key.  It asks me for the file name, which I provide.
> To this it responds that they signature is invalid.

Hmm...  The entire message or just the text?

> I've been trying to send myself signed message with the same results.
> I've read mutt's included docs, which didn't help me at all.  Have you
> got any suggestions???
> 
> I must say, the old style of handling pgp/gpg with the inline sigs and
> stuff worked much better for me.  What are the advantages of sending
> the key as an attachment instead of inline?

Well, as an example, a signed message with MIME components shows up as
signed, and I'm told that the signature is valid and known, the sig is
valid but unknown, or that the signature is invalid.  Automajickally. 

For your message, I have to pipe the mail through GPG to verify it, eg:
in mutt:

    |	# mutt -- pipe message
    gpg --verify

-- 
Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Opensales, Inc.                    http://www.opensales.org
  What part of "Gestalt" don't you understand?   Debian GNU/Linux rocks!
   http://gestalt-system.sourceforge.net/    K5: http://www.kuro5hin.org
GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0

Attachment: pgpvINpxluBLm.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: PGP and Mutt
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

References:
- Re: PGP and Mutt
  - From: kmself@ix.netcom.com
- Re: PGP and Mutt
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

Prev by Date: XF68_FBDev
Next by Date: Re: System sees only 65M of memory
Previous by thread: Re: PGP and Mutt
Next by thread: Re: PGP and Mutt
Index(es):
- Date
- Thread