8. Procmail notes and tips
8.1 Configuring Procmail to send automatically your public keys
As this is not the objetive of this Howto, we will comment that the securest way to get the public key from anybody is that he gives it to us directly by hand.
As many times this is not an easy method (how long they are) the people can send the public key by electronic mail, or searching it in a key server, but none of those methods assure that the obtained key is really from whom it seems to be. If you use other communication media considered "secure" (searching the owner in the phone listing and asking him to read his key "fingerprint" to contrast with the fingerprint from the key we have obtained from the non-secure path).
What we are going to see is a "tip" to put into the .procmailrc
from the Procmail mail processor to get back automatically your publick
key to the remitent when you get a message with a determined text in the
Subject
line:
:0 h
* ^Subject:[ ]+\/(|send)[ ]+key pub\>.*
| mutt -s "Re: $MATCH" `formail -rtzxTo:` </clau/mykey.asc
What it is said in the previous paragraph is: we have a copy in ASCII of
our public key, in any directory (in this case the /clau
directory) in a file named mykey.asc
; when procmail gets a
message that include "send key pub" in the Subject:
line, send
the file to the remitent.
IMPORTANT: what you have between the brackets is an space and a tab.
8.2 Verify and decrypt automatically messages without PGP/MIME
When you receive a signed message that uses PGP/MIME and you open it with your preferred MUA (Mutt, isn't it?), it recognizes the message as PGP/MIME and checks the signature if you have the remitent public key. These messages are the ones that have the "S" in the first part of the message line in Mutt:
36 S 05/09 Andres Seco Her ( 12K) Al fin
while the encrypted messages have the "P":
12 P 03/24 Andres Seco Her (6,3K) Re: FW: Re: Mutt - pgp/gnupg
But if the message is signed and has the "application/pgp" MIME type, when you open it Mutt doesn't check its sign, and this sign is into the message body, as here:
-----BEGIN PGP SIGNED MESSAGE-----
Date: Tue, 25 May 1999 13:04:26 +0200
From: La Corporación <bill@reboot.com>
Subject: Actualización S.O.
To: Sufrido Usuario <pepe@casa.es>
Sufrido usuario:
le comunicamos que puede usted adquirir la última actualización del
programa O.E. con la adquisición de nuestro sistema operativo reboot99
por el módico precio de ... etc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iKBGNpUBX0235VapRBUy1KklAQGl9wQA3SBMio0bbbajHAnyKMOlx3tcgNG7/UVC
AbqXcUnyGGOo13Nbas95G34Fee3wsXIFo1obEfgiRzqPzZPLWoZdAnyTlZyTwCHe
6ifVpLTuaXvcn9/76rXoI6u9svN2cqHCgHuNASKHaK9034uq81PSdW4QdGLgLoeB
vnGmxE+tGg32=
=Xidf
-----END PGP SIGNATURE-----
To verify it, you must save it and use the command line. But, it is
possible to convert this MIME messages type with Procmail to allow
Mutt to recognize it as PGP/MIME. You only need to add this
to .procmailrc
:
:0
* !^Content-Type: message/
* !^Content-Type: multipart/
* !^Content-Type: application/pgp
{
:0 fBw
* ^-----BEGIN PGP MESSAGE-----
* ^-----END PGP MESSAGE-----
| formail \
-i "Content-Type: application/pgp; format=text; x-action=encrypt"
:0 fBw
* ^-----BEGIN PGP SIGNED MESSAGE-----
* ^-----BEGIN PGP SIGNATURE-----
* ^-----END PGP SIGNATURE-----
| formail \
-i "Content-Type: application/pgp; format=text; x-action=sign"
}
As you can see, this is valid to signed messages and to encrypted messages with application/pgp.
8.3 Change MIME type for messages with keys inside without PGP/MIME
When you receive a public key block from a non PGP/MIME compliant
MUA, you must save the message body in your disk and then insert it into
your public key ring, but, including this lines into your .procmailrc
file, you can include it directly from mutt.
:0 fBw
* ^-----BEGIN PGP PUBLIC KEY BLOCK-----
* ^-----END PGP PUBLIC KEY BLOCK-----
| formail -i "Content-Type: application/pgp-keys; format=text;"
Thanks to Denis Alan for this procmail note.
Next Previous Contents