Re: SSL encrypts for recipients only
- To: mutt-users@xxxxxxxx
- Subject: Re: SSL encrypts for recipients only
- From: Kyle Wheeler <kyle-mutt@xxxxxxxxxxxxxx>
- Date: Thu, 16 Jul 2009 21:41:42 -0500
- Comment: DomainKeys? See http://domainkeys.sourceforge.net/
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=memoryhole.net; h=date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to; s=default; bh=Q7l7awEB3uWayXwFqxsKg4tShx0=; b=mkai nou0qrSXwIA6FpK3TQ8/Fmpa25pGhhsyL0U/hF3XcylG37BFwGJZCxkcEoh+x0gi h7WrnprGyHlQbtR8IpQB2QnbtO7jwPi1fiRCFUn/kF1fU94VORwIUvNPo4hAvdAe 34ufNCZUUK9RnIx9Pg8wDGoXnRkYyHqI74kjs4o=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=memoryhole.net; b=mws8EE/wDs9Jls+jy6z3u9h/0X/lq06Ks66aRg0Zrr9URcoxGqZFm22L1DifnmPt3TsXcJXFzQteqRtF6YhP0oJ7e0LelSQvAuZernzzjupwjXe7LuSKHwevDZiWRcHD/cf88D7PK6bNPobeF/fFx3DsvARgWqTfKq1eNLF2wFc=; h=Received:Received:Date:From:To:Subject:Message-ID:Mail-Followup-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:OpenPGP:User-Agent;
- In-reply-to: <20090716222425.GA18231@xxxxxxxxxx>
- List-post: <mailto:mutt-users@mutt.org>
- List-unsubscribe: send mail to majordomo@mutt.org, body only "unsubscribe mutt-users"
- Mail-followup-to: mutt-users@xxxxxxxx
- Openpgp: id=CA8E235E; url=http://www.memoryhole.net/~kyle/kyle-pgp.asc; preference=signencrypt
- References: <20090716222425.GA18231@xxxxxxxxxx>
- Sender: owner-mutt-users@xxxxxxxx
- User-agent: Mutt/1.5.20 (2009-07-07)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Friday, July 17 at 12:24 AM, quoth Bertram Scharpf:
> Yet, there's one thing I miss: When given an Fcc field, this
> recipient (myself) will not be included in the list handed over to
> openssl.
Well, the FCC is not, strictly speaking, a recipient. It's a mailbox,
which doesn't have an implicit identity. (I know that's kinda
obvious.)
> The "%c" specifier in the smime_encrypt_command variable expands to
> the key referred to by <bertram_alt@xxxxxxxxxxx> but not to the one
> referred to by <bertram@xxxxxxxxxxx> additionally.
It's not clear in the manual, I know, but %c essentially means
"recipient certificate ID(s)". Since the sender (and Fcc) is not a
recipient, it's not included there.
It doesn't look like there's an easy way to do this, but essentially
you need to change $smime_encrypt_command to include your own address
in the list of target addresses. For example, try adding %k after %c
(I don't use SMIME, so I can't test this).
> The consequence is that I cannot read the message any more after I
> submitted it. I would like to call this a bug.
It's not a bug, it's intentional behavior. *You* decided to encrypt
it, and *you* decided who the recipients are. It is incorrect behavior
for mutt to assume you also want it to be encrypted with a key you did
not specify. Imagine, for example, that your sender's key has been
cracked but your recipient's key has not. By assuming you wanted to
encrypt with both keys, mutt has nullified the effect of the
encryption.
> It could be solved by appending the key file belonging to the From
> field in case the Fcc field is not empty.
There's nothing that says the FCC has to belong to the sender.
The way this is handled in on the pgp side of things is by adding
"encrypt-to myid" to the gnupg.conf file.
Personally (I use PGP encryption), I find that $fcc_clear does what I
want. Since I keep the private key in the same place as I keep my sent
mail, encryption wouldn't be particularly secure *anyway*.
~Kyle
- --
Man has the right to act in conscience and in freedom so as personally
to make moral decisions. "He must not be forced to act contrary to his
conscience. Nor must he be prevented from acting according to his
conscience, especially in religious matters."
-- Catholic Catechism 1782
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!
iQIcBAEBCAAGBQJKX+TlAAoJECuveozR/AWeCSoP/RthJJhyc1Ya/iE0aFlR6EWK
z2DHrv0ZOXbiEVlP1/7a1I7aVpNOOft8qT8qzRyqoTBILzxU9vHkwPWGKMr7WZ8N
ITOWcFizjkiEegiQn7QrosZb6ksvGNcPM+oFlKDHK7AbuC6ub5rlKu7xcsWpWYFb
yXiXrs/FdTEOYuLhuoCpdk8IgW5FqIzStJUPEGVPPOImS7p4uOyezfyOZhE8UW1c
ovzyfkKqCbkwKhxMdgBqmgjjj6pNKJa2aVJ3PoNIwSvUyIKsVCfHLwoK545pTdxl
TlsabVvuMjK/StNJduUBHMQLNqqurhsla/SSD8lbuvX5WpUBo1OJV2y9hmNqJBFP
6LyjNTeg2yfsitgvpBhXxG55vimV/fuc6EYG0irZwQtg6ji2fH0882T2dl4rhYW2
FlnAgLiw2Dk9cGZ38ZTv0MHszcQBI9KI0TOL7yVzkpdm85V1PfuQLBSC3c1gSNwI
mg3RFGK6cpCbHEmFbKVOkOyjj3yqOcvvPGVQT8kKy+Qcek3BBhQeKIdk5bdK0WqC
NrTUJuUEQmdmnxsz1qoVey5JMGtz++A8jImy1GWCzHBawdg6vCJ65ULqKY/YPAgc
wr8bw8RDgDr+X+tvHmTAaMlFoOgzWrOx96bXOP10UzVjUmtG7Jv2MFGnuQtKQM7D
CFszpDihPBHGi13OMNGC
=GBlU
-----END PGP SIGNATURE-----