GPG and Mutt Help Needed

Thomas Stivers stivers_t at tomass.dyndns.org
Fri Sep 17 14:14:10 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Sep 17 2004 at 10:00:04AM -0400, Janina Sajka wrote:
> I need some help with my GPG configuration in Mutt. I think I have it
> working mostly. The rest might even be just a misunderstanding on my
> part about how it should work.

Congratulations.

> I have successfully created a key pair for myself and submitted to the
> key servers.

Sounds good, just remember to stay away from keyserver.net" key servers
as they are widely known to be broken. somthing like "subkeys.pbp.net"
is probably your best bet.

> I believe my outgoing mail is being signed. If I haven't sent a message
> for some time, I'm prompted for my pass phrase. That all sounds right.

Well this message wasn't signed, but maybe you meant it that way. You'll
probably want to use old style inline signing most of the time or the
outlook express users will howl about attachments. To do this use "set
pgp_create_traditional=yes" in your .muttrc.

> And, when I receive mail I can even get messages about whether the
> signature in the incoming message can be trusted, or not. 

I have a handy script which I use as mutts display_filter which gets rid
of all the verbose pgp messages so you just get the verification on the
status line unless you togle the messages back on. Let me know if you
want this.

> Alt-E always works, and Ctrl-K never does, in other words. All I get
> from Ctrl-K is:
> 
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
> Press any key to continue...
> 
> Do I misunderstand? Shouldn't Ctrl-K extract the key in the email? And,
> do what with it exactly? I guess that's where I'm confused. Shouldn't it
> validate the key against the email address with one of the keyservers?

A signed message doesn't have the key in it, just a signature. You have
to retriev the key from the key server.

> Or, do I have to go add each individual by hand to my keyring? Euch.
> Argyh. Hope not.

Nope you don't have to do that, putting a line like the following in
your .gnupg/gpg.conf or .gnupg/options file (whichever you have) will
tell gpg to get keys it doesn't have automatically.

keyserver-options auto-key-retrieve

Also if you don't already have it you probably want a line in there
defining your default keyserver.

keyserver subkeys.pgp.net

This should have you up and running.

HTH

- -- 
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan

Thomas Stivers	e-mail: stivers_t at tomass.dyndns.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBSyly5JK61UXLur0RAsFBAJ9iaq5wcMpym8554Wuaa5YGADhGBwCfUYaW
6QbGDxxrl32b0GF0kvCA+PY=
=X948
-----END PGP SIGNATURE-----




More information about the Speakup mailing list