Mutt's GNUpg signing.

Todd Freedom_Lover at pobox.com
Tue Nov 11 17:39:43 CET 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Theo v. Werkhoven wrote:
> just a short question to people that can hopefully tell me.  On one
> of the mailinglist I visit some users raised doubth about the
> validity of the way Mutt here signs my mails with gpg.  The list in
> question does not accept any attachements, so I clearsign my mails,
> but some MUA's appearently can't read the message, they just see the
> signature data.

Some MUA's suck.  That they can't see it doesn't necessarily mean that
there's anything wrong with the way you're signing.

That said, you appear to be using mutt 1.4 (and FYI, there's a minor
update, 1.4.1 which fixes an IMAP security problem).  When you
clearsign messages with that version of mutt, it sets the content-type
as application/pgp.  Many many MUA's don't know what to do with this
content-type.  There are some patches you can get for mutt 1.4 that
will change this to text/plain, which works much better for most MUA's
if you need to send onld style, inline PGP messages.  You can also
upgrade to mutt 1.5.4, which uses text/plain by default for inline
messages.

The patch I used for a long time with 1.4 was from Dale Woolridge.
It's available at Dale's site:

    http://www.woolridge.ca/mutt/pgp-traditional.html

> People that can't read signed mail from me, complain that the only
> thing they see is a file named 'msg'pgp'. MUA's they used were
> Evolution, Pine and Squirelmail (webmail).

Evolution, at least newer versions, doesn't support inline pgp
messages at all anymore (as far as I recall).  I believe that both
pine and squirrelmail users will be OK if you coerce mutt into using
text/plain for inline messages.

The real long-term solution is to get wider adoption of PGP/MIME into
these other MUA's.  Then there's an RFC to point people to when they
complain that their MUA doesn't display the message properly.  But
that seems to be taking forever.

You might also try getting the mailing list admins to allow PGP/MIME
signature parts through.  If they're blocking them, I'd say their
filters are overbroad, but if it's their list, they can do what they
want.

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
When you make a mistake, make amends immediately.  It's easier to eat
crow while it's still warm.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iD8DBQE/sWUvuv+09NZUB1oRAvgPAJ4tr/ptiHYtVS+vSe+B+k4Q9OpBSQCgpaO5
dEcCdOeyIGN5/6OYurCUkyA=
=IXsS
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list