<<< Date Index >>>     <<< Thread Index >>>

Re: config file



> signature is indeed verified..

Okay...

> And then there is an attachment (as seen from Outlook 'ATT00076.dat'
> which has :

You're using Outlook as your reference?

> So how can we have this embedded in the body of the mail itself ?

Uh... Most folks *don't* want that in the body of the mail itself. But 
you can force it; try adding the following to your muttrc:

     auto_view application/pgp-signature

And then add the following to your mailcap:

     application/pgp-signature; cat %s; copiousoutput

> and have the name of the file attachment changed to  'signature.asc'

You don't want to do this. See the mailing list archives for the full 
discussion of why mutt doesn't specify a filename (hint: it's not 
really a file, it's part of the MIME structure).

> When you send a mail, I can see in the body:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> ....
> 
> 
> -----BEGIN PGP SIGNATURE-----
> ...
> -----END PGP SIGNATURE-----
> 
> I would like to have the same format..in the body of the mail itself 

Ahhhh, I see. You want old-style signatures. Add the following to your 
muttrc:

     set pgp_autoinline=yes

Generally, though, old-style signatures (which I use for this mailing 
list, because I'm often assisting people with broken email clients or 
configurations) have some pretty severe drawbacks. For example, it's 
impossible to sign your attachments, or to deal with non-ASCII email 
(there are some hacks, but they're unreliable workarounds for dealing 
with broken clients and are only applicable to specific ASCII-like 
character sets). As another example, the email that I'm replying to 
included some bits that looked like the old-style signatures, but were 
invalid. Email clients that attempt to verify old-style signatures 
will take one look at that and scream "FORGED EMAIL!!!!!", and may 
refuse to display your email at all. You cannot include that kind of 
data in the body of your email and use old-style signatures, otherwise 
your message risks being considered corrupt by savvy email clients (I 
had to jump through a few hoops in order to make mutt display your 
corrupt message). Thankfully, most pgp programs will try to prevent 
you from doing stupid things like that, and will mangle your messages 
in order to prevent invalid messages. But my point stands.

With the exception of mailing lists where I may be dealing with people 
with broken mail clients (such as this one), I recommend avoiding that 
old style of PGP signature. It's intrusive and not very capable. 
PGP/MIME (the newer style of PGP signature) is MUCH better, and neatly 
avoids all those problems.

The only reason I use them for this list is because some ancient 
versions of Outlook Express get confused by the PGP/MIME signature and 
refuse to display the message (which is idiotic, but that's Microsoft 
for you), but whenever I have to send something in a non-ASCII 
character set, I switch back to PGP/MIME.

~Kyle