|
0
|
1 \input texinfo @c -*-Texinfo-*-
|
|
|
2
|
|
|
3 @c tighten default spacing
|
|
|
4 @c @parskip 5pt plus 1 pt
|
|
|
5 @c @secheadingskip 10pt plus 6pt minus 3pt
|
|
|
6 @c @subsecheadingskip 8pt plus 6pt minus 3pt
|
|
|
7 @c @singlespace
|
|
|
8
|
|
|
9 @c %**start of header
|
|
|
10 @setfilename ../info/mailcrypt.info
|
|
|
11 @settitle @value{TITLE}
|
|
|
12 @setchapternewpage off
|
|
|
13 @c %**end of header
|
|
|
14
|
|
|
15 @syncodeindex ky cp
|
|
|
16 @syncodeindex vr cp
|
|
|
17 @syncodeindex fn cp
|
|
|
18
|
|
|
19 @set TITLE Mailcrypt
|
|
|
20 @set VERSION 3.4
|
|
|
21 @set UPDATED October 10, 1995
|
|
|
22
|
|
|
23 @ifinfo
|
|
|
24
|
|
|
25 This documentation describes Mailcrypt version @value{VERSION}. This
|
|
|
26 documentation was last updated on @value{UPDATED}.
|
|
|
27
|
|
|
28 Copyright 1995 Patrick J. LoPresti
|
|
|
29
|
|
|
30 The Mailcrypt program and this manual are published as free software.
|
|
|
31 You may redistribute and/or modify them under the terms of the GNU
|
|
|
32 General Public License as published by the Free Software Foundation;
|
|
|
33 either version 2, or (at your option) any later version.
|
|
|
34
|
|
|
35 Mailcrypt is distributed in the hope that it will be useful, but WITHOUT
|
|
|
36 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
37 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
38 for more details.
|
|
|
39
|
|
|
40 You should have received a copy of the GNU General Public License along
|
|
|
41 with GNU Emacs; see the file COPYING. If not, write to the Free
|
|
|
42 Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
43
|
|
|
44 @end ifinfo
|
|
|
45
|
|
|
46 @titlepage
|
|
|
47 @title Mailcrypt: An EMACS Interface to PGP
|
|
|
48 @subtitle Version @value{VERSION}
|
|
|
49 @subtitle @value{UPDATED}
|
|
|
50 @author Patrick J. LoPresti <patl@@lcs.mit.edu>
|
|
|
51
|
|
|
52 @c Copyright page
|
|
|
53 @page
|
|
|
54 @vskip 0pt plus 1filll
|
|
|
55 Copyright @copyright{} 1995 Patrick J. LoPresti
|
|
|
56
|
|
|
57 The Mailcrypt program and this documentation are published as free
|
|
|
58 software. You may redistribute and/or modify them under the terms of
|
|
|
59 the GNU General Public License as published by the Free Software
|
|
|
60 Foundation; either version 2, or (at your option) any later version.
|
|
|
61
|
|
|
62 Mailcrypt is distributed in the hope that it will be useful, but WITHOUT
|
|
|
63 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
64 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
65 for more details.
|
|
|
66
|
|
|
67 You should have received a copy of the GNU General Public License along
|
|
|
68 with GNU Emacs; see the file COPYING. If not, write to the Free
|
|
|
69 Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
70
|
|
|
71 @end titlepage
|
|
|
72
|
|
|
73 @ifinfo
|
|
|
74 @node Top, Introduction, (dir), (dir)
|
|
|
75 @top Mailcrypt
|
|
|
76
|
|
|
77 Mailcrypt is an Emacs Lisp package which provides a simple but powerful
|
|
|
78 interface to cryptographic functions for mail and news.
|
|
|
79
|
|
|
80 This documentation describes Mailcrypt version @value{VERSION}. The
|
|
|
81 documentation was last updated on @value{UPDATED}.
|
|
|
82
|
|
|
83 @end ifinfo
|
|
|
84
|
|
|
85 @menu
|
|
|
86 * Introduction:: Read this first.
|
|
|
87 * General Use:: Everyday cryptographic functions.
|
|
|
88 * Remailer Support:: Interface to secure anonymous remailers.
|
|
|
89 * Passphrase Cache:: Letting Mailcrypt remember your passphrase
|
|
|
90 for a while.
|
|
|
91 * Key Fetching:: Automatically retrieving public keys
|
|
|
92 via finger or HTTP.
|
|
|
93 * Miscellaneous Configuration:: Random tweakables.
|
|
|
94 * Tips:: Hints and tricks.
|
|
|
95 * Limitations:: Things Mailcrypt does not do.
|
|
|
96 * References:: Pointers to relevant information.
|
|
|
97 * Credits:: Whom to blame.
|
|
|
98 * Index:: Keys, variables, and functions.
|
|
|
99
|
|
|
100 --- The Detailed Node Listing ---
|
|
|
101
|
|
|
102 Introduction
|
|
|
103
|
|
|
104 * Prerequisites:: Complicated stuff you may have to do.
|
|
|
105 * Installation:: Simple stuff you probably have to do.
|
|
|
106 * Command Overview:: A brief summary of the most common
|
|
|
107 commands.
|
|
|
108
|
|
|
109 Installation
|
|
|
110
|
|
|
111 * Hooking into Rmail::
|
|
|
112 * Hooking into VM::
|
|
|
113 * Hooking into MH-E::
|
|
|
114 * Hooking into Gnus::
|
|
|
115
|
|
|
116 General Use
|
|
|
117
|
|
|
118 * Encrypting:: Encrypting a message to one or more
|
|
|
119 recipients.
|
|
|
120 * Signing:: Clearsigning a message.
|
|
|
121 * Inserting Keys:: Extracting a key from your public key
|
|
|
122 ring and inserting it.
|
|
|
123 * Decrypting:: Decrypting a message to you.
|
|
|
124 * Verifying:: Verifying the signature on a clearsigned
|
|
|
125 message.
|
|
|
126 * Snarfing Keys:: Finding a key in the current message and
|
|
|
127 adding it to your keyring.
|
|
|
128
|
|
|
129 Remailer Support
|
|
|
130
|
|
|
131 * Remailer Introduction:: A little about remailers in general.
|
|
|
132 * Remailer Quick Start:: Getting started quickly.
|
|
|
133 * Remailer Chains:: Creating custom chains of your very own.
|
|
|
134 * Response Blocks:: A way to let people reply to your
|
|
|
135 anonymous messages.
|
|
|
136 * Pseudonyms:: Who do you want to be today?
|
|
|
137 * Remailing Posts:: Posting to USENET anonymously or
|
|
|
138 pseduonymously.
|
|
|
139 * Mixmaster Support:: Remailers for the truly paranoid.
|
|
|
140 * Remailer Security:: Caveats.
|
|
|
141 * Verifiable Pseudonyms:: Giving expression to the voices in your
|
|
|
142 head.
|
|
|
143 * Remailer Tips:: Free advice.
|
|
|
144
|
|
|
145 Key Fetching
|
|
|
146
|
|
|
147 * Keyring Fetch:: Fetching from one or more other
|
|
|
148 keyrings on the local system.
|
|
|
149 * Finger Fetch:: Fetching a key through finger.
|
|
|
150 * HTTP Fetch:: Fetching a key off of the Web.
|
|
|
151
|
|
|
152 Miscellaneous Configuration
|
|
|
153
|
|
|
154 * Alternate Keyring:: Specifying a different file to act
|
|
|
155 like your public keyring.
|
|
|
156 * Comment Field:: Burma
|
|
|
157 Shave
|
|
|
158 * Mode Line:: Changing that "MC-w" and "MC-r" stuff
|
|
|
159 * Key Bindings:: Which keys cause which actions.
|
|
|
160 * Nonstandard Paths:: Useful if your PGP installation is weird.
|
|
|
161
|
|
|
162 References
|
|
|
163
|
|
|
164 * Online Resources:: Recreational reading with a purpose.
|
|
|
165 * Key Servers:: Keepers of the Global Keyring.
|
|
|
166 * Mailing List:: Staying informed while pumping the
|
|
|
167 authors' egos.
|
|
|
168 * Politics:: Anarcho-foobarism.
|
|
|
169 @end menu
|
|
|
170
|
|
|
171 @node Introduction, General Use, Top, Top
|
|
|
172 @chapter Introduction
|
|
|
173
|
|
|
174 Mailcrypt is an Emacs Lisp package which provides a simple but powerful
|
|
|
175 interface to cryptographic functions for mail and news. With Mailcrypt,
|
|
|
176 encryption becomes a seamlessly integrated part of your mail and news
|
|
|
177 handling environment.
|
|
|
178
|
|
|
179 This manual is long because it is complete. All of the information you
|
|
|
180 need to get started is contained in this Introduction alone.
|
|
|
181
|
|
|
182 @menu
|
|
|
183 * Prerequisites:: Complicated stuff you may have to do.
|
|
|
184 * Installation:: Simple stuff you probably have to do.
|
|
|
185 * Command Overview:: A brief summary of the most common
|
|
|
186 commands.
|
|
|
187 @end menu
|
|
|
188
|
|
|
189 @node Prerequisites, Installation, Introduction, Introduction
|
|
|
190 @section Prerequisites
|
|
|
191
|
|
|
192 Mailcrypt requires version 19 of GNU Emacs. Mailcrypt has been tested
|
|
|
193 on a variety of systems under both FSF Emacs and XEmacs.
|
|
|
194
|
|
|
195 Mailcrypt requires Pretty Good (tm) Privacy, usually known as PGP. This
|
|
|
196 document assumes that you have already obtained and installed PGP and
|
|
|
197 that you are familiar with its basic functions. The best way to become
|
|
|
198 familiar with these functions is to read the @cite{PGP User's Guide}, at
|
|
|
199 least Volume I.
|
|
|
200
|
|
|
201 For more information on obtaining and installing PGP, refer to the MIT
|
|
|
202 PGP home page at @file{http://web.mit.edu/network/pgp.html}.
|
|
|
203
|
|
|
204 Although Mailcrypt may be used to process data in arbitrary Emacs
|
|
|
205 buffers, it is most useful in conjunction with other Emacs packages for
|
|
|
206 handling mail and news. Mailcrypt has specialized support for Rmail
|
|
|
207 (@pxref{Rmail, Rmail, Reading Mail with Rmail, emacs, The GNU Emacs
|
|
|
208 Manual}), VM (@pxref{Top, VM, Introduction, vm, The VM User's Manual}),
|
|
|
209 MH-E, and Gnus (@pxref{Top, Gnus, Overview, gnus, The Gnus Manual}).
|
|
|
210 Information on the general use of these packages is beyond the scope of
|
|
|
211 this manual.
|
|
|
212
|
|
|
213 @node Installation, Command Overview, Prerequisites, Introduction
|
|
|
214 @section Installation
|
|
|
215
|
|
|
216 If Mailcrypt is not installed on your system, obtain the latest version
|
|
|
217 from the Mailcrypt home page at
|
|
|
218 @file{http://cag-www.lcs.mit.edu/mailcrypt/} and follow the instructions
|
|
|
219 in the file @file{INSTALL}.
|
|
|
220
|
|
|
221 Next, teach your Emacs how and when to load the Mailcrypt functions and
|
|
|
222 install the Mailcrypt key bindings. Almost all Emacs major modes
|
|
|
223 (including mail and news handling modes) have corresponding "hook"
|
|
|
224 variables which hold functions to be run when the mode is entered. All
|
|
|
225 you have to do is add the Mailcrypt installer functions to the
|
|
|
226 appropriate hooks; then the installer functions will add the Mailcrypt
|
|
|
227 key bindings when the respective mode is entered.
|
|
|
228
|
|
|
229 Specifically, begin by placing the following lines into your
|
|
|
230 @file{.emacs} file (or the system-wide @file{default.el} file):
|
|
|
231
|
|
|
232 @lisp
|
|
|
233 (autoload 'mc-install-write-mode "mailcrypt" nil t)
|
|
|
234 (autoload 'mc-install-read-mode "mailcrypt" nil t)
|
|
|
235 (add-hook 'mail-mode-hook 'mc-install-write-mode)
|
|
|
236 @end lisp
|
|
|
237
|
|
|
238 Then add additional lines for your own mail and news packages as
|
|
|
239 described below.
|
|
|
240
|
|
|
241 @menu
|
|
|
242 * Hooking into Rmail::
|
|
|
243 * Hooking into VM::
|
|
|
244 * Hooking into MH-E::
|
|
|
245 * Hooking into Gnus::
|
|
|
246 @end menu
|
|
|
247
|
|
|
248 @node Hooking into Rmail, Hooking into VM, Installation, Installation
|
|
|
249 @subsection Hooking into Rmail
|
|
|
250
|
|
|
251 To hook Mailcrypt into Rmail, use the following lines:
|
|
|
252
|
|
|
253 @lisp
|
|
|
254 (add-hook 'rmail-mode-hook 'mc-install-read-mode)
|
|
|
255 (add-hook 'rmail-summary-mode-hook 'mc-install-read-mode)
|
|
|
256 @end lisp
|
|
|
257
|
|
|
258 @node Hooking into VM, Hooking into MH-E, Hooking into Rmail, Installation
|
|
|
259 @subsection Hooking into VM
|
|
|
260
|
|
|
261 To hook Mailcrypt into VM, use the following lines:
|
|
|
262
|
|
|
263 @lisp
|
|
|
264 (add-hook 'vm-mode-hook 'mc-install-read-mode)
|
|
|
265 (add-hook 'vm-summary-mode-hook 'mc-install-read-mode)
|
|
|
266 (add-hook 'vm-virtual-mode-hook 'mc-install-read-mode)
|
|
|
267 (add-hook 'vm-mail-mode-hook 'mc-install-write-mode)
|
|
|
268 @end lisp
|
|
|
269
|
|
|
270 @node Hooking into MH-E, Hooking into Gnus, Hooking into VM, Installation
|
|
|
271 @subsection Hooking into MH-E
|
|
|
272
|
|
|
273 To hook Mailcrypt into MH-E, use the following lines:
|
|
|
274
|
|
|
275 @lisp
|
|
|
276 (add-hook 'mh-folder-mode-hook 'mc-install-read-mode)
|
|
|
277 (add-hook 'mh-letter-mode-hook 'mc-install-write-mode)
|
|
|
278 @end lisp
|
|
|
279
|
|
|
280 @node Hooking into Gnus, , Hooking into MH-E, Installation
|
|
|
281 @subsection Hooking into Gnus
|
|
|
282
|
|
|
283 To hook Mailcrypt into Gnus, use the following lines:
|
|
|
284
|
|
|
285 @lisp
|
|
|
286 (add-hook 'gnus-summary-mode-hook 'mc-install-read-mode)
|
|
|
287 (add-hook 'news-reply-mode-hook 'mc-install-write-mode)
|
|
|
288 @end lisp
|
|
|
289
|
|
|
290 @node Command Overview, , Installation, Introduction
|
|
|
291 @section Command Overview
|
|
|
292
|
|
|
293 All Mailcrypt commands are (by default) activated by three-character key
|
|
|
294 sequences which begin with @kbd{C-c /}. The four most common operations
|
|
|
295 are:
|
|
|
296
|
|
|
297 @table @emph
|
|
|
298
|
|
|
299 @item Encrypting a Message
|
|
|
300 @kbd{C-c / e} encrypts a message using the recipient's (or recipients')
|
|
|
301 public key(s). @xref{Encrypting, , Encrypting a Message}.
|
|
|
302
|
|
|
303 @item Decrypting a Message
|
|
|
304 @kbd{C-c / d} decrypts a message using your secret key.
|
|
|
305 @xref{Decrypting, , Decrypting a Message}.
|
|
|
306
|
|
|
307 @item Signing a Message
|
|
|
308 @kbd{C-c / s} clearsigns a message using your secret key.
|
|
|
309 @xref{Signing, , Signing a Message}.
|
|
|
310
|
|
|
311 @item Verifying a Signature
|
|
|
312 @kbd{C-c / v} verifies the signature on a clearsigned message using the
|
|
|
313 sender's public key. @xref{Verifying, , Verifying a Signature}.
|
|
|
314
|
|
|
315 @end table
|
|
|
316
|
|
|
317 These functions and others are documented in detail in the following
|
|
|
318 chapters.
|
|
|
319
|
|
|
320 Any time you are composing or reading mail or news, you can get a
|
|
|
321 summary of the available commands by typing @kbd{C-h m}. If you are
|
|
|
322 running Emacs under X, an even easier way to see the available commands
|
|
|
323 is to access the @code{Mailcrypt} pull-down menu.
|
|
|
324
|
|
|
325 @node General Use, Remailer Support, Introduction, Top
|
|
|
326 @chapter General Use
|
|
|
327
|
|
|
328 @findex mc-read-mode
|
|
|
329 @findex mc-write-mode
|
|
|
330 Mailcrypt works by providing two minor modes for interfacing with
|
|
|
331 cryptographic functions: @code{mc-read-mode} and @code{mc-write-mode}.
|
|
|
332 @code{mc-read-mode} provides key bindings for processing messages which
|
|
|
333 you have received; @code{mc-write-mode} provides key bindings for
|
|
|
334 processing messages which you are about to send. These minor modes will
|
|
|
335 indicate when they are active by placing a characteristic string in the
|
|
|
336 mode line (@pxref{Mode Line}). They will also add a @code{Mailcrypt}
|
|
|
337 pull-down menu to the menu bar.
|
|
|
338
|
|
|
339 @findex mc-install-read-mode
|
|
|
340 @findex mc-install-write-mode
|
|
|
341 The normal installation procedure (@pxref{Installation}) will arrange
|
|
|
342 for the appropriate mode to be active when you read and compose mail and
|
|
|
343 news. But you may want to use Mailcrypt's functions at other times; to
|
|
|
344 do so, you can call @code{mc-install-read-mode} or
|
|
|
345 @code{mc-install-write-mode} directly. For example, if you were editing
|
|
|
346 a file in Text mode and wanted to digitally sign it, you would type
|
|
|
347 @kbd{M-x mc-install-write-mode}, then @kbd{C-c / s} (@pxref{Signing}).
|
|
|
348
|
|
|
349 Once one of the Mailcrypt modes is active, you can get a summary of the
|
|
|
350 available functions by typing @kbd{C-h m} or by examining the
|
|
|
351 @code{Mailcrypt} pull-down menu.
|
|
|
352
|
|
|
353 The description of each function below includes which of the modes has a
|
|
|
354 binding for that function.
|
|
|
355
|
|
|
356 @menu
|
|
|
357 * Encrypting:: Encrypting a message to one or more
|
|
|
358 recipients.
|
|
|
359 * Signing:: Clearsigning a message.
|
|
|
360 * Inserting Keys:: Extracting a key from your public key
|
|
|
361 ring and inserting it.
|
|
|
362 * Decrypting:: Decrypting a message to you.
|
|
|
363 * Verifying:: Verifying the signature on a clearsigned
|
|
|
364 message.
|
|
|
365 * Snarfing Keys:: Finding a key in the current message and
|
|
|
366 adding it to your keyring.
|
|
|
367 @end menu
|
|
|
368
|
|
|
369 @node Encrypting, Signing, General Use, General Use
|
|
|
370 @section Encrypting a Message
|
|
|
371
|
|
|
372 @findex mc-encrypt
|
|
|
373 @kindex C-c / e
|
|
|
374 The function @code{mc-encrypt} will encrypt a message in the current
|
|
|
375 buffer. @code{mc-write-mode} binds this function to @kbd{C-c / e} by
|
|
|
376 default.
|
|
|
377
|
|
|
378 When this function is called, Mailcrypt will prompt you for a
|
|
|
379 comma-separated list of recipients. If called from a mail composition
|
|
|
380 buffer, the recipient list will default to the Email addresses in the
|
|
|
381 @samp{To}, @samp{CC}, and @samp{BCC} lines of the message.
|
|
|
382
|
|
|
383 @vindex mc-encrypt-for-me
|
|
|
384 If you want to be able to decrypt the message yourself, you need to add
|
|
|
385 yourself to the recipient list. If you always want to do so, set the
|
|
|
386 variable @code{mc-encrypt-for-me} to @code{t}. (Note that Mailcrypt
|
|
|
387 overrides the PGP "encrypttoself" flag; use this variable instead.)
|
|
|
388
|
|
|
389 If you provide an empty recipient list, Mailcrypt will ASCII-armor the
|
|
|
390 message without encrypting it.
|
|
|
391
|
|
|
392 @vindex mc-pgp-always-sign
|
|
|
393 Once you have edited the recipient list to your satisfaction, type
|
|
|
394 @kbd{@key{RET}} to accept it. You will then be asked whether you want
|
|
|
395 to sign the message; answer @kbd{y} or @kbd{n}. You can avoid this
|
|
|
396 question by setting the variable @code{mc-pgp-always-sign}: A value of
|
|
|
397 @code{t} means "yes", a value of @code{'never} means "no".
|
|
|
398
|
|
|
399 If you elect to sign the message, Mailcrypt will prompt you for the
|
|
|
400 appropriate passphrase unless it is cached (@pxref{Passphrase Cache}).
|
|
|
401
|
|
|
402 @vindex mc-pre-encryption-hook
|
|
|
403 @vindex mc-post-encryption-hook
|
|
|
404 Mailcrypt will then pass the message to PGP for processing. Mailcrypt
|
|
|
405 will call the functions listed in @code{mc-pre-encryption-hook} and
|
|
|
406 @code{mc-post-encryption-hook} immediately before and after processing,
|
|
|
407 respectively. The encrypted message will then replace the original
|
|
|
408 message in the buffer. You can undo the encryption with the normal
|
|
|
409 Emacs undo command @kbd{C-x u} (@pxref{Undo, Emacs Undo, Undoing
|
|
|
410 Changes, emacs, The GNU Emacs Manual}).
|
|
|
411
|
|
|
412 If an error occurs, Mailcrypt will display an appropriate diagnostic.
|
|
|
413 If you do not have the public key for one of the specified recipients,
|
|
|
414 Mailcrypt will offer to try to fetch it for you (@pxref{Key Fetching}).
|
|
|
415
|
|
|
416 @vindex mc-pgp-user-id
|
|
|
417 The default key for signing is the first one on the secret key ring
|
|
|
418 which matches the string @code{mc-pgp-user-id}; this defaults to
|
|
|
419 @code{(user-login-name)}. Note that this differs from PGP's normal
|
|
|
420 default, which is to use the first of @emph{all} of the secret keys. To
|
|
|
421 mimic PGP's behavior, set this variable to @code{""}.
|
|
|
422
|
|
|
423 If you want to use a secret key other than your default for signing the
|
|
|
424 message, pass a prefix argument to @code{mc-encrypt}. (That is, type
|
|
|
425 @kbd{C-u C-c / e}.) Mailcrypt will prompt for a string and will sign with
|
|
|
426 the first key on your secret keyring which matches that string. It will
|
|
|
427 be assumed that you want to sign the message, so you will not be
|
|
|
428 prompted.
|
|
|
429
|
|
|
430 @node Signing, Inserting Keys, Encrypting, General Use
|
|
|
431 @section Signing a Message
|
|
|
432
|
|
|
433 @findex mc-sign
|
|
|
434 @kindex C-c / s
|
|
|
435 The function @code{mc-sign} will clearsign a message in the current
|
|
|
436 buffer. @code{mc-write-mode} binds this function to @kbd{C-c / s} by
|
|
|
437 default.
|
|
|
438
|
|
|
439 When this function is called, Mailcrypt will prompt you for the
|
|
|
440 appropriate passphrase unless it is cached (@pxref{Passphrase Cache}).
|
|
|
441
|
|
|
442 @vindex mc-pre-signature-hook
|
|
|
443 @vindex mc-post-signature-hook
|
|
|
444 Mailcrypt will then pass the message to PGP for processing. Mailcrypt
|
|
|
445 will call the functions listed in @code{mc-pre-signature-hook} and
|
|
|
446 @code{mc-post-signature-hook} immediately before and after processing,
|
|
|
447 respectively. The signed message will replace the original message in
|
|
|
448 the buffer. @emph{Do not} edit the message further with the signature
|
|
|
449 attached, because the signature would then be incorrect. If you
|
|
|
450 discover you need to edit a message after you have signed it, remove the
|
|
|
451 signature first with the normal Emacs undo command @kbd{C-x u}
|
|
|
452 (@pxref{Undo, Emacs Undo, Undoing Changes, emacs, The GNU Emacs
|
|
|
453 Manual}).
|
|
|
454
|
|
|
455 The variable @code{mc-pgp-user-id} controls which secret key is used for
|
|
|
456 signing; it is described in @ref{Encrypting, , Encrypting a Message}.
|
|
|
457 To use a different secret key, pass a prefix argument to @code{mc-sign}.
|
|
|
458 (That is, type @kbd{C-u C-c / s}.) Mailcrypt will prompt for a string
|
|
|
459 and will sign with the first key on your secret keyring which matches
|
|
|
460 that string.
|
|
|
461
|
|
|
462 @node Inserting Keys, Decrypting, Signing, General Use
|
|
|
463 @section Inserting a Public Key Block
|
|
|
464
|
|
|
465 @findex mc-insert-public-key
|
|
|
466 @kindex C-c / x
|
|
|
467 The function @code{mc-insert-public-key} will extract a key from your
|
|
|
468 public keyring and insert it into the current buffer.
|
|
|
469 @code{mc-write-mode} binds this function to @kbd{C-c / x} by default.
|
|
|
470
|
|
|
471 This function is useful for sending your public key to someone else or
|
|
|
472 for uploading it to the key servers (@pxref{Key Servers}). The inserted
|
|
|
473 key will be the first one on your public key ring which matches the
|
|
|
474 string @code{mc-pgp-user-id} (@pxref{Encrypting, , Encrypting a
|
|
|
475 Message}).
|
|
|
476
|
|
|
477 You may want to insert a different public key instead; for example, you
|
|
|
478 may have signed someone's key and want to send it back to them. To do
|
|
|
479 so, pass a prefix argument to @code{mc-insert-public-key}. (That is,
|
|
|
480 type @kbd{C-u C-c / x}.) You will be prompted for a string; the first key
|
|
|
481 on your public key ring which matches that string will be inserted.
|
|
|
482
|
|
|
483 @node Decrypting, Verifying, Inserting Keys, General Use
|
|
|
484 @section Decrypting a message
|
|
|
485
|
|
|
486 @findex mc-decrypt
|
|
|
487 @kindex C-c / d
|
|
|
488 The function @code{mc-decrypt} will decrypt a message in the current
|
|
|
489 buffer. @code{mc-read-mode} binds this function to @kbd{C-c / d} by
|
|
|
490 default.
|
|
|
491
|
|
|
492 When this function is called, Mailcrypt will prompt you for the
|
|
|
493 appropriate passphrase unless it is cached (@pxref{Passphrase Cache}).
|
|
|
494
|
|
|
495 The encrypted message will then be passed to PGP for processing. If you
|
|
|
496 are not in a mail buffer, the decrypted message will replace the
|
|
|
497 encrypted form. If you are in a mail buffer, you will be prompted
|
|
|
498 whether to do the replacement.
|
|
|
499
|
|
|
500 If you answer @kbd{n}, you will be placed in a new mail reading buffer
|
|
|
501 to view the decrypted message. This new mail reading buffer will have
|
|
|
502 no corresponding disk file; its purpose is to provide you with all of
|
|
|
503 your usual reply and citation functions without requiring you to save
|
|
|
504 the message in decrypted form. Type @kbd{q} to kill this buffer.
|
|
|
505
|
|
|
506 @vindex mc-always-replace
|
|
|
507 You can avoid the question of whether to replace the encrypted message
|
|
|
508 by setting the variable @code{mc-always-replace}. A value of @code{t}
|
|
|
509 means "yes"; a value of @code{'never} means "no".
|
|
|
510
|
|
|
511 If the encrypted message is also signed, PGP will attempt to verify the
|
|
|
512 signature. If the verification fails because you lack the necessary
|
|
|
513 public key, Mailcrypt will offer to fetch it for you (@pxref{Key
|
|
|
514 Fetching}).
|
|
|
515
|
|
|
516 Look in the @code{*MailCrypt*} buffer to see the result of the signature
|
|
|
517 verification.
|
|
|
518
|
|
|
519 @node Verifying, Snarfing Keys, Decrypting, General Use
|
|
|
520 @section Verifying a Signature
|
|
|
521
|
|
|
522 @findex mc-verify
|
|
|
523 @kindex C-c / v
|
|
|
524 The function @code{mc-verify} will verify the cleartext signature on a
|
|
|
525 message in the current buffer. @code{mc-read-mode} binds this function
|
|
|
526 to @kbd{C-c / v} by default.
|
|
|
527
|
|
|
528 When this function is called, Mailcrypt will pass the message to PGP for
|
|
|
529 processing and report whether or not the signature verified.
|
|
|
530
|
|
|
531 If the signature failed to verify because you lack the necessary public
|
|
|
532 key, Mailcrypt will offer to fetch it for you (@pxref{Key Fetching}).
|
|
|
533
|
|
|
534 @node Snarfing Keys, , Verifying, General Use
|
|
|
535 @section Snarfing a Key
|
|
|
536
|
|
|
537 @findex mc-snarf
|
|
|
538 @kindex C-c / a
|
|
|
539 The function @code{mc-snarf} will add to your keyring any keys in the
|
|
|
540 current buffer. @code{mc-read-mode} binds this function to @kbd{C-c / a}
|
|
|
541 by default.
|
|
|
542
|
|
|
543 This function is useful when someone sends you a public key in an Email
|
|
|
544 message.
|
|
|
545
|
|
|
546 @node Remailer Support, Passphrase Cache, General Use, Top
|
|
|
547 @chapter Remailer Support
|
|
|
548 This is a long chapter describing an advanced feature; you
|
|
|
549 may want to skip it on first reading.
|
|
|
550
|
|
|
551 @menu
|
|
|
552 * Remailer Introduction:: A little about remailers in general.
|
|
|
553 * Remailer Quick Start:: Getting started quickly.
|
|
|
554 * Remailer Chains:: Creating custom chains of your very own.
|
|
|
555 * Response Blocks:: A way to let people reply to your
|
|
|
556 anonymous messages.
|
|
|
557 * Pseudonyms:: Who do you want to be today?
|
|
|
558 * Remailing Posts:: Posting to USENET anonymously or
|
|
|
559 pseduonymously.
|
|
|
560 * Mixmaster Support:: Remailers for the truly paranoid.
|
|
|
561 * Remailer Security:: Caveats.
|
|
|
562 * Verifiable Pseudonyms:: Giving expression to the voices in your
|
|
|
563 head.
|
|
|
564 * Remailer Tips:: Free advice.
|
|
|
565 @end menu
|
|
|
566
|
|
|
567 @node Remailer Introduction, Remailer Quick Start, Remailer Support, Remailer Support
|
|
|
568 @section Remailer Introduction
|
|
|
569 There are several anonymous remailer services running on the Internet.
|
|
|
570 These are programs that accept mail, strip off information that would
|
|
|
571 identify the origin of the message, and forward the mail to the
|
|
|
572 designated recipient. This simple scheme alone, however, is insecure if
|
|
|
573 the anonymous remailer becomes compromised (or if the remailer was set
|
|
|
574 up by an untrustworthy party in the first place). Whoever controls the
|
|
|
575 remailer will have access to the identities of senders and recipients.
|
|
|
576
|
|
|
577 One solution to this is to use @emph{chains} of remailers that send
|
|
|
578 encrypted messages. For example, suppose Bill wishes to send a message
|
|
|
579 to Louis using a chain of remailers A, B, and C. He writes the message
|
|
|
580 (possibly encrypting it for Louis), then encrypts the result (including
|
|
|
581 the fact that Louis is the recipient) using a public key supplied by
|
|
|
582 remailer C. Then he encrypts this result using a public key supplied by
|
|
|
583 remailer B. Then he encrypts this result using a public key supplied by
|
|
|
584 A and sends the message to A.
|
|
|
585
|
|
|
586 When A receives the message, it decrypts the message with its key to
|
|
|
587 produce something encrypted for B, learns that the next remailer in the
|
|
|
588 chain is B, strips off the information that the message came from Bill,
|
|
|
589 and sends the message on to B. B then decrypts, learns that the next
|
|
|
590 remailer in the chain is C, strips off the information that the message
|
|
|
591 came from A, and sends the result to C. C then decrypts, learns that
|
|
|
592 the destination is Louis, strips off the information that the message
|
|
|
593 came from B, and sends the result to Louis. With this arrangement, only
|
|
|
594 A knows that the original message came from Bill, and only C knows that
|
|
|
595 the intended recipient is Louis. In general, the sender and recipient
|
|
|
596 can both be known only to someone who has compromised all remailers in
|
|
|
597 the chain.
|
|
|
598
|
|
|
599 If Bill wishes, he can include an encrypted "response block" in his
|
|
|
600 message to Louis, which defines a remailer chain that Louis can use to
|
|
|
601 reply to Bill. Louis can use this chain without knowing who Bill is --
|
|
|
602 only the last remailer in the chain need know the final recipient. Bill
|
|
|
603 can also establish a @emph{pseudonym} for use in signing his anonymous
|
|
|
604 messages.
|
|
|
605
|
|
|
606 Mailcrypt includes facilities for sending messages via remailers, for
|
|
|
607 defining chains of remailers, for generating response blocks, and for
|
|
|
608 using pseudonyms.
|
|
|
609
|
|
|
610 @node Remailer Quick Start, Remailer Chains, Remailer Introduction, Remailer Support
|
|
|
611 @section Remailer Quick Start
|
|
|
612
|
|
|
613 To use Mailcrypt's remailing facilities, you need to configure them
|
|
|
614 first. Begin with the following steps:
|
|
|
615
|
|
|
616 @enumerate
|
|
|
617
|
|
|
618 @item
|
|
|
619 Do @samp{finger remailer-list@@kiwi.cs.berkeley.edu > ~/.remailers}.
|
|
|
620 This will create a Levien-format list of remailers in the file
|
|
|
621 @file{.remailers} in your home directory. Mailcrypt will parse this the
|
|
|
622 first time you access a remailer function.
|
|
|
623
|
|
|
624 @item
|
|
|
625 Look over the @file{.remailers} file and find the ones you want to use.
|
|
|
626
|
|
|
627 @item
|
|
|
628 Add their PGP public keys to your keyring. You can @code{finger
|
|
|
629 pgpkeys@@kiwi.cs.berkeley.edu} for a list of remailer public keys. Note
|
|
|
630 that Mailcrypt @emph{requires} that you have the public keys of all the
|
|
|
631 remailers you want to use, and therefore that the remailers support PGP
|
|
|
632 encryption.
|
|
|
633
|
|
|
634 @end enumerate
|
|
|
635
|
|
|
636 @quotation
|
|
|
637 @emph{Note:} These steps need only be done once, although repeating them
|
|
|
638 from time to time is probably a good idea, since remailers come and go.
|
|
|
639 @end quotation
|
|
|
640
|
|
|
641 Now test the remailer functions. First compose an outgoing Email
|
|
|
642 message (using @kbd{C-x m}, for example) addressed to yourself. Type
|
|
|
643 @kbd{C-c / r}. Choose a remailer; use @kbd{@key{TAB}} to get completion
|
|
|
644 on its name. The buffer will be rewritten for anonymous mailing through
|
|
|
645 that remailer.
|
|
|
646
|
|
|
647 @node Remailer Chains, Response Blocks, Remailer Quick Start, Remailer Support
|
|
|
648 @section Remailer Chains
|
|
|
649
|
|
|
650 @findex mc-remailer-encrypt-for-chain
|
|
|
651 @kindex C-c / r
|
|
|
652 @code{mc-write-mode} binds the function
|
|
|
653 @code{mc-remailer-encrypt-for-chain} to the key @kbd{C-c / r}. This
|
|
|
654 function rewrites the message for a remailer or chain. The resulting
|
|
|
655 buffer is just a new Email message, so it can itself be rewritten for
|
|
|
656 another remailer; this is one way to manually construct a remailer
|
|
|
657 chain.
|
|
|
658
|
|
|
659 Mailcrypt also has powerful facilities for defining automatic chains.
|
|
|
660 We will start with an example. Suppose you have put the following into
|
|
|
661 your @file{.emacs} file:
|
|
|
662
|
|
|
663 @vindex mc-remailer-user-chains
|
|
|
664 @lisp
|
|
|
665 (setq mc-remailer-user-chains
|
|
|
666 '(("Foo" "alumni" "robo")
|
|
|
667 ("Bar" (shuffle-vector ["replay" "flame" "spook"]))
|
|
|
668 ("Baz" "Foo" "Bar" "rahul" "Bar")
|
|
|
669 ("Quux" 4)))
|
|
|
670 @end lisp
|
|
|
671
|
|
|
672 This code defines four chains. The first is named "Foo" and consists of
|
|
|
673 "alumni" and "robo", in that order. The second is named "Bar" and
|
|
|
674 consists of "replay", "flame", and "spook" in some random order (a
|
|
|
675 different order will be chosen each time the chain is used). The third
|
|
|
676 is named "Baz" and consists of 9 remailers: The two from "Foo", followed
|
|
|
677 by a permutation of the three from "Bar", followed by "rahul", followed
|
|
|
678 by another permutation of the three from "Bar". Finally, the fourth is
|
|
|
679 named "Quux" and consists of a random permutation of the four best
|
|
|
680 remailers as ordered in the @file{~/.remailers} file.
|
|
|
681
|
|
|
682 Now whenever you are prompted for a "remailer or chain", the chains
|
|
|
683 "Foo", "Bar", "Baz", and "Quux" will be available, including
|
|
|
684 @kbd{@key{TAB}} completion on their names. By capitalizing their names,
|
|
|
685 you guarantee they will show up near the top of the completion list if
|
|
|
686 you type @kbd{@key{TAB}} on an empty input.
|
|
|
687
|
|
|
688 Now for the gritty details. @code{mc-remailer-user-chains} is a list of
|
|
|
689 chain definitions. A chain definition is a list whose first element is
|
|
|
690 the name (a string) and whose remaining elements form a @dfn{remailer
|
|
|
691 list}. Each element of a remailer list is one of the following:
|
|
|
692
|
|
|
693 @enumerate
|
|
|
694
|
|
|
695 @item
|
|
|
696 A raw remailer structure. This is the base case, but you will probably
|
|
|
697 never want nor need to deal with these directly.
|
|
|
698
|
|
|
699 @item
|
|
|
700 A string naming another remailer chain to be spliced in at this point.
|
|
|
701
|
|
|
702 @item
|
|
|
703 A positive integer N representing a chain to be spliced in at this point
|
|
|
704 and consisting of a random permutation of the top N remailers as ordered
|
|
|
705 in the @file{~/.remailers} file.
|
|
|
706
|
|
|
707 @item
|
|
|
708 An arbitrary Emacs Lisp form, which should return another remailer
|
|
|
709 list which will be spliced in at this point and recursively
|
|
|
710 evaluated. Mmmm, Lisp.
|
|
|
711
|
|
|
712 @end enumerate
|
|
|
713 So, in the example "Bar" above, @code{shuffle-vector} is actually a Lisp
|
|
|
714 primitive which returns a random permutation of the argument vector.
|
|
|
715 (Which brings up a side note: A remailer list can be a vector instead of
|
|
|
716 a list if you like.)
|
|
|
717
|
|
|
718 So where do the definitions for "replay" etc. come from?
|
|
|
719
|
|
|
720 @vindex mc-remailer-internal-chains
|
|
|
721 There is another variable, @code{mc-remailer-internal-chains}, which has
|
|
|
722 the same format as @code{mc-remailer-user-chains}. In fact, the
|
|
|
723 concatenation of the two is always used internally when resolving chains
|
|
|
724 by name. The "internal chains" are normally generated automatically
|
|
|
725 from a Levien-format remailer list, which lives in @file{~/.remailers}
|
|
|
726 by default and is parsed at startup time. The parser creates several
|
|
|
727 chains, each containing a single remailer, and names each chain after
|
|
|
728 the respective remailer.
|
|
|
729
|
|
|
730 Thus "replay" (for example) is actually the name of a @emph{chain} whose
|
|
|
731 single element is the remailer at <remailer@@replay.com>. So "replay"
|
|
|
732 is a valid name of a chain to include in the definition of another
|
|
|
733 chain, as was done above in the definition of "Bar".
|
|
|
734
|
|
|
735 @node Response Blocks, Pseudonyms, Remailer Chains, Remailer Support
|
|
|
736 @section Response Blocks
|
|
|
737
|
|
|
738 @kindex C-c / b
|
|
|
739 Mailcrypt can generate a response block for you. Just type @kbd{C-c / b}
|
|
|
740 in an outgoing mail buffer. That will prompt you for a chain to use,
|
|
|
741 and will insert the response block at point. Note that you can use any
|
|
|
742 chain you want for your response block; it need not be related to the
|
|
|
743 chain you (later) use to remail the message.
|
|
|
744
|
|
|
745 If instead you type @kbd{C-u C-c / b}, you will be dropped into a
|
|
|
746 recursive edit of the innermost part of the response block. This text
|
|
|
747 is what you will see at the top of the message when the response block
|
|
|
748 is used. This text is the only way to identify the response block,
|
|
|
749 since it will be used to mail you through anonymous remailers.
|
|
|
750
|
|
|
751 You probably won't need to use the @kbd{C-u} feature, since by default
|
|
|
752 the response block contains the date, @samp{To} field, and @samp{From}
|
|
|
753 field of the message you are composing. However, if you want your
|
|
|
754 response block to point to a USENET newsgroup instead of your Email
|
|
|
755 address, you may edit the innermost part of the response block to have a
|
|
|
756 @samp{Newsgroups} line instead of a @samp{To} line.
|
|
|
757
|
|
|
758 Inserting a response block also updates the @samp{Reply-to} hashmark
|
|
|
759 header field. So, when your recipient replies to your message, the
|
|
|
760 reply will automatically be addressed properly. This only works if the
|
|
|
761 last remailer in the chain used to encrypt the @emph{message} supports
|
|
|
762 hashmarks (the response block chain doesn't matter). If the last
|
|
|
763 remailer does not support hashmarks, Mailcrypt will generate an error
|
|
|
764 when you try to use the chain.
|
|
|
765
|
|
|
766 Note that you should insert your response block before you encrypt the
|
|
|
767 message for remailing. Also, see @ref{Remailer Security}.
|
|
|
768
|
|
|
769 @node Pseudonyms, Remailing Posts, Response Blocks, Remailer Support
|
|
|
770 @section Pseudonyms
|
|
|
771
|
|
|
772 @kindex C-c / p
|
|
|
773 Mailcrypt supports pseudonyms. Type @kbd{C-c / p} in an outgoing message
|
|
|
774 buffer and you will be prompted for a pseudonym to use. Your pseudonym
|
|
|
775 will show up in the @samp{From} line that the recipient sees. Your
|
|
|
776 pseudonym may either be a complete @samp{From} line (including an Email
|
|
|
777 address), or just a full name (with no Email address). In the latter
|
|
|
778 case, the Email address will automatically be set to <x@@x.x>, an invalid
|
|
|
779 address designed to prevent sendmail from going rewrite-happy.
|
|
|
780
|
|
|
781 If you have one or more pseudonyms which you normally use, and you
|
|
|
782 aren't afraid of revealing them if your account is compromised, you can
|
|
|
783 set up a default list of pseudonyms with lines like the following in
|
|
|
784 your @file{.emacs} file:
|
|
|
785
|
|
|
786 @vindex mc-remailer-pseudonyms
|
|
|
787 @lisp
|
|
|
788 (setq mc-remailer-pseudonyms
|
|
|
789 '("Elvis Presley" "Vanna White" "Charles Manson"))
|
|
|
790 @end lisp
|
|
|
791
|
|
|
792 Then those names will be available for completion when you are
|
|
|
793 prompted for your pseudonym.
|
|
|
794
|
|
|
795 You should insert your pseudonym before you insert a response block, so
|
|
|
796 that the response block will contain the @samp{From} line as well as the
|
|
|
797 @samp{To} line. That way you can tell who you were pretending to be
|
|
|
798 when you get a reply to your message.
|
|
|
799
|
|
|
800 Note: Many remailers do not support pseudonyms. In addition, the Levien
|
|
|
801 format does not (yet) indicate which do and which do not, so Mailcrypt
|
|
|
802 can't warn you when your pseudonym isn't going to work. The only way to
|
|
|
803 be sure is to send yourself a test message, and to try different
|
|
|
804 remailers until you find one or more which work. On the bright side,
|
|
|
805 only the last remailer in the chain needs to provide such support; none
|
|
|
806 of the others matter.
|
|
|
807
|
|
|
808 @node Remailing Posts, Mixmaster Support, Pseudonyms, Remailer Support
|
|
|
809 @section Remailing Posts
|
|
|
810 Mailcrypt knows how to rewrite USENET posts for anonymous or
|
|
|
811 pseudonymous remailing. Just compose your post or followup normally,
|
|
|
812 and use @kbd{C-c / r} to rewrite it for a remailer chain. You don't
|
|
|
813 even need to start your newsreader to make a post; you can just compose
|
|
|
814 a message in mail mode and replace the @samp{To} line with a
|
|
|
815 @samp{Newsgroups} line before doing @kbd{C-c / r}.
|
|
|
816
|
|
|
817 @vindex mc-remailer-preserved-headers
|
|
|
818 Mailcrypt will generate an error if the last remailer in the chain does
|
|
|
819 not have both the @code{post} and @code{hash} (hashmarks) properties.
|
|
|
820 The hashmarks are used to preserve @samp{References} and similar
|
|
|
821 headers, so your anonymous or pseudonymous followups will thread
|
|
|
822 properly. The variable @code{mc-remailer-preserved-headers} controls
|
|
|
823 which headers are preserved when rewriting a message, but you should not
|
|
|
824 need to change it since the default value is reasonable.
|
|
|
825
|
|
|
826 Before rewriting, you can use @kbd{C-c / p} to insert your pseudonym,
|
|
|
827 and @kbd{C-c / b} to insert your response block, just like when
|
|
|
828 composing mail. In this case, the response block will include the
|
|
|
829 @samp{From} line and the @samp{Newsgroups} line (which is the news
|
|
|
830 analogue to the @samp{To} line).
|
|
|
831
|
|
|
832 @node Mixmaster Support, Remailer Security, Remailing Posts, Remailer Support
|
|
|
833 @section Mixmaster Support
|
|
|
834
|
|
|
835 @dfn{Mixmaster} is a new kind of remailer which provides excellent
|
|
|
836 security against traffic analysis and replay attacks. (For more
|
|
|
837 information on these attacks and Mixmaster, see Lance Cottrell's home
|
|
|
838 page at @file{http://www.obscura.com/~loki/}.
|
|
|
839
|
|
|
840 If you do not use Mixmaster, you may skip this section entirely;
|
|
|
841 Mailcrypt's default configuration treats Mixmaster as if it did not
|
|
|
842 exist.
|
|
|
843
|
|
|
844 If you have the Mixmaster executable installed, you can tell Mailcrypt
|
|
|
845 to use it by placing lines like the following into your @file{.emacs}
|
|
|
846 file:
|
|
|
847
|
|
|
848 @vindex mc-mixmaster-path
|
|
|
849 @vindex mc-mixmaster-list-path
|
|
|
850 @lisp
|
|
|
851 (setq mc-mixmaster-path "mixmaster")
|
|
|
852 (setq mc-mixmaster-list-path "/foo/bar/baz/type2.list")
|
|
|
853 @end lisp
|
|
|
854
|
|
|
855 @code{mc-mixmaster-path} is a string representing the Mixmaster
|
|
|
856 executable. @code{mc-mixmaster-list-path} is the complete path to the
|
|
|
857 @code{type2.list} file.
|
|
|
858
|
|
|
859 Once these variables are defined, Mailcrypt will automatically try to
|
|
|
860 use the Mixmaster executable whenever possible. Specifically, when you
|
|
|
861 rewrite a message for a chain, Mailcrypt will find maximal length
|
|
|
862 sub-chains which have the @code{mix} property and will use the Mixmaster
|
|
|
863 executable to rewrite for those sub-chains.
|
|
|
864
|
|
|
865 This allows arbitrary intermingling of Mixmaster and normal (also called
|
|
|
866 @dfn{Type 1}) remailers, but you should note that this is @emph{not
|
|
|
867 recommended}. The recommended procedure is to have a single Mixmaster
|
|
|
868 sub-chain which is most or all of the whole chain.
|
|
|
869
|
|
|
870 There are advantages and disadvantages to having the Mixmaster sub-chain
|
|
|
871 at the end of the whole chain. The primary advantage is that Mixmaster
|
|
|
872 remailers support multiple recipients. The primary disadvantages are
|
|
|
873 that they do not support pseudonyms nor posting.
|
|
|
874
|
|
|
875 So here, as always, it is the last element of the chain which needs to
|
|
|
876 support the special features you want. In general, the remaining
|
|
|
877 elements do not matter, and the superior security of Mixmaster remailers
|
|
|
878 is a good argument for using them for the bulk of your chains.
|
|
|
879
|
|
|
880 @findex mc-demix
|
|
|
881 Mixmaster remailers also have a "Type 1 compatibility mode" which you
|
|
|
882 might want to invoke to use a pseudonym or make a post. You can do this
|
|
|
883 with the function @code{mc-demix}. Here is an example of its use:
|
|
|
884
|
|
|
885 @lisp
|
|
|
886 (setq mc-remailer-user-chains
|
|
|
887 '(("Foo" "vishnu" "spook")
|
|
|
888 ("Bar" "Foo" (mc-demix "replay"))))
|
|
|
889 @end lisp
|
|
|
890
|
|
|
891 This makes "Bar" a chain of three remailers, and guarantees that the
|
|
|
892 last one ("replay") will be used in compatibility mode.
|
|
|
893
|
|
|
894 Note that Mixmaster remailers cannot be used for response blocks.
|
|
|
895 Mailcrypt will ignore the @code{mix} property when generating a response
|
|
|
896 block.
|
|
|
897
|
|
|
898 @node Remailer Security, Verifiable Pseudonyms, Mixmaster Support, Remailer Support
|
|
|
899 @section Remailer Security
|
|
|
900
|
|
|
901 Keep in mind that there is only one person fully qualified to protect
|
|
|
902 your privacy: @emph{you}. You are responsible for obtaining a list of
|
|
|
903 remailers and their public keys; you are responsible for choosing which
|
|
|
904 of them to use and in what order. There are public lists of remailers
|
|
|
905 and keys (the Quick Start section above relies on them), but you pay for
|
|
|
906 the convenience by putting your trust in a single source. This is one
|
|
|
907 reason Mailcrypt does not access these public lists automatically; you
|
|
|
908 need to get into the habit of watching what goes on behind the scenes.
|
|
|
909 You should also try to learn something about the remailers themselves,
|
|
|
910 since you are relying on them to help protect your privacy.
|
|
|
911
|
|
|
912 How many remailers should you include in your chain, and how should
|
|
|
913 you choose them? That depends on whom you perceive as a threat. If
|
|
|
914 the threat is your ex-spouse or your boss, even a single remailer is
|
|
|
915 probably adequate (more won't hurt, but will cost in latency). If the
|
|
|
916 threat is the Church of Scientology, you probably want to use a fair
|
|
|
917 number of remailers across multiple continents. If the threat is a
|
|
|
918 major world government, well, best of luck to you.
|
|
|
919
|
|
|
920 Also, there is a huge difference between chains suitable for regular
|
|
|
921 messages and chains suitable for response blocks. Some remailers don't
|
|
|
922 even keep mail logs (at least, their operators claim they do not), so it
|
|
|
923 may be literally impossible to trace a message back to you after the
|
|
|
924 fact if you chain it through enough remailers. Response blocks, on the
|
|
|
925 other hand, have your identity buried in there @emph{somewhere}. In
|
|
|
926 principle, at least, it is possible to compromise the keys of all the
|
|
|
927 remailers in the chain and decrypt the response block. So you should
|
|
|
928 either use very long and strong chains for your response blocks, avoid
|
|
|
929 using response blocks at all, or only use response blocks which
|
|
|
930 themselves ultimately point to a newsgroup.
|
|
|
931
|
|
|
932 @node Verifiable Pseudonyms, Remailer Tips, Remailer Security, Remailer Support
|
|
|
933 @section Verifiable Pseudonyms
|
|
|
934 Here is a plausible sequence of operations when using the remailer
|
|
|
935 support in Mailcrypt:
|
|
|
936
|
|
|
937 @enumerate
|
|
|
938
|
|
|
939 @item
|
|
|
940 You create a public/private PGP key pair. You give it a User ID which
|
|
|
941 is your pseudonym. You upload the public key to the key servers or
|
|
|
942 otherwise distribute it. (Be aware that anyone who compromises your
|
|
|
943 account can read the IDs on your secret keyring, thus discovering your
|
|
|
944 verifiable pseudonyms.)
|
|
|
945
|
|
|
946 @item
|
|
|
947 You compose an Email message, Email reply, news post, or news followup.
|
|
|
948
|
|
|
949 @item
|
|
|
950 You insert your pseudonym with @kbd{C-c / p}.
|
|
|
951
|
|
|
952 @item
|
|
|
953 (Optional) You insert your response block with @kbd{C-c / b}.
|
|
|
954
|
|
|
955 @item
|
|
|
956 You type @kbd{C-c / s} to sign the message. The @code{mc-sign} function
|
|
|
957 understands pseudonyms.
|
|
|
958
|
|
|
959 @item
|
|
|
960 You type @kbd{C-c / r} to rewrite the message for remailing. (Or use
|
|
|
961 @kbd{C-u C-c / r} to view each step of the rewriting as it happens.)
|
|
|
962
|
|
|
963 @item
|
|
|
964 You type @kbd{C-c C-c} to send the message.
|
|
|
965
|
|
|
966 @end enumerate
|
|
|
967
|
|
|
968 Now the recipient(s), reading your message through mail or news, can
|
|
|
969 verify your pseudonymous signature; thus you have started to create a
|
|
|
970 verifiable pseudonymous identity. If you use it consistently, it will
|
|
|
971 develop a reputation of its own. With Mailcrypt, using a pseudonym is
|
|
|
972 almost as easy as using your real name (and your followups in news
|
|
|
973 will even thread properly). Welcome to the new age of letters@dots{}
|
|
|
974
|
|
|
975 @node Remailer Tips, , Verifiable Pseudonyms, Remailer Support
|
|
|
976 @section Remailer Tips
|
|
|
977
|
|
|
978 This is a collection of tips for using Mailcrypt's remailer support.
|
|
|
979
|
|
|
980 @itemize @bullet
|
|
|
981
|
|
|
982 @item
|
|
|
983 @vindex mc-levien-file-name
|
|
|
984 Read and understand the @file{.remailers} file. If the service at
|
|
|
985 kiwi.cs.berkeley.edu is gone by the time you read this, track down a
|
|
|
986 comparable service elsewhere. (Ask around in
|
|
|
987 @file{news:alt.privacy.anon-server} or, as a last resort,
|
|
|
988 @file{news:alt.security.pgp}.) Check the documentation (@kbd{C-h v})
|
|
|
989 for the variable @code{mc-levien-file-name} for a description of Levien
|
|
|
990 format.
|
|
|
991
|
|
|
992 @item
|
|
|
993 The relevant remailer properties are @code{pgp} (required), @code{hash}
|
|
|
994 (required if you use hashmark headers), and @code{post} (required for
|
|
|
995 posting to USENET). Remailers which do not support PGP won't even show
|
|
|
996 up in the completion list.
|
|
|
997
|
|
|
998 @item
|
|
|
999 The only remailer which needs special properties (e.g., posting,
|
|
|
1000 hashmarks, pseudonym support) is the last one in a chain. Any remailer
|
|
|
1001 can be used at the beginning or in the middle. So if you find a few
|
|
|
1002 remailers which support the feature(s) you require, and you always use
|
|
|
1003 them at the end of your chains, then you can be confident that even the
|
|
|
1004 longest chains will work.
|
|
|
1005
|
|
|
1006 @item
|
|
|
1007 @findex mc-reread-levien-file
|
|
|
1008 If you update your @file{~/.remailers} file, you can reread it with
|
|
|
1009 @kbd{M-x mc-reread-levien-file}.
|
|
|
1010
|
|
|
1011 @item
|
|
|
1012 Remember the natural order of operations. First you compose your
|
|
|
1013 message. Then you insert your pseudonym with @kbd{C-c / p}. Then you
|
|
|
1014 insert your response block with @kbd{C-c / b}. Then you sign (@kbd{C-c /
|
|
|
1015 s}) or sign and encrypt (@kbd{C-c / e}) the message. Then you rewrite it
|
|
|
1016 for a remailer or chain (@kbd{C-c / r}). Then you send it. All but the
|
|
|
1017 first and last two of these are optional. (Well, strictly speaking,
|
|
|
1018 they are all optional, but you get the idea.)
|
|
|
1019
|
|
|
1020 @item
|
|
|
1021 Find and read some of the excellent remailer documentation available on
|
|
|
1022 the Internet. For some good starting points, see @ref{References}.
|
|
|
1023
|
|
|
1024 @end itemize
|
|
|
1025
|
|
|
1026 @node Passphrase Cache, Key Fetching, Remailer Support, Top
|
|
|
1027 @chapter Passphrase Cache
|
|
|
1028
|
|
|
1029 @vindex mc-passwd-timeout
|
|
|
1030 Mailcrypt can remember your passphrase so that you need not type it
|
|
|
1031 repeatedly. It will also "forget" your passphrase if it has not been
|
|
|
1032 used in a while, thus trading some security for some convenience. You
|
|
|
1033 can tune this tradeoff with the variable @code{mc-passwd-timeout}, which
|
|
|
1034 is a duration in seconds from the last time the passphrase was used
|
|
|
1035 until Mailcrypt will forget it. The default value is 60 seconds.
|
|
|
1036
|
|
|
1037 So, for example, to make Mailcrypt remember your passphrase for 10
|
|
|
1038 minutes after each use, you would use the following line in your
|
|
|
1039 @file{.emacs} file:
|
|
|
1040
|
|
|
1041 @lisp
|
|
|
1042 (setq mc-passwd-timeout 600)
|
|
|
1043 @end lisp
|
|
|
1044
|
|
|
1045 A value of @code{nil} or 0 will disable passphrase caching completely.
|
|
|
1046 This provides some increase in security, but be aware that you are
|
|
|
1047 already playing a dangerous game by typing your passphrase at a Lisp
|
|
|
1048 interpreter.
|
|
|
1049
|
|
|
1050 Mailcrypt understands multiple secret keys with distinct passphrases.
|
|
|
1051
|
|
|
1052 @findex mc-deactivate-passwd
|
|
|
1053 @kindex C-c / f
|
|
|
1054 To manually force Mailcrypt to forget your passphrase(s), use the
|
|
|
1055 function @code{mc-deactivate-passwd}. Both @code{mc-read-mode} and
|
|
|
1056 @code{mc-write-mode} bind this function to @kbd{C-c / f} by default.
|
|
|
1057
|
|
|
1058 @quotation
|
|
|
1059 @strong{Warning:} Although Mailcrypt takes pains to overwrite your
|
|
|
1060 passphrase when "forgetting", it cannot prevent the Emacs garbage
|
|
|
1061 collector from possibly leaving copies elsewhere in memory. Also, your
|
|
|
1062 last 100 keystrokes can always be viewed with the function
|
|
|
1063 @code{view-lossage}, normally bound to @kbd{C-h l}. So be sure to type
|
|
|
1064 at least 100 characters after typing your passphrase if you plan to
|
|
|
1065 leave your terminal unattended.
|
|
|
1066 @end quotation
|
|
|
1067
|
|
|
1068 @node Key Fetching, Miscellaneous Configuration, Passphrase Cache, Top
|
|
|
1069 @chapter Key Fetching
|
|
|
1070
|
|
|
1071 @findex mc-pgp-fetch-key
|
|
|
1072 @kindex C-c / k
|
|
|
1073 Mailcrypt knows how to fetch PGP public keys from the key servers
|
|
|
1074 (@pxref{Key Servers}). The function @code{mc-pgp-fetch-key} is bound by
|
|
|
1075 default to @kbd{C-c / k} in both @code{mc-read-mode} and
|
|
|
1076 @code{mc-write-mode}. Additionally, @code{mc-encrypt},
|
|
|
1077 @code{mc-decrypt}, and @code{mc-verify} will offer to call this function
|
|
|
1078 to automatically fetch a desired key. If you call it manually, it will
|
|
|
1079 prompt you for the User ID of the key to fetch.
|
|
|
1080
|
|
|
1081 @vindex mc-pgp-fetch-methods
|
|
|
1082 The variable @code{mc-pgp-fetch-methods} is a list of ways to attempt to
|
|
|
1083 fetch a key. (More precisely, it is a list of functions to be called,
|
|
|
1084 each of which will attempt to fetch the key.) The methods will be tried
|
|
|
1085 in the order listed. The default list is:
|
|
|
1086
|
|
|
1087 @lisp
|
|
|
1088 '(mc-pgp-fetch-from-keyrings
|
|
|
1089 mc-pgp-fetch-from-finger
|
|
|
1090 mc-pgp-fetch-from-http)
|
|
|
1091 @end lisp
|
|
|
1092
|
|
|
1093 For a description of these functions, see the following sections.
|
|
|
1094
|
|
|
1095 If you are not directly on the Internet, you probably want to obtain a
|
|
|
1096 copy of the global public key ring from the keyservers, install it
|
|
|
1097 somewhere under the name @file{public-keys.pgp}, and do:
|
|
|
1098
|
|
|
1099 @lisp
|
|
|
1100 (setq mc-pgp-fetch-methods '(mc-pgp-fetch-from-keyrings))
|
|
|
1101 (setq mc-pgp-fetch-keyring-list '("/blah/blah/blah/public-keys.pgp"))
|
|
|
1102 @end lisp
|
|
|
1103
|
|
|
1104 This will allow you to fetch keys from your local copy of the global key
|
|
|
1105 ring instead of sending requests to the key servers directly
|
|
|
1106 (@pxref{Keyring Fetch}). Alternately, if your organization has a proxy
|
|
|
1107 HTTP server, you can configure Mailcrypt to use that. See @ref{HTTP
|
|
|
1108 Fetch}.
|
|
|
1109
|
|
|
1110 If the key is found, you will be shown the result of running PGP on it
|
|
|
1111 locally. This allows you to inspect the signatures on the key
|
|
|
1112 @emph{relative to your own keyring} before you consent to having it
|
|
|
1113 added. @strong{Inspect the signatures carefully!} Key distribution is
|
|
|
1114 often the Achilles' heel of public key protocols. If you blindly use
|
|
|
1115 keys obtained from the key servers, you are asking for trouble.
|
|
|
1116
|
|
|
1117 All of the methods use @code{mc-pgp-fetch-timeout} as a timeout in
|
|
|
1118 seconds; the default value is 30.
|
|
|
1119
|
|
|
1120 @menu
|
|
|
1121 * Keyring Fetch:: Fetching from one or more other
|
|
|
1122 keyrings on the local system.
|
|
|
1123 * Finger Fetch:: Fetching a key through finger.
|
|
|
1124 * HTTP Fetch:: Fetching a key off of the Web.
|
|
|
1125 @end menu
|
|
|
1126
|
|
|
1127 @node Keyring Fetch, Finger Fetch, Key Fetching, Key Fetching
|
|
|
1128 @section Keyring Fetch
|
|
|
1129
|
|
|
1130 @findex mc-pgp-fetch-from-keyrings
|
|
|
1131 The function @code{mc-pgp-fetch-from-keyrings} will attempt to fetch a
|
|
|
1132 key from a set of keyrings on the locally accessible filesystem. This
|
|
|
1133 is useful if your organization maintains a large common public keyring
|
|
|
1134 whose entire contents you do not wish to duplicate on your own ring. It
|
|
|
1135 is also useful if you download a copy of the global public ring from the
|
|
|
1136 key servers (@pxref{Key Servers}).
|
|
|
1137
|
|
|
1138 @vindex mc-pgp-fetch-keyring-list
|
|
|
1139 The variable @code{mc-pgp-fetch-keyring-list} controls this behavior.
|
|
|
1140 It is a list of file names of public keyrings which this function will
|
|
|
1141 search, in order, when seeking a key. The default value is @code{nil},
|
|
|
1142 meaning this search will always fail.
|
|
|
1143
|
|
|
1144 @node Finger Fetch, HTTP Fetch, Keyring Fetch, Key Fetching
|
|
|
1145 @section Finger Fetch
|
|
|
1146
|
|
|
1147 @findex mc-pgp-fetch-from-finger
|
|
|
1148 The function @code{mc-pgp-fetch-from-finger} will attempt to fetch a key
|
|
|
1149 by fingering an address and parsing the output for a PGP public key
|
|
|
1150 block.
|
|
|
1151
|
|
|
1152 @node HTTP Fetch, , Finger Fetch, Key Fetching
|
|
|
1153 @section HTTP Fetch
|
|
|
1154
|
|
|
1155 @findex mc-pgp-fetch-from-http
|
|
|
1156 The function @code{mc-pgp-fetch-from-http} will attempt to fetch a key
|
|
|
1157 by connecting to a key server (@pxref{Key Servers}) which has a World
|
|
|
1158 Wide Web interface.
|
|
|
1159
|
|
|
1160 @vindex mc-pgp-keyserver-address
|
|
|
1161 @vindex mc-pgp-keyserver-port
|
|
|
1162 @vindex mc-pgp-keyserver-url-template
|
|
|
1163 The variables @code{mc-pgp-keyserver-address},
|
|
|
1164 @code{mc-pgp-keyserver-port}, and @code{mc-pgp-keyserver-url-template}
|
|
|
1165 control the fetching process. The default is to use Brian LaMacchia's
|
|
|
1166 key server at MIT. If this default should stop working, or if you want
|
|
|
1167 to help with network congestion and machine load, you can choose a
|
|
|
1168 different server. As of this writing, any of the following sequences of
|
|
|
1169 Emacs Lisp in your @file{.emacs} file will work; choose one:
|
|
|
1170
|
|
|
1171 @lisp
|
|
|
1172 ;; Key server at MIT (Massachusetts, USA)
|
|
|
1173 ;; This is the default; these lines are only for reference
|
|
|
1174 ;(setq mc-pgp-keyserver-address "pgp.ai.mit.edu")
|
|
|
1175 ;(setq mc-pgp-keyserver-port 80)
|
|
|
1176 ;(setq mc-pgp-keyserver-url-template
|
|
|
1177 ; "/htbin/pks-extract-key.pl?op=get&search=%s")
|
|
|
1178 @end lisp
|
|
|
1179
|
|
|
1180 @lisp
|
|
|
1181 ;; Key server at UPC (Barcelona, Spain)
|
|
|
1182 (setq mc-pgp-keyserver-address "goliat.upc.es")
|
|
|
1183 (setq mc-pgp-keyserver-port 80)
|
|
|
1184 (setq mc-pgp-keyserver-url-template
|
|
|
1185 "/cgi-bin/pks-extract-key.pl?op=get&search=%s")
|
|
|
1186 @end lisp
|
|
|
1187
|
|
|
1188 @lisp
|
|
|
1189 ;; Key server at Cambridge University (Cambridge, England)
|
|
|
1190 (setq mc-pgp-keyserver-address "www.cl.cam.ac.uk")
|
|
|
1191 (setq mc-pgp-keyserver-port 80)
|
|
|
1192 (setq mc-pgp-keyserver-url-template
|
|
|
1193 "/cgi-bin/pks-extract-key.pl?op=get&search=%s")
|
|
|
1194 @end lisp
|
|
|
1195
|
|
|
1196 @lisp
|
|
|
1197 ;; Key server at UIT (Tromso, Norway)
|
|
|
1198 (setq mc-pgp-keyserver-address "www.service.uit.no")
|
|
|
1199 (setq mc-pgp-keyserver-port 80)
|
|
|
1200 (setq mc-pgp-keyserver-url-template
|
|
|
1201 "/cgi-bin/pks-extract-key.pl?op=get&search=%s")
|
|
|
1202 @end lisp
|
|
|
1203
|
|
|
1204 @lisp
|
|
|
1205 ;; Key server at CMU (Pennsylvania, USA)
|
|
|
1206 (setq mc-pgp-keyserver-address "gs211.sp.cs.cmu.edu")
|
|
|
1207 (setq mc-pgp-keyserver-port 80)
|
|
|
1208 (setq mc-pgp-keyserver-url-template "/cgi-bin/pgp-key?pgpid=%s")
|
|
|
1209 @end lisp
|
|
|
1210
|
|
|
1211 If your organization has a firewall, you might not be able to access the
|
|
|
1212 World Wide Web directly. Your organization may have a proxy HTTP server
|
|
|
1213 set up, however. In that case, you should place code like the following
|
|
|
1214 in your @file{.emacs} file. You can use any of the above key servers
|
|
|
1215 instead of the one at MIT, of course.
|
|
|
1216
|
|
|
1217 @lisp
|
|
|
1218 ;; Mailcrypt configuration for accessing key server through HTTP proxy
|
|
|
1219 (setq mc-pgp-keyserver-address "your.proxy.com")
|
|
|
1220 (setq mc-pgp-keyserver-port 13013) ; Your proxy's port
|
|
|
1221 (setq mc-pgp-keyserver-url-template
|
|
|
1222 "http://pgp.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=%s")
|
|
|
1223 @end lisp
|
|
|
1224
|
|
|
1225 Note that fetching from a key server can be somewhat slow, so be
|
|
|
1226 patient. (At least it beats the tar out of the Email interface.)
|
|
|
1227
|
|
|
1228 @node Miscellaneous Configuration, Tips, Key Fetching, Top
|
|
|
1229 @chapter Miscellaneous Configuration
|
|
|
1230
|
|
|
1231 This chapter documents some additional Mailcrypt configuration options
|
|
|
1232 which could not be naturally described elsewhere.
|
|
|
1233
|
|
|
1234 @menu
|
|
|
1235 * Alternate Keyring:: Specifying a different file to act
|
|
|
1236 like your public keyring.
|
|
|
1237 * Comment Field:: Burma
|
|
|
1238 Shave
|
|
|
1239 * Mode Line:: Changing that "MC-w" and "MC-r" stuff
|
|
|
1240 * Key Bindings:: Which keys cause which actions.
|
|
|
1241 * Nonstandard Paths:: Useful if your PGP installation is weird.
|
|
|
1242 @end menu
|
|
|
1243
|
|
|
1244 @node Alternate Keyring, Comment Field, Miscellaneous Configuration, Miscellaneous Configuration
|
|
|
1245 @section Alternate Keyring
|
|
|
1246
|
|
|
1247 By default, Mailcrypt will use the same public keyring that PGP would
|
|
|
1248 use if executed from the shell.
|
|
|
1249
|
|
|
1250 @vindex mc-pgp-alternate-keyring
|
|
|
1251 You can cause Mailcrypt to use a specific public keyring by setting the
|
|
|
1252 variable @code{mc-pgp-alternate-keyring}. If this variable is set,
|
|
|
1253 Mailcrypt will use that keyring for all functions which would otherwise
|
|
|
1254 have used the default. This includes adding keys, extracting keys,
|
|
|
1255 verifying signatures, and encrypting messages.
|
|
|
1256
|
|
|
1257 This feature might be useful if you maintain multiple keyrings; you can
|
|
|
1258 switch between them by setting this variable. Depending on your tastes,
|
|
|
1259 you might want to configure fetching from a keyring as well
|
|
|
1260 (@pxref{Keyring Fetch}).
|
|
|
1261
|
|
|
1262 @node Comment Field, Mode Line, Alternate Keyring, Miscellaneous Configuration
|
|
|
1263 @section Comment Field
|
|
|
1264
|
|
|
1265 By default, Mailcrypt will supply a "comment" option to PGP, resulting
|
|
|
1266 in output which looks something like this:
|
|
|
1267
|
|
|
1268 @example
|
|
|
1269 ----- BEGIN PGP FOOBAR -----
|
|
|
1270 Version: 2.6.3
|
|
|
1271 Comment: Processed by Mailcrypt @value{VERSION}, an Emacs/PGP interface
|
|
|
1272
|
|
|
1273 @dots{}
|
|
|
1274 ----- END PGP FOOBAR -----
|
|
|
1275 @end example
|
|
|
1276
|
|
|
1277 @vindex mc-pgp-comment
|
|
|
1278 To change the comment to one of your own, set the variable
|
|
|
1279 @code{mc-pgp-comment}. Set it to @code{nil} to use PGP's default, which
|
|
|
1280 is probably either no comment or something defined in @file{config.txt}.
|
|
|
1281
|
|
|
1282 @node Mode Line, Key Bindings, Comment Field, Miscellaneous Configuration
|
|
|
1283 @section Mode Line
|
|
|
1284
|
|
|
1285 @code{mc-read-mode} and @code{mc-write-mode} will each indicate they are
|
|
|
1286 active by placing the string @samp{MC-r} or @samp{MC-w} in the mode
|
|
|
1287 line, respectively.
|
|
|
1288
|
|
|
1289 @vindex mc-read-mode-string
|
|
|
1290 @vindex mc-write-mode-string
|
|
|
1291 You can change these strings by setting the variables
|
|
|
1292 @code{mc-read-mode-string} and @code{mc-write-mode-string}. So, for
|
|
|
1293 example, to get rid of the mode indicators entirely, you might put the
|
|
|
1294 following lines into your @file{.emacs} file:
|
|
|
1295
|
|
|
1296 @lisp
|
|
|
1297 (setq mc-read-mode-string "")
|
|
|
1298 (setq mc-write-mode-string "")
|
|
|
1299 @end lisp
|
|
|
1300
|
|
|
1301 @node Key Bindings, Nonstandard Paths, Mode Line, Miscellaneous Configuration
|
|
|
1302 @section Key Bindings
|
|
|
1303
|
|
|
1304 @vindex mc-read-mode-map
|
|
|
1305 @vindex mc-write-mode-map
|
|
|
1306 The Mailcrypt key bindings are defined by the keymaps
|
|
|
1307 @code{mc-read-mode-map} and @code{mc-write-mode-map}. To change the key
|
|
|
1308 bindings, you just need to set these variables in your @file{.emacs}
|
|
|
1309 file.
|
|
|
1310
|
|
|
1311 For example, if you wanted @kbd{C-c C-m} to be the Mailcrypt prefix
|
|
|
1312 (instead of @kbd{C-c /}) in @code{mc-read-mode}, you would put the
|
|
|
1313 following code in your @file{.emacs} file:
|
|
|
1314
|
|
|
1315 @lisp
|
|
|
1316 (setq mc-read-mode-map (make-sparse-keymap))
|
|
|
1317 (define-key mc-read-mode-map "\C-c\C-mf" 'mc-deactivate-passwd)
|
|
|
1318 (define-key mc-read-mode-map "\C-c\C-md" 'mc-decrypt)
|
|
|
1319 (define-key mc-read-mode-map "\C-c\C-mv" 'mc-verify)
|
|
|
1320 (define-key mc-read-mode-map "\C-c\C-ma" 'mc-snarf)
|
|
|
1321 (define-key mc-read-mode-map "\C-c\C-mk" 'mc-pgp-fetch-key)
|
|
|
1322 @end lisp
|
|
|
1323
|
|
|
1324 For more information on Emacs key bindings, see @ref{Key Bindings, ,
|
|
|
1325 Customizing Key Bindings, emacs, The GNU Emacs Manual}.
|
|
|
1326
|
|
|
1327 @node Nonstandard Paths, , Key Bindings, Miscellaneous Configuration
|
|
|
1328 @section Nonstandard Paths
|
|
|
1329
|
|
|
1330 The information in this section should be unnecessary, but is provided
|
|
|
1331 "just in case".
|
|
|
1332
|
|
|
1333 @vindex mc-pgp-path
|
|
|
1334 Mailcrypt will look for the PGP executable in your standard search path
|
|
|
1335 under the name @file{pgp}. To use a different name (or to provide a
|
|
|
1336 complete path), set the variable @code{mc-pgp-path}.
|
|
|
1337
|
|
|
1338 In order to keep your identities straight, Mailcrypt needs to know where
|
|
|
1339 your secret keyring resides.
|
|
|
1340
|
|
|
1341 Mailcrypt figures this out heuristically by assuming that the file
|
|
|
1342 @file{secring.pgp} is in the same directory as your public key ring. It
|
|
|
1343 determines the location of the latter by doing a dry run of PGP with
|
|
|
1344 @samp{+verbose=1} and parsing the output.
|
|
|
1345
|
|
|
1346 @vindex mc-pgp-keydir
|
|
|
1347 If this heuristic is failing for you, you can manually tell Mailcrypt
|
|
|
1348 where your secret key ring is by setting the variable
|
|
|
1349 @code{mc-pgp-keydir}, like this:
|
|
|
1350
|
|
|
1351 @lisp
|
|
|
1352 (setq mc-pgp-keydir "/users/patl/.pgp/")
|
|
|
1353 @end lisp
|
|
|
1354
|
|
|
1355 Note that the trailing slash is @emph{required}.
|
|
|
1356
|
|
|
1357 If the heuristic fails, please report it as a bug (@pxref{Credits}).
|
|
|
1358
|
|
|
1359 Note that if you have changed the default location of your secret
|
|
|
1360 keyring, Mailcrypt will be unable to locate it. You can work around
|
|
|
1361 this by either setting @code{mc-pgp-keydir}, or by making a symbolic
|
|
|
1362 link to your secret keyring from @file{secring.pgp} in your default
|
|
|
1363 public keyring directory.
|
|
|
1364
|
|
|
1365 @node Tips, Limitations, Miscellaneous Configuration, Top
|
|
|
1366 @chapter Tips
|
|
|
1367
|
|
|
1368 Here are some random tips.
|
|
|
1369
|
|
|
1370 @itemize @bullet
|
|
|
1371
|
|
|
1372 @item
|
|
|
1373 PGP provides quite good security when used correctly. You are far more
|
|
|
1374 likely to use it correctly if you have read the directions. Read the
|
|
|
1375 @cite{PGP User's Guide}!
|
|
|
1376
|
|
|
1377 @item
|
|
|
1378 60 seconds is a relatively safe but somewhat inconvenient value for
|
|
|
1379 @code{mc-passwd-timeout}. If your paranoia permits, consider increasing
|
|
|
1380 it to five or ten minutes (@pxref{Passphrase Cache}).
|
|
|
1381
|
|
|
1382 @item
|
|
|
1383 If Mailcrypt ever does something you wish it had not, @emph{DON'T
|
|
|
1384 PANIC}. Just use the normal Emacs undo command, @kbd{M-x undo} or
|
|
|
1385 @kbd{C-x u}, to restore your buffer (@pxref{Undo, Emacs Undo, Undoing
|
|
|
1386 Changes, emacs, The GNU Emacs Manual}). Mailcrypt keeps almost no state
|
|
|
1387 except what you see in your buffer, so any action can be undone this
|
|
|
1388 way.
|
|
|
1389
|
|
|
1390 @item
|
|
|
1391 All Mailcrypt operations place PGP's output in the @code{*MailCrypt*}
|
|
|
1392 buffer. Check it occasionally for status and warning messages.
|
|
|
1393
|
|
|
1394 @item
|
|
|
1395 Add yourself to the Mailcrypt announcements mailing list (@pxref{Mailing
|
|
|
1396 List}). That way you can find out about new versions of Mailcrypt
|
|
|
1397 automatically, and we can enjoy the feeling that people are actually
|
|
|
1398 using our package.
|
|
|
1399
|
|
|
1400 @end itemize
|
|
|
1401
|
|
|
1402 @node Limitations, References, Tips, Top
|
|
|
1403 @chapter Limitations
|
|
|
1404
|
|
|
1405 Mailcrypt is a powerful program, but it is not a complete PGP interface.
|
|
|
1406 Perhaps some future version will be; in the meantime, you will need to
|
|
|
1407 use the command-line interface for some operations. Things which the
|
|
|
1408 current version does not support include:
|
|
|
1409
|
|
|
1410 @table @emph
|
|
|
1411
|
|
|
1412 @item Complete Key Management
|
|
|
1413 Mailcrypt's key management support is limited to adding and extracting
|
|
|
1414 keys from keyrings. It does not support key generation, key removal,
|
|
|
1415 key revocation, ID and trust parameter editing, or key signing. It also
|
|
|
1416 ignores PGP's warnings when you use a key which is not fully certified.
|
|
|
1417 (Of course, you can see these warnings by viewing the @code{*MailCrypt*}
|
|
|
1418 buffer; see @ref{Tips}.)
|
|
|
1419
|
|
|
1420 @item Encryption with Conventional Cryptography
|
|
|
1421 Mailcrypt supports decryption but not encryption with "conventional"
|
|
|
1422 (i.e., non-public key) cryptography.
|
|
|
1423
|
|
|
1424 @item Detached Signatures
|
|
|
1425 Mailcrypt does not support the creation nor the verification of detached
|
|
|
1426 signatures.
|
|
|
1427
|
|
|
1428 @item "For your eyes only" Decryption
|
|
|
1429 Mailcrypt will be unable to decrypt a file which was encrypted with the
|
|
|
1430 "for your eyes only" (@samp{-m}) option. This is actually a bug in PGP,
|
|
|
1431 which provides no portable way to avoid its paging behavior.
|
|
|
1432
|
|
|
1433 @end table
|
|
|
1434
|
|
|
1435 @node References, Credits, Limitations, Top
|
|
|
1436 @chapter References
|
|
|
1437
|
|
|
1438 This chapter contains information and pointers to information about
|
|
|
1439 topics related to PGP and Mailcrypt.
|
|
|
1440
|
|
|
1441 @menu
|
|
|
1442 * Online Resources:: Recreational reading with a purpose.
|
|
|
1443 * Key Servers:: Keepers of the Global Keyring.
|
|
|
1444 * Mailing List:: Staying informed while pumping the
|
|
|
1445 authors' egos.
|
|
|
1446 * Politics:: Anarcho-foobarism.
|
|
|
1447 @end menu
|
|
|
1448
|
|
|
1449 @node Online Resources, Key Servers, References, References
|
|
|
1450 @section Online Resources
|
|
|
1451
|
|
|
1452 @table @file
|
|
|
1453
|
|
|
1454 @item http://world.std.com/~franl/crypto.html
|
|
|
1455 "Cryptography, PGP, and Your Privacy", by Fran Litterio. This page is
|
|
|
1456 simply excellent. It makes all the other References in this chapter
|
|
|
1457 redundant, but we will include them anyway for redundancy.
|
|
|
1458
|
|
|
1459 @item http://web.mit.edu/network/pgp.html
|
|
|
1460 MIT is the canonical distribution site for PGP; this is the announcement
|
|
|
1461 page.
|
|
|
1462
|
|
|
1463 @item ftp://rtfm.mit.edu/pub/usenet/alt.security.pgp/
|
|
|
1464 This is an archive site for the @file{alt.security.pgp} FAQ lists.
|
|
|
1465
|
|
|
1466 @item news:alt.security.pgp
|
|
|
1467 The @file{alt.security.pgp} newsgroup is a good place to go for
|
|
|
1468 discussion about PGP, as well as any topic which any fool anywhere ever
|
|
|
1469 thinks is related to PGP. It is also a good last resort for getting
|
|
|
1470 answers to questions, but please read the FAQ lists first.
|
|
|
1471
|
|
|
1472 @item http://pgp.ai.mit.edu/~bal/pks-toplev.html
|
|
|
1473 Brian LaMacchia (bal@@zurich.ai.mit.edu) has put together a World Wide
|
|
|
1474 Web interface to the public key servers (@pxref{Key Servers}).
|
|
|
1475 Mailcrypt uses this interface by default when attempting to fetch keys
|
|
|
1476 via HTTP (@pxref{HTTP Fetch}); most people get to his interface through
|
|
|
1477 this page.
|
|
|
1478
|
|
|
1479 @item ftp://ftp.csua.berkeley.edu/pub/cypherpunks/Home.html
|
|
|
1480 The Cypherpunks are dedicated to taking proactive measures to ensure
|
|
|
1481 privacy in the digital age. They wrote the software for, and operate
|
|
|
1482 many of, the anonymous remailers currently in existence.
|
|
|
1483
|
|
|
1484 @item http://www.cs.berkeley.edu/~raph/
|
|
|
1485 Raph Levien actively maintains a remailer list which Mailcrypt knows how
|
|
|
1486 to parse. If you are impressed by how easy it is to configure
|
|
|
1487 Mailcrypt's remailer functions, Raph is the one to thank. Raph's page
|
|
|
1488 also has many useful links.
|
|
|
1489
|
|
|
1490 @item http://www.obscura.com/~loki/
|
|
|
1491 Lance Cottrell is the author of Mixmaster. His home page is the
|
|
|
1492 canonical source for information on Mixmaster and is a good source for
|
|
|
1493 PGP pointers in general.
|
|
|
1494
|
|
|
1495 @end table
|
|
|
1496
|
|
|
1497 @node Key Servers, Mailing List, Online Resources, References
|
|
|
1498 @section Key Servers
|
|
|
1499
|
|
|
1500 @dfn{Key servers} are machines with a publicly accessible interface to
|
|
|
1501 an enormous global public keyring. Anyone may add keys to or query this
|
|
|
1502 keyring. Each key server holds a complete copy of the global keyring,
|
|
|
1503 and they arrange to keep one another informed of additions they receive.
|
|
|
1504
|
|
|
1505 This means you can tell any key server to add your public key to the
|
|
|
1506 global keyring, and all of the other servers will know about it within a
|
|
|
1507 day or so. Then anyone will be able to query any key server to obtain
|
|
|
1508 your public key.
|
|
|
1509
|
|
|
1510 To add your key to the keyservers, send an Email message to
|
|
|
1511 @code{pgp-public-keys@@pgp.ai.mit.edu} with a subject line of @samp{ADD}
|
|
|
1512 and a body containing your public key block. With Mailcrypt installed,
|
|
|
1513 you can just type @kbd{C-c / x} to insert your public key block
|
|
|
1514 (@pxref{Inserting Keys}) into the body of the message.
|
|
|
1515
|
|
|
1516 For help with the Email interface to the key servers, send a message
|
|
|
1517 with a subject line of @samp{HELP}. For a World Wide Web interface to
|
|
|
1518 the key servers, see Brian LaMacchia's home page at
|
|
|
1519 @file{http://www-swiss.ai.mit.edu/~bal/}.
|
|
|
1520
|
|
|
1521 Some other key servers include:
|
|
|
1522
|
|
|
1523 @itemize @bullet
|
|
|
1524
|
|
|
1525 @item
|
|
|
1526 pgp-public-keys@@jpunix.com
|
|
|
1527
|
|
|
1528 @item
|
|
|
1529 pgp-public-keys@@kub.nl
|
|
|
1530
|
|
|
1531 @item
|
|
|
1532 pgp-public-keys@@uit.no
|
|
|
1533
|
|
|
1534 @item
|
|
|
1535 pgp-public-keys@@pgp.ox.ac.uk
|
|
|
1536
|
|
|
1537 @end itemize
|
|
|
1538
|
|
|
1539 For a complete list, consult any good online repository of PGP
|
|
|
1540 information (@pxref{Online Resources}).
|
|
|
1541
|
|
|
1542 It is strongly recommended that you submit your key to the key servers,
|
|
|
1543 since many humans and programs (including Mailcrypt) may look for it
|
|
|
1544 there. Besides, it takes mere seconds and the pain passes quickly.
|
|
|
1545
|
|
|
1546 @node Mailing List, Politics, Key Servers, References
|
|
|
1547 @section Mailing List
|
|
|
1548 If you would like to automatically receive information about new
|
|
|
1549 releases of Mailcrypt, send Email to
|
|
|
1550 @samp{mc-announce-request@@cag.lcs.mit.edu} asking to be placed on the
|
|
|
1551 @samp{mc-announce} mailing list. The mailing list is maintained
|
|
|
1552 manually, so please be patient.
|
|
|
1553
|
|
|
1554 The @samp{mc-announce} list is reserved for announcements of new
|
|
|
1555 Mailcrypt versions, so it has extremely low volume. We encourage you to
|
|
|
1556 add yourself so we can get a rough idea of how many people are using
|
|
|
1557 our package.
|
|
|
1558
|
|
|
1559 @node Politics, , Mailing List, References
|
|
|
1560 @section Politics
|
|
|
1561
|
|
|
1562 Cryptography in general, PGP in particular, and free software are
|
|
|
1563 politically somewhat controversial topics. Heck, in the U.S. Congress,
|
|
|
1564 freedom of speech is a controversial topic. Anyway, here are some
|
|
|
1565 organizations you should definitely watch and preferably send lots of
|
|
|
1566 money.
|
|
|
1567
|
|
|
1568 @table @emph
|
|
|
1569
|
|
|
1570 @item The Electronic Frontier Foundation
|
|
|
1571 The EFF (@file{http://www.eff.org/}) works to protect civil liberties in
|
|
|
1572 cyberspace. They also maintain an impressive collection of on-line
|
|
|
1573 resources. If you like Mailcrypt so much that you wish you had paid for
|
|
|
1574 it, this is the number one place we would want to see your money go.
|
|
|
1575 The EFF newsgroups, @file{comp.org.eff.news} and
|
|
|
1576 @file{comp.org.eff.talk}, are required reading for the well-informed.
|
|
|
1577
|
|
|
1578 @item The League for Programming Freedom
|
|
|
1579 The LPF (@file{http://www.lpf.org/}) works to fight software patents,
|
|
|
1580 which threaten to make free software like Mailcrypt impossible.
|
|
|
1581
|
|
|
1582 @item The Center for Democracy and Technology
|
|
|
1583 The CDT (@file{http://www.cdt.org/}) has essentially the same goals as
|
|
|
1584 the EFF, but is more of a lobbying group.
|
|
|
1585
|
|
|
1586 @end table
|
|
|
1587
|
|
|
1588 Mailcrypt's remailer support was inspired by the Communications Decency
|
|
|
1589 Act of 1995 (see @file{http://www.cdt.org/cda.html}) and by the
|
|
|
1590 International "Church" of Scientology (see
|
|
|
1591 @file{http://www.mit.edu:8001/people/rnewman/scientology/}).
|
|
|
1592
|
|
|
1593 @node Credits, Index, References, Top
|
|
|
1594 @chapter Credits
|
|
|
1595 Mailcrypt was written by Jin Choi (jin@@atype.com) and Pat LoPresti
|
|
|
1596 (patl@@lcs.mit.edu). Please send us your bug reports and comments.
|
|
|
1597 Also see @ref{Mailing List}.
|
|
|
1598
|
|
|
1599 This documentation was mostly written by Pat LoPresti, but borrows
|
|
|
1600 heavily from an earlier version by Hal Abelson (hal@@mit.edu).
|
|
|
1601
|
|
|
1602 Mailcrypt would not be as robust nor as featureful if it were not for
|
|
|
1603 our outstanding set of Beta testers:
|
|
|
1604
|
|
|
1605 @itemize @bullet
|
|
|
1606
|
|
|
1607 @item
|
|
|
1608 Samuel Tardieu <sam@@inf.enst.fr>
|
|
|
1609 @item
|
|
|
1610 Richard Stanton <stanton@@haas.berkeley.edu>
|
|
|
1611 @item
|
|
|
1612 Peter Arius <arius@@immd2.informatik.uni-erlangen.de>
|
|
|
1613 @item
|
|
|
1614 Tomaz Borstnar <tomaz@@cmir.arnes.si>
|
|
|
1615 @item
|
|
|
1616 Barry Brumitt <belboz@@frc2.frc.ri.cmu.edu>
|
|
|
1617 @item
|
|
|
1618 Steffen Zahn <Steffen.Zahn%robinie@@sunserv.sie.siemens.co.at>
|
|
|
1619 @item
|
|
|
1620 Mike Campbell <mcampbel@@offenbach.sbi.com>
|
|
|
1621 @item
|
|
|
1622 Mark Baushke <mdb@@cisco.com>
|
|
|
1623 @item
|
|
|
1624 Mike Long <mike.long@@analog.com>
|
|
|
1625
|
|
|
1626 @end itemize
|
|
|
1627
|
|
|
1628 @node Index, , Credits, Top
|
|
|
1629 @unnumbered Index
|
|
|
1630
|
|
|
1631 This index has an entry for every key sequence, function, and variable
|
|
|
1632 documented in this manual.
|
|
|
1633
|
|
|
1634 @printindex cp
|
|
|
1635
|
|
|
1636 @contents
|
|
|
1637 @bye
|
|
|
1638
|
|
|
1639 @c End:
|
