On Tue Apr 25, 2000 at 03:37:50PM +0300, Martti Rahkila muttered:
> Hi all,
>
> a question regarding Mutt and PGP-signing:
>
> Is there a command to send messages as signed
> and not as clearsigned ?
>
> (pgp commands pgp -sa, not pgp -sta,
> gpg commands --sign, not --clearsign)
>
> The difference is that even though I normally
> want to send clearsigned messages (plaintext that is),
> I also want to send signed messages so that the message
> is in ascii-armored, encrypted form.
>
> Here's what I do know:
> 1) I can make the signed messages separately and send
> them as attachments
> 2) with Mutt 1.1.11i I can define the pgp/gpg-commands
> myself, but sending signed instead of clearsigned
> would be of wrong mime-type or otherwise incorrect
> format, right?
>
> What does PGP/MIME say about this?
I'll answer myself :-)
PGP/MIME (RFC 2015) seems to be quite old and does not
mention this type of messages at all.
I also did some experimenting: basically, signing is
encrypting using one's own secret key so that anyone
can decrypt the message using the public key. So, I
tried to use Mutt's encrypt-command with my own secret
key. No luck, though: gpg is too smart and uses the
public key if called with --encrypt.
So, I guess I could do it with Mutt 1.1.11i by
sourcing new gpg-settings (encrypt-command as
--sign instead if --encrypt). In that case,
the signed message would be sent as encrypted
message, which may cause problems when receiving
it: after all, decryption is normally done with
one's secret key with passphrase dialog.
Therefore, it seems that the only way to do
ascii-armored, signed (not clearsigned) messages
is to
1) sign message separately
2) insert it into message body
3) advice receivers to pipe the message to pgp/gpg.
This is not a practical solution :-(
Does anyone know, if there's any work going on
with creating this kind of signed messages or
are there (non-standard) solutions to this
problem?
Thanks,
--
Martti Rahkila
- yet another (happy) Mutt-user
[EMAIL PROTECTED]
