> signature is indeed verified..
Okay...
> And then there is an attachment (as seen from Outlook 'ATT00076.dat'
> which has :
You're using Outlook as your reference?
> So how can we have this embedded in the body of the mail itself ?
Uh... Most folks *don't* want that in the body of the mail itself. But
you can force it; try adding the following to your muttrc:
auto_view application/pgp-signature
And then add the following to your mailcap:
application/pgp-signature; cat %s; copiousoutput
> and have the name of the file attachment changed to 'signature.asc'
You don't want to do this. See the mailing list archives for the full
discussion of why mutt doesn't specify a filename (hint: it's not
really a file, it's part of the MIME structure).
> When you send a mail, I can see in the body:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> ....
>
>
> -----BEGIN PGP SIGNATURE-----
> ...
> -----END PGP SIGNATURE-----
>
> I would like to have the same format..in the body of the mail itself
Ahhhh, I see. You want old-style signatures. Add the following to your
muttrc:
set pgp_autoinline=yes
Generally, though, old-style signatures (which I use for this mailing
list, because I'm often assisting people with broken email clients or
configurations) have some pretty severe drawbacks. For example, it's
impossible to sign your attachments, or to deal with non-ASCII email
(there are some hacks, but they're unreliable workarounds for dealing
with broken clients and are only applicable to specific ASCII-like
character sets). As another example, the email that I'm replying to
included some bits that looked like the old-style signatures, but were
invalid. Email clients that attempt to verify old-style signatures
will take one look at that and scream "FORGED EMAIL!!!!!", and may
refuse to display your email at all. You cannot include that kind of
data in the body of your email and use old-style signatures, otherwise
your message risks being considered corrupt by savvy email clients (I
had to jump through a few hoops in order to make mutt display your
corrupt message). Thankfully, most pgp programs will try to prevent
you from doing stupid things like that, and will mangle your messages
in order to prevent invalid messages. But my point stands.
With the exception of mailing lists where I may be dealing with people
with broken mail clients (such as this one), I recommend avoiding that
old style of PGP signature. It's intrusive and not very capable.
PGP/MIME (the newer style of PGP signature) is MUCH better, and neatly
avoids all those problems.
The only reason I use them for this list is because some ancient
versions of Outlook Express get confused by the PGP/MIME signature and
refuse to display the message (which is idiotic, but that's Microsoft
for you), but whenever I have to send something in a non-ASCII
character set, I switch back to PGP/MIME.
~Kyle
