[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: (mutt gpg thread)

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 13 Sep 2000, William Jensen wrote:

> I did some experimenting with my .muttrc since a couple of people have
> reported they could not read my posts.  My work (windows) outlook was
> the destination for my emails.  When I had set pgp_create_traditional
> in my .muttrc and signed a message (no encrypt just sign) it came into
> the outlook as an attachment of msg.pgp with nothing else but that.  
> Now, when I took out set pgp_create_ traditional and resent the same
> message (signed but not encrypted) it was received fine.

I was one of the people having problems with mutt/gpg, and I believe the
recipient of the suggestion to use pgp_create_traditional.  There are
major problems with either method, actually, to which I've found no
solutions.

If you use pgp_create_traditional, there is a single pgp signed message
attachment, as you saw.  The MIME type of this attachment is
Application/PGP, which no mail reader will actually display.  However, if
you save this attachment as a file and open it in an editor, you'll see
that it's plain text.  This makes me think that the mime type should be
set to something that a mail reader will display.

The problem with not using pgp_create_traditional is that the doesn't
appear to be any way to verify the signature aside from using mutt to read
the mail.  Being on windows at work you probably don't have any way to see
this problem for yourself (because you probably don't have gpg to try
verifying the sig).  I've tried numerous things to try getting around
this, but nothing works.  Saving all the attachments, including the key,
and running 
gpg --verify <keyfile> <attachment1>..<attachment n> 
is supposed to work, but every time I've done this I've been told by gpg
that the key was BAD.  I've even tried using mutt itself to save the
attachments, thinking that maybe my mail reader was doing something to the
message content, but it didn't even work there.

> I cannot remember who advocated using pgp_create_traditional but it
> evidently doesn't work if your signing and sending mail to a windows
> user or, from what another users sent me offline a 'older pine' also
> could not read it.

Even the latest version of pine can't see it.  It's really just a matter
of the MIME type being set to something that *shouldn't* be displayed
(Application/PGP).  You could conceiviably ask every recipient of your
messages to edit their MIME database and change that mime type, but I
don't think that's very reasonable.

> Now, if I'm just mistaken or not understanding something about
> pgp_create_traditional, could someone enlighten me?
> 

pgp_create_traditional is doing the right thing.  The message is signed in
the old format, with the "BEGIN PGP MESSAGE"..."END PGP
MESSAGE" or something like that.  The problem is that mutt is attaching it
as type Application/PGP, even if you tell gpg to ASCII-armor the message,
which turns it into ASCII text...

Noah

 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBOcDWbYdCcpBjGWoFAQGnKgQAny+KMoc5VHohK+YLxsDgjh/BEBJvT996
s0wO+Le90A/F2AfQB+lWR+9tkT+4+Ls43soElW5Wh+lJli/0GUoDS2Z9UxcF0rQH
arMj2esUh1AY09vCVFuxu+eQhe1EEvmVGmnCaVXryAjmG7oSYliQKgjzAYMTdlg9
HFHVbrP8N/E=
=81lN
-----END PGP SIGNATURE-----
Reply to: