> signature is indeed verified.. Okay...
> And then there is an attachment (as seen from Outlook 'ATT00076.dat' > which has : You're using Outlook as your reference? > So how can we have this embedded in the body of the mail itself ? Uh... Most folks *don't* want that in the body of the mail itself. But you can force it; try adding the following to your muttrc: auto_view application/pgp-signature And then add the following to your mailcap: application/pgp-signature; cat %s; copiousoutput > and have the name of the file attachment changed to 'signature.asc' You don't want to do this. See the mailing list archives for the full discussion of why mutt doesn't specify a filename (hint: it's not really a file, it's part of the MIME structure). > When you send a mail, I can see in the body: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > .... > > > -----BEGIN PGP SIGNATURE----- > ... > -----END PGP SIGNATURE----- > > I would like to have the same format..in the body of the mail itself Ahhhh, I see. You want old-style signatures. Add the following to your muttrc: set pgp_autoinline=yes Generally, though, old-style signatures (which I use for this mailing list, because I'm often assisting people with broken email clients or configurations) have some pretty severe drawbacks. For example, it's impossible to sign your attachments, or to deal with non-ASCII email (there are some hacks, but they're unreliable workarounds for dealing with broken clients and are only applicable to specific ASCII-like character sets). As another example, the email that I'm replying to included some bits that looked like the old-style signatures, but were invalid. Email clients that attempt to verify old-style signatures will take one look at that and scream "FORGED EMAIL!!!!!", and may refuse to display your email at all. You cannot include that kind of data in the body of your email and use old-style signatures, otherwise your message risks being considered corrupt by savvy email clients (I had to jump through a few hoops in order to make mutt display your corrupt message). Thankfully, most pgp programs will try to prevent you from doing stupid things like that, and will mangle your messages in order to prevent invalid messages. But my point stands. With the exception of mailing lists where I may be dealing with people with broken mail clients (such as this one), I recommend avoiding that old style of PGP signature. It's intrusive and not very capable. PGP/MIME (the newer style of PGP signature) is MUCH better, and neatly avoids all those problems. The only reason I use them for this list is because some ancient versions of Outlook Express get confused by the PGP/MIME signature and refuse to display the message (which is idiotic, but that's Microsoft for you), but whenever I have to send something in a non-ASCII character set, I switch back to PGP/MIME. ~Kyle