  Mutt-i, GnuPG and PGP Howto
  Andrs Seco AndresSH@ctv.es and J.Horacio M.G.
  homega@ciberia.es
  v1.2, February 2000

  This document briefly explains how to configure _M_u_t_t_-_i, _P_G_P and _G_n_u_P_G
  in its diferents versions (2.6.x, 5.x and GnuPG), noting the common
  problems that can occur while sending signed or encrypted mail to be
  read by mail clients not PGP/MIME compliants as defined in RFC2015 and
  in other operating systems. It also includes an example of procmail
  configuration to send the public keys automatically to received e-
  mails asking for it, as a key servers does.
  ______________________________________________________________________

  Table of Contents


  1. Introduction

  2. Copyright and discharge of responsability

  3. Sending mail to and receiving mail from the internet

  4. Mutt configuration

  5. PGP and GnuPG

     5.1 PGP2
     5.2 PGP5
     5.3 GnuPG

  6. PGP and Mutt integration

     6.1 Optional configuration files
     6.2 General Configuration Variables
     6.3 PGP2 configuration variables
     6.4 PGP5 configuration variables
     6.5 GnuPG configuration variables
     6.6 Mixed configuration variables

  7. Interesting Macros for Mutt

     7.1 Signing on the message body without using PGP/MIME with PGP5
     7.2 Signing on the message body without using PGP/MIME with GnuPG
     7.3 Modifying the alias file and reloading it
     7.4 More macro examples

  8. Procmail notes and tips

     8.1 Configuring Procmail to send automatically your public keys
     8.2 Verify and decrypt automatically messages without PGP/MIME
     8.3 Change MIME type for messages with keys inside without PGP/MIME

  9. Interchanging signed/encrypted messages with different MUAs and platforms

  10. Programs and versions used

  11. More information



  ______________________________________________________________________




  11..  IInnttrroodduuccttiioonn

  This document explains how to configure _M_u_t_t_-_i, _P_G_P and _G_n_u_P_G in its
  diferents versions (2.6.x, 5.x and GnuPG) to quickly start using a
  mail reader with encryption and digital signing capabilities.

  For this purpose, example configuration files will be included to help
  you starting with it. To obtain maximum performance and to use all the
  features of the programs that we will be using, it will be necesary to
  read its documentation and to reconfigure the example files.

  Also, some problems derived from not using RFC2015 about PGP/MIME by
  many mail user agents in Linux and other operating systems will be
  comented.

  An aditional procmail configuration example will be showed to enable
  our mail client to send a public key on request.

  This document has been translated from the Spanish original by Andrs
  Seco AndresSH@ctv.es, and revised and corrected by Jordi Mallach Prez
  jordi-sd@softhome.net and J.Horacio M.G. homega@ciberia.es. It was
  finished in October 1999. We would like to thanks Roland Rosenfeld
  roland@spinnaker.de, Christophe Pernod xtof.pernod@wanadoo.fr, Denis
  Alan Hainsworth denis@cs.brandeis.edu and Angel Carrasco
  acarrasco@jet.es for their corrections and suggestions.


  22..  CCooppyyrriigghhtt aanndd ddiisscchhaarrggee ooff rreessppoonnssaabbiilliittyy

  This document is copyright (C) 1999 Andres Seco and J.Horacio M.G.,
  and it's free. You can distribute it under the terms of the GGNNUU
  GGeenneerraall PPuubblliicc LLiicceennssee, which you can get at
  http://www.gnu.org/copyleft/gpl.html. You can get unofficial
  translated issues somewhere in the internet, as well as the Spanish
  translated copy at http://visar.csustan.edu/~carlos/gpl-es.html or
  Lucas http://www.lucas.org.

  Information and other contents in this document are the best of our
  knowledge. However, we may have make errors. So you should determine
  if you want to follow the instructions given in this document.

  Nobody is responsible for any damage in your computers and any other
  loss derived from the use of the information contained herein.

  THE AUTHORS AND MAINTAINERS ARE NOT RESPONSIBLE FOR ANY DAMAGE
  INCURRED DUE TO ACTIONS TAKEN BASED ON INFORMATION CONTAINED IN THIS
  DOCUMENT.

  Of course, we are open to all type of suggestions and corrections on
  the content of this document.


  33..  SSeennddiinngg mmaaiill ttoo aanndd rreecceeiivviinngg mmaaiill ffrroomm tthhee iinntteerrnneett

  This document does not deal with exchanging mail messages between
  local machine and other nodes (inside a local area network or over the
  internet). This exchange should be carried out by messages transfer
  agents (MTAs) such as sendmail http://www.sendmail.org, qmail
  http://www.qmail.org, exim http://www.exim.org, smail
  ftp://ftp.planix.com/pub/Smail, etc.

  In this document it is presupposed that this method of send/receive
  messages outside of the local computer is already installed and
  working in a correct way. If you can send a message and read your mail
  with the mail command from the command line in your computer,

       $ mail -s <subject> <user@domain.net>
       write here the text, and finish with an alone point in the next line
       .


  you must have installed any type of MTA that is doing the messages
  transfer. In other way, you can get documentation about setting it up
  in the manual pages of _s_m_a_i_l:


       $ man smail


  or the MTA that you have, and _f_e_t_c_h_m_a_i_l:


       $ man fetchmail


  or in other similar document that makes reference to those programs.


  44..  MMuutttt ccoonnffiigguurraattiioonn

  Next file is a valid example to start using _M_u_t_t in a basic way,
  including paths for alias file, sent messages and postponed messages.
  You can further personalize it attending to the _M_u_t_t manual
  indications and /usr/doc/mutt/ or /usr/doc/mutt-i/.

  Simple example of ~/.muttrc:



       set folder=~/Mail
       set alias_file=.alias
       set postponed=.postponed
       set record=SendMessages
       set signature=.signature
       my_hdr From: Name Surname <Name@domain.com>
       source =.alias




  It is necesary that the directory ~/Mail exists, that is the one that
  appears as an "equal to" sign in the configuration file .muttrc (that
  is, =.alias is to _M_u_t_t as ~/Mail/.alias, and =.postponed is to _M_u_t_t
  ~/Mail/.postponed). Nevertheless it is possible to have these files in
  another directory provided we indicate the complete path in ~/.muttrc,
  and we have the necesary permissions to work in this directory.

  It is also necesary to personalize the my_hdr line with the name and
  electronic mail address you need. In the ~/Mail/.signature file you
  caninclude the signature that will appear in all the messages that are
  sent.

  This configuration file can end up being made very big, so it is
  common to separate some of its commands in different files. For the
  time being, the _P_G_P or _G_n_u_P_G configuration lines are easily
  detachable, and the keyboard macros that we will personalize. To do
  that, it will be necesary to add the following lines to the ~/.muttrc
  file:




  source = ~/Mail/.mutt.macros
  source = ~/Mail/.gnupgp.mutt




  and to use the ~/Mail/.mutt.macros and ~/Mail/.gnupgp.mutt files to
  put in them the keyboard macros and the _P_G_P or _G_n_u_P_G configuration
  that are commented forward.

  To get a more extensive and complete information over the use and
  configuration of _M_u_t_t, and about advanced features, see the Mutt
  manual http://www.mutt.org.


  55..  PPGGPP aanndd GGnnuuPPGG

  To use anyone of the versions of _P_G_P with _M_u_t_t_-_i, first it will be
  necesary to configure _P_G_P properly in the way that the public keys
  file (public keys ring) and the private keys file (private keys ring)
  will exist. It is convenient to previously test PGP from the command
  line to assure that it signs and encrypt correctly.

  Remember that the _P_G_P versions that exist for _U_n_i_x are 2.6.3(i) and
  5.0(i), that we call PPGGPP22 and PPGGPP55 respectively forward. GGnnuuPPGG is a
  new encrypt system, being developed in these days, in an advanced
  state of development, open source and free, in many aspects better
  than PPGGPP (see GnuPG mini howto http://www.dewinter.com/gnupg_howto).

  We will also clarify that _P_G_P, as being a program developed in the US,
  is restricted by certain exporting laws about programs that include
  cryptographic code; this is the reason for the existance of an
  international version to almost all binary versions, and it is noted
  with the "ii" letter (ppggpp -- ppggppii).


  55..11..  PPGGPP22

  _P_G_P_2 generates keys with the RSA http://www.rsa.com,algorithm and it
  uses IDEA http://www.ascom.ch as the encryption algorithm. Both are
  propietary algorithms and its use is restricted by its respectives
  patents.

  To run it correctly, you must have it installed, as well as having a
  directory called ~/.pgp, containing the configuration file pgp-i.conf
  and the private and public keys rings files, pubring.pgp and
  secring.pgp respectively.


  55..22..  PPGGPP55

  The keys generated by _P_G_P_5 are DDSSSS//DDHH (Digital Signature Standard /
  Diffie-Helman). PGP5 uses CCAASSTT, TTrriippllee--DDEESS, and IIDDEEAA as encrypt
  algorithms. PGP5 can work with encrypted or signed data with _R_S_A
  (PGP2), and use that keys to sign or encrypt (with the keys generated
  with PGP2, because PGP5 can not generate that type of keys). In the
  other hand, PGP2 can not use the _D_S_S_/_D_H keys from PGP5; this creates
  incompatibility problems, because many users continue using PGP2 with
  _U_n_i_x_/_L_i_n_u_x.

  To run PGP5 correctly, in the ~/.pgp directory you will have the
  public and private key rings (pubring.pkr and secring.skr
  respectively), and the configuration file pgp.cfg.

  In the case that you have installed the both versions of _P_G_P (PGP2
  installed and configured before PGP5), we will create the
  configuration file ~/.pgp/pgp.cfg of PGP5 as a simbolic link to the
  ~/.pgp/pgp-i.conf configuration file,


       ~/.pgp$ ln -s pgp-i.conf pgp.cfg


  adding the following lines at the end of the file ~/.pgp/pgp-i.conf:



       PubRing = "~/.pgp/pubring.pkr"
       SecRing = "~/.pgp/secring.skr"
       RandSeed = "~/.pgp/randseed.bin"




  The files with the keys rings of the different versions can cohexist
  without any problem in the same directory.


  55..33..  GGnnuuPPGG

  GGnnuuPPGG is a program with the same functions that the previous. The
  difference with _P_G_P, _G_n_u_P_G do not uses algorithms with restrictive
  patents. _P_G_P is free for personal uses but not comercial jobs and its
  development is closed. _G_n_u_P_G is free to be used in any job and it is
  open source, as our favorite operating system (also its implementation
  and development is made mainly in _L_i_n_u_x).

  The keys generated by _G_n_u_P_G are of the type DDSSAA//EEllGGaammaall (_D_i_g_i_t_a_l
  _S_i_g_n_a_t_u_r_e _A_l_g_o_r_i_t_h_m, also known as _D_S_S). Is totaly compatible with
  _P_G_P, except with the use of restricted patents algorithms _R_S_A and
  _I_D_E_A. Anyway, it is posible to implement certain compatibility with
  that (see GnuPG mini howto http://www.dewinter.com/gnupg_howto to get
  it interacting with PGP2 and PGP5).


  66..  PPGGPP aanndd MMuutttt iinntteeggrraattiioonn

  The operation to carry out in the outgoing messages (sign, encrypt or
  both) is chosen exactly before presing "y" to send the message, inside
  the option menu that is visible with the "p" option. Once you have
  choosen the operation to carry out, only the line _P_G_P in the message
  header showed in the screen will change, but until you send the
  message with "y" you won't be asked to insert the pass phrase to
  activate the sign of the message or the public keys to use to encrypt
  in the case that no receptors were found in our public keys ring.

  NNOOTTEE:: In the case that the pass phrase was mistyped when it was asked
  for, _M_u_t_t seems to be "hung", but that's not true, it is waiting for
  it to be retyped. To do this, push the <Enter> key and delete the pass
  phrase from memory with <Ctrl>F. Next we repeat the message sending
  with ("y") and retype the pass phrase.

  Through this procedure, _M_u_t_t will use _P_G_P_/_M_I_M_E to send the message,
  and one more file will appear in the list of files to be sent with the
  sign (if we only select to sign) or it will encrypt the complete
  message (all its _M_I_M_E parts) and it will only leave two MIME parts,
  the first with the PGP/MIME version and the second with the encrypted
  message (with all its MIME parts inside) and signed (if we selected to
  do it).

  NNoottee:: By some reasons, if the receptor mail user agent can not use
  _M_I_M_E, we may need that the sign will be included inside the message
  body. See section about _a_p_p_l_i_c_a_t_i_o_n_/_p_g_p with ``PGP5'' and with
  ``GnuPG''.

  _M_u_t_t will try to verify the sign or decrypt automatically the incoming
  messages that use _P_G_P_/_M_I_M_E. See section ``Procmail notes and tips'',
  in which it is commented how to change the _M_I_M_E type automatically to
  the incoming messages that do not set its _M_I_M_E type correctly.


  66..11..  OOppttiioonnaall ccoonnffiigguurraattiioonn ffiilleess

  In the next sections you can find modifications to the _M_u_t_t
  configuration file to use ``PGP2'', ``PGP5'', and ``GnuPG'' easily.

  To do that, a new configuration file that we called .gnupgp.mutt
  (that's our name, you can call it any other name setting the name of
  this file into the main configuration file ~/.muttrc).

  This can be done including the complete path (its location) of the
  configuration file .gnupgp.mutt, in a line at the end of the ~/.muttrc
  file. The directory in which we put this and other optional
  configuration files can be anywhere, if we have correct permissions
  (in a previous section we included it inside the ~/Mail/) directory,
  or any other inside our home directory, with any name:


       ~$ mkdir mutt.varios


  in which we copy (or create) the optional configuration file
  .gnupgp.mutt, and next we set the origin of this file in the .muttrc
  file with the source command, like the following:



       source ~/mutt.varios/.gnupgp.mutt




  Now _M_u_t_t will accept configuration variables in .gnupgp.mutt as if it
  were in .muttrc directly.

  This method is a good way to avoid having a very big, unsorted
  configuration file, and can be used to set any other group of
  configuration variables in other separate file. For example, as
  before, if we use _v_i_m as the default editor in _M_u_t_t, we can tell to
  .muttrc to use a different configuration file .vimrc that we use when
  using _v_i_m from the command line. First, copy ~/.vimrc to our optional
  configuration files directory ~/mutt.varios/ and set it with other
  name (ex.  vim.mutt):


       $ cd /home/user ~$ cp .vimrc mutt.varios/vim.mutt


  next change the configuration variables that we want to be different
  in _v_i_m as the _M_u_t_t editor, and finally modify .muttrc to reflect this
  change:



       set editor="/usr/bin/vim -u ~/mutt.varios/vim.mutt"



  With this last line we are setting Mutt to use an external editor,
  _V_i_m, with the needed configuration options.


  66..22..  GGeenneerraall CCoonnffiigguurraattiioonn VVaarriiaabblleess

  There are some variables that we will use globally with the three
  public key encrypt programs with _M_u_t_t. These variables are boolean,
  and can be sseett (activated) or uunnsseett (deactivated).

  In the configuration file (~/.muttrc, or ~/mutt.varios/.gnupgp.mutt,
  or whatever you use), the sign (##) is a comment and will be ignored.
  So, we will use it from here in advance to comment each variable:


     uunnsseett ppggpp__aauuttoossiiggnn
        # if this variables is set, _M_u_t_t will ask to sign all the
        # outbound messages. ``(1)''


     uunnsseett ppggpp__aauuttooeennccrryypptt
        # if this variable is set, _M_u_t_t will ask to encrypt all the
        # outbound messages. ``(1)''


     sseett ppggpp__eennccrryyppttsseellff
        # save an encrypted copy of all sent messages that we want to
        encrypt
        # (need the general configuration variable set copy=yes).


     sseett ppggpp__rreeppllyyssiiggnn
        # when you answer a signed message, the response message will be
        # signed too.


     sseett ppggpp__rreeppllyyeennccrryypptt
        # when you answer an encrypted message, the response message
        # will be encrypted too.


     sseett ppggpp__vveerriiffyy__ssiigg==yyeess
        # Do you want to automatically verify incoming signed messages?
        # Of course!


     sseett ppggpp__ttiimmeeoouutt==<<nn>>
        # delete pass phrase from the memory cache <n> seconds
        # after typing it.``(2)''


     sseett ppggpp__ssiiggnn__aass==
     # what key do you want to use to sign outgoing messages?
     # NNoottee:: it is posible to set it to the user id, but
     # this can be confuse if you have the same user id with different
     keys.


     sseett ppggpp__ssttrriicctt__eenncc
     # use "quoted-printable" when PGP requires it.


     uunnsseett ppggpp__lloonngg__iiddss
     # Do not use 64 bits key ids, use 32 bits key ids.


     sseett ppggpp__ssiiggnn__mmiiccaallgg==<<ssoommee>>
     # message integrity check algorithm, where
     # <some> is something from the next:``(3)''


     +o
     ppggpp--mmddaa55
     to RSA keys

     +o
     ppggpp--sshhaa11
     to DSS (DSA) keys

     +o
     ppggpp--rrmmdd116600

  In the three next sections the configuration variables to each of the
  PGP versions will be explained. The fourth section will explain how to
  modify the variables if you use more than one PGP version.

  (1) as _M_u_t_t requires to type the passphrase every time you want to
  sign or select the receipts if you want to encrypt, it may be
  unconvenient to set this variable. Possibly you may want to unset this
  variable. This is specially true encrypting messages, as you don't
  have all the public keys of the message receipts.

  (2) depending on the number of messages that we sign or decrypt, we
  would like to maintain the pass phrase in cache memory more or less
  time. This option avoid you from type the pass phrase each time you
  sign a new message or decrypt an incoming message. WWaarrnniinngg::
  maintaining the pass phrase in cache memory is not secure, specially
  in network connected systems.

  (3) this is only necesary with the key that we use to sign. When the
  key is selected from the compose menu, _M_u_t_t will calculate the
  algoritm.


  66..33..  PPGGPP22 ccoonnffiigguurraattiioonn vvaarriiaabblleess

  To use PGP2 with _M_u_t_t_-_i you need to add the following lines to the
  ~/mutt.varios/.gnupgp.mutt file:



       set pgp_default_version=pgp2
       set pgp_key_version=default
       set pgp_receive_version=default
       set pgp_send_version=default
       set pgp_sign_micalg=pgp-md5
       set pgp_v2=/usr/bin/pgp
       set pgp_v2_pubring=~/.pgp/pubring.pgp
       set pgp_v2_secring=~/.pgp/secring.pgp




  As you know, the ~/.pgp/pubring.pgp and secring.pgp files must exist.
  More information on PGP2 with the man pgp command.


  66..44..  PPGGPP55 ccoonnffiigguurraattiioonn vvaarriiaabblleess

  To use PGP5 with _M_u_t_t_-_i you need to add the following lines to the
  ~/mutt.varios/.gnupgp.mutt file:

       set pgp_default_version=pgp5
       set pgp_key_version=default
       set pgp_receive_version=default
       set pgp_send_version=default
       set pgp_sign_micalg=pgp-sha1
       set pgp_v5=/usr/bin/pgp
       set pgp_v5_pubring=~/.pgp/pubring.pkr
       set pgp_v5_secring=~/.pgp/secring.skr




  As you know, the ~/.pgp/pubring.pkr and secring.pkr files must exist.
  More information on PGP 5 with the man pgp5 command.


  66..55..  GGnnuuPPGG ccoonnffiigguurraattiioonn vvaarriiaabblleess

  To use _G_n_u_P_G with _M_u_t_t_-_i you need to add the following lines to the
  ~/mutt.varios/.gnupgp.mutt file:



       set pgp_default_version=gpg
       set pgp_key_version=default
       set pgp_receive_version=default
       set pgp_send_version=default
       set pgp_sign_micalg=pgp-sha1
       set pgp_gpg=/usr/bin/gpg
       set pgp_gpg_pubring=~/.gnupg/pubring.gpg
       set pgp_gpg_secring=~/.gnupg/secring.gpg




  As you know, the ~/.gnupg/pubring.gpg and secring.gpg files must
  exist. More information on GnuPG with the man gpg.gnupg, man gpgm, and
  man gpg commands.


  66..66..  MMiixxeedd ccoonnffiigguurraattiioonn vvaarriiaabblleess

  If you want to use more than one PGP software you need to modify some
  of the variables that we have commented previously. Really, it is only
  to remove the redundant version variables.

  If, for example, you want to use GnuPG as the default signing tool,
  all menu commands in _M_u_t_t to use GnuPG/PGP would call to this program
  to the signing, decrypting, encrypting, verifying, etc... operations
  To do that you must set the configuration variable $set_pgp_default
  oonnccee, so:



       set pgp_default_version=gpg




  now, to use the all three programs, the ~/mutt.varios/.gnupgp.mutt
  file could be like this:





  set pgp_default_version=gpg     # default version to use

  set pgp_key_version=default     # default key to use
                                  # in this case, gnupg defines it

  set pgp_receive_version=default # default version to decrypt will be the default
  set pgp_send_version=default    # version defined in the first line (gpg)

  set pgp_gpg=/usr/bin/gpg        # where to find the GnuPG binary
  set pgp_gpg_pubring=~/.gnupg/pubring.gpg        # public key file to GnuPG
  set pgp_gpg_secring=~/.gnupg/secring.gpg        # secret key file to GnuPG

  set pgp_v2=/usr/bin/pgp         # where to find the PGP2 binary
  set pgp_v2_pubring=~/.pgp/pubring.pgp           # public key file to PGP2
  set pgp_v2_secring=~/.pgp/secring.pgp           # secret key file to PGP2

  set pgp_v5=/usr/bin/pgp         # where to find the PGP5 binary
  set pgp_v5_pubring=~/.pgp/pubring.pkr           # public key file to PGP5
  set pgp_v5_secring=~/.pgp/secring.skr           # secret key file to PGP5





  77..  IInntteerreessttiinngg MMaaccrrooss ffoorr MMuutttt

  _M_u_t_t is highly configurable and its working mode can be modified in a
  very flexible manner if the configuration variables inside .muttrc are
  well configured.

  Here you can see some macros that help you to generate signed messages
  avoiding the _P_G_P_/_M_I_M_E standard, to send it to receipts that don't
  support this type of signed messages following the _P_G_P_/_M_I_M_E standard,
  and to edit the alias file and reload it without exiting _M_u_t_t (this
  last macro is not related to _P_G_P_/_G_n_u_P_G, it is presented only as an
  example to show the macro power in _M_u_t_t).

  It is possible to tell Mutt the key bindings you want to use with
  _P_G_P_/_G_n_u_P_G. Even when some of this options are yet configured, we can
  change it or add others easily modifiying the configuration file.


  77..11..  SSiiggnniinngg oonn tthhee mmeessssaaggee bbooddyy wwiitthhoouutt uussiinngg PPGGPP//MMIIMMEE wwiitthh PPGGPP55

  Before existing _P_G_P_/_M_I_M_E, the signature in a message was included in
  the message body. This is a very common form of sending signed
  messages in many mail user agents.

  If we want to sign like this, we have two options, leave the _M_I_M_E type
  of the message or modify it as application/pgp.

  To implement this two forms of signing in _M_u_t_t, we will add the
  following lines to the ~/mutt.varios/mutt.macros file.  Previously, we
  have to set this option file path in the .muttrc main configuration
  file (see ``Optional configuration files''):



       macro   compose \Cp    "F/usr/bin/pgps\ny"
       macro   compose S       "F/usr/bin/pgps\ny^T^Uapplication/pgp; format=text; x-action=sign\n"




  and now, pressing <Ctrl>p or S we can include the signature into the
  message part that has the cursor on it, just before send the message.
  77..22..  SSiiggnniinngg oonn tthhee mmeessssaaggee bbooddyy wwiitthhoouutt uussiinngg PPGGPP//MMIIMMEE wwiitthh GGnnuuPPGG

  As in the previous case, but with GnuPG. The macros are:



       macro   compose \CP    "Fgpg --clearsign\ny"
       macro   compose \CS    "Fgpg --clearsign\ny^T^Uapplication/pgp; format=text; x-action=sign\n"





  77..33..  MMooddiiffyyiinngg tthhee aalliiaass ffiillee aanndd rreellooaaddiinngg iitt

  With this macro included in ~/mutt.varios/macros.mutt you can edit
  with _v_i (changing the line you can use other editor) the alias file
  without exiting _M_u_t_t pressing <Alt>a.



       macro   index   \ea    "!vi ~/Mail/.alias\n:source =.alias\n"





  77..44..  MMoorree mmaaccrroo eexxaammpplleess

  The next listing has been obtained from Roland Rosenfeld and it shows
  macros to change the default signing/encrypting software and to sign
  without PGP/MIME with GnuPG:


































  # ~/Mail/.muttrc.macros
  # keyboard configuration file for Mutt-i
  # copied, modified and translated from the original:
  #
  ################################################################
  # The ultimative Key-Bindings for Mutt                         #
  #                                                              #
  # (c) 1997-1999 Roland Rosenfeld <roland@spinnaker.rhein.de>   #
  #                                                              #
  # $ Id: keybind,v 1.36 1999/02/20 19:36:28 roland Exp roland $ #
  ################################################################
  #
  # To use it, add the next line to ~/.muttrc:
  # source ~/Mail/.muttrc.macros
  #

  # Generic keybindings
  # (for all the Mutt menus, except the pager!)
  # With the next three we can change the encrypting default selected software:

  # <ESC>1 to use GnuPG
  macro   generic \e1     ":set pgp_default_version=gpg ?pgp_default_version\n"\
  "Switch to GNU-PG"

  # <ESC>2 to use PGP2
  macro   generic \e2     ":set pgp_default_version=pgp2 ?pgp_default_version\n"\
  "Switch to PGP 2.*"

  # <ESC>5 to use PGP5
  macro   generic \e5     ":set pgp_default_version=pgp5 ?pgp_default_version\n"\
  "Switch to PGP 5.*"

  #NOTE: Be careful with the last backspace at the end of the previous
  macros. If you write that line and the next in the same line, do not write
  it.

  # index, OpMain, MENU_MAIN
  # (Main menu)
  # The next macro only runs from the main menu (the one that appears when
  # you starts Mutt). The keys <CTRL>K permit us to extract the public keys
  # from a message if it has (this is known because it has the K letter in
  # the message line):

  macro  pager   \Ck     ":set pipe_decode pgp_key_version=pgp2\n\e\ek:set pgp_key_version=pgp5\n\e\ek:set pgp_key_version=gpg\n\e\ek:set pgp_key_version=default nopipe_decode\n"\ "Extract PGP keys to PGP2, PGP 5, and GnuPG keyrings"


  # pager, OpPager, MENU_PAGER
  # (Pager menu)
  # It permits the same operations that previous, with the same key combinations,
  # but in this case from the pager menu:

  macro   pager   \e1     ":set pgp_default_version=gpg ?pgp_default_version\n"\
  "switch to GNUPG"

  macro   pager   \e2     ":set pgp_default_version=pgp2 ?pgp_default_version\n"\
  "switch to PGP 2.*"

  macro   pager   \e5     ":set pgp_default_version=pgp5 ?pgp_default_version\n"\
  "switch to PGP 5.*"


  # compose, OpCompose+OpGerneric, MENU_COMPOSE
  # (Compose menu)
  # The next operations are used from the compose menu.
  # That is, after you have composed your message and you close it to send it,
  # just before pressing the "Y" key that allows us to send it to the MTA.
  # In this case, we create a menu that appears when you press "P".
  # The options in this menu are going to be bound to MENU_PGP. This are the
  # main use options (encryption and signing).

  bind    compose p       pgp-menu

  # As many programs can't use PGP/MIME (especially from M$), the <CTRL>P key
  # will allow us to sign "as in the old times" (Application/PGP):

  macro   compose \CP    "Fgpg --clearsign\ny"

  # The next, <CTRL>S will allow us to sign using PGP/MIME with the private key
  # that we have defined as default. This macro is not necesary, as we can
  # do the same from the "P" menu:
  macro   compose \CS    "Fgpg --clearsign\ny^T^Uapplication/pgp; format=text; x-action=sign\n"




  You can add more macros, and some other are yet configured as default
  in newer versions of Mutt. Some other options include:


  +o  <CTRL>K (extract public keys from a message)

  +o  <ESC>K (adjunt a public key to a message)

  +o  <CTRL>F (when using the key phrase to sign or decrypt a message, it
     is still in memory. With this you can delete it from memory)

  +o  etc...

  To see what other options are activated, you must go to the help menu
  (?)  from the menu where you were.


  88..  PPrrooccmmaaiill nnootteess aanndd ttiippss

  88..11..  CCoonnffiigguurriinngg PPrrooccmmaaiill ttoo sseenndd aauuttoommaattiiccaallllyy yyoouurr ppuubblliicc kkeeyyss

  As this is not the objetive of this Howto, we will comment that the
  securest way to get the public key from anybody is that he gives it to
  us directly by hand.

  As many times this is not an easy method (how long they are) the
  people can send the public key by electronic mail, or searching it in
  a key server, but none of those methods assure that the obtained key
  is really from whom it seems to be. If you use other communication
  media considered "secure" (searching the owner in the phone listing
  and asking him to read his key "fingerprint" to contrast with the
  fingerprint from the key we have obtained from the non-secure path).

  What we are going to see is a "tip" to put into the .procmailrc from
  the Procmail mail processor to get back automatically your publick key
  to the remitent when you get a message with a determined text in the
  Subject line:



       :0 h
       * ^Subject:[    ]+\/(|send)[   ]+key pub\>.*
       | mutt -s "Re: $MATCH" `formail -rtzxTo:` </clau/mykey.asc




  What it is said in the previous paragraph is: we have a copy in ASCII
  of our public key, in any directory (in this case the /clau directory)
  in a file named mykey.asc; when procmail gets a message that include
  "send key pub" in the Subject: line, send the file to the remitent.

  IMPORTANT: what you have between the brackets is aann ssppaaccee and aa ttaabb.


  88..22..  VVeerriiffyy aanndd ddeeccrryypptt aauuttoommaattiiccaallllyy mmeessssaaggeess wwiitthhoouutt PPGGPP//MMIIMMEE

  When you receive a signed message that uses PGP/MIME and you open it
  with your preferred MUA (Mutt, isn't it?), it recognizes the message
  as PGP/MIME and checks the signature if you have the remitent public
  key.  These messages are the ones that have the "S" in the first part
  of the message line in Mutt:



       36  S  05/09 Andres Seco Her ( 12K) Al fin




  while the encrypted messages have the "P":



       12  P  03/24 Andres Seco Her (6,3K) Re: FW: Re: Mutt - pgp/gnupg




  But if the message is signed and has the "application/pgp" MIME type,
  when you open it Mutt doesn't check its sign, and this sign is into
  the message body, as here:



       -----BEGIN PGP SIGNED MESSAGE-----

       Date: Tue, 25 May 1999 13:04:26 +0200
       From: La Corporacin <bill@reboot.com>
       Subject: Actualizacin S.O.
       To: Sufrido Usuario <pepe@casa.es>


       Sufrido usuario:

       le comunicamos que puede usted adquirir la ltima actualizacin del
       programa O.E. con la adquisicin de nuestro sistema operativo reboot99
       por el mdico precio de ... etc.


       -----BEGIN PGP SIGNATURE-----
       Version: 2.6.3ia
       Charset: noconv

       iKBGNpUBX0235VapRBUy1KklAQGl9wQA3SBMio0bbbajHAnyKMOlx3tcgNG7/UVC
       AbqXcUnyGGOo13Nbas95G34Fee3wsXIFo1obEfgiRzqPzZPLWoZdAnyTlZyTwCHe
       6ifVpLTuaXvcn9/76rXoI6u9svN2cqHCgHuNASKHaK9034uq81PSdW4QdGLgLoeB
       vnGmxE+tGg32=
       =Xidf
       -----END PGP SIGNATURE-----



  To verify it, you must save it and use the command line. But, it is
  possible to convert this MIME messages type with _P_r_o_c_m_a_i_l to allow
  _M_u_t_t to recognize it as _P_G_P_/_M_I_M_E. You only need to add this to
  .procmailrc:



       :0
       * !^Content-Type: message/
       * !^Content-Type: multipart/
       * !^Content-Type: application/pgp
       {
           :0 fBw
           * ^-----BEGIN PGP MESSAGE-----
           * ^-----END PGP MESSAGE-----
           | formail \
               -i "Content-Type: application/pgp; format=text; x-action=encrypt"

           :0 fBw
           * ^-----BEGIN PGP SIGNED MESSAGE-----
           * ^-----BEGIN PGP SIGNATURE-----
           * ^-----END PGP SIGNATURE-----
           | formail \
               -i "Content-Type: application/pgp; format=text; x-action=sign"
       }




  As you can see, this is valid to signed messages and to encrypted
  messages with application/pgp.


  88..33..  CChhaannggee MMIIMMEE ttyyppee ffoorr mmeessssaaggeess wwiitthh kkeeyyss iinnssiiddee wwiitthhoouutt PPGGPP//MMIIMMEE

  When you receive a public key block from a non _P_G_P_/_M_I_M_E compliant MUA,
  you must save the message body in your disk and then insert it into
  your public key ring, but, including this lines into your .procmailrc
  file, you can include it directly from mutt.



           :0 fBw
           * ^-----BEGIN PGP PUBLIC KEY BLOCK-----
           * ^-----END PGP PUBLIC KEY BLOCK-----
           | formail -i "Content-Type: application/pgp-keys; format=text;"




  Thanks to Denis Alan for this procmail note.


  99..  IInntteerrcchhaannggiinngg ssiiggnneedd//eennccrryypptteedd mmeessssaaggeess wwiitthh ddiiffffeerreenntt MMUUAAss aanndd
  ppllaattffoorrmmss

  In the first days, the PGP sign was included inside the text to sign.
  Later, it was included the application/pgp MIME type to show that the
  next attach was the sign or the encrypted PGP message, and finally,
  with the PGP/MIME specification, it was possible to isolate the sign
  from the original affected, to not modify absolutelly and somebody
  that didn't have PGP could view the message as it was originally (only
  for signed messages), without any added text in the beginning or in
  the end from PGP.


  The actual situation is that only a few mail user agents (MUAs) are
  capable to integrate PGP to use the PGP/MIME standard, and it is
  necesary to send messages using the old time PGP sign when you know
  that the recipient doesn't recognize PGP/MIME.

  In Linux, the available mail user agents that are PGP/MIME compliant
  are mutt-i and pine. In Windows, only the Eudora mail client versions
  3.x and 4.x can use PGP/MIME. If you know any other mail user agent
  that supports it, tell us by mail, to include it here.


  1100..  PPrrooggrraammss aanndd vveerrssiioonnss uusseedd

  To write this document we have used the next Mutt versions:


  +o  Mutt 0.93i - you can not use GnuPG with this version.

  +o  Mutt 0.95.3i - all PGP and GnuPG versions can be used.

  And the next PGP and GnuPG versions:


  +o  PGPi 5.0

  +o  GnuPG 0.4.3

  +o  GnuPG 0.9.4


  1111..  MMoorree iinnffoorrmmaattiioonn

  The original documentation from where this document has been obtained
  can be found in the man pages from "mutt", "pgp", "pgp5", "gnupg",
  "procmail", in the respectives directories in /usr/doc and in the
  world wide web sites:


  +o  Mutt Official Home Page - http://www.mutt.org

  +o  GnuPG Main Page - http://www.gnupg.org

  +o  PGP International Page - http://www.pgpi.com

  +o  Procmail Official Home Page - http://www.procmail.org

  The recommendations (request for comments, RFC) that are referenced in
  this document are:


  +o  1847 - Security Multiparts for MIME: Multipart/signed and
     Multipart/encripted

  +o  1848 - MIME Object Security Services

  +o  1991 - PGP Message Exchange Formats

  +o  2015 - MIME Security with Pretty Good Privacy (PGP)

  +o  2440 - OpenPGP Message Format

  and can be found in /usr/doc/doc-rfc and in various sites in the world
  wide web, like http://metalab.unc.edu and http://nic.mil. You can get
  information from RFCs in RFC-INFO@ISI.EDU




































































