As this is not the objetive of this Howto, we will comment that the securest way to get the public key from anybody is that he gives it to us directly by hand.
As many times this is not an easy method (how long they are) the people can send the public key by electronic mail, or searching it in a key server, but none of those methods assure that the obtained key is really from whom it seems to be. If you use other communication media considered "secure" (searching the owner in the phone listing and asking him to read his key "fingerprint" to contrast with the fingerprint from the key we have obtained from the non-secure path).
What we are going to see is a "tip" to put into the .procmailrc
from the Procmail mail processor to get back automatically your publick key to the remitent when you get a message with a determined text in the Subject
line:
:0 h * ^Subject:[ ]+\/(|send)[ ]+key pub\>.* | mutt -s "Re: $MATCH" `formail -rtzxTo:` </clau/mykey.asc
What it is said in the previous paragraph is: we have a copy in ASCII of our public key, in any directory (in this case the /clau
directory) in a file named mykey.asc
; when procmail gets a message that include "send key pub" in the Subject:
line, send the file to the remitent.
IMPORTANT: what you have between the brackets is an space and a tab.
When you receive a signed message that uses PGP/MIME and you open it with your preferred MUA (Mutt, isn't it?), it recognizes the message as PGP/MIME and checks the signature if you have the remitent public key. These messages are the ones that have the "S" in the first part of the message line in Mutt:
36 S 05/09 Andres Seco Her ( 12K) Al fin
while the encrypted messages have the "P":
12 P 03/24 Andres Seco Her (6,3K) Re: FW: Re: Mutt - pgp/gnupg
But if the message is signed and has the "application/pgp" MIME type, when you open it Mutt doesn't check its sign, and this sign is into the message body, as here:
-----BEGIN PGP SIGNED MESSAGE----- Date: Tue, 25 May 1999 13:04:26 +0200 From: La Corporación <[email protected]> Subject: Actualización S.O. To: Sufrido Usuario <[email protected]> Sufrido usuario: le comunicamos que puede usted adquirir la última actualización del programa O.E. con la adquisición de nuestro sistema operativo reboot99 por el módico precio de ... etc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iKBGNpUBX0235VapRBUy1KklAQGl9wQA3SBMio0bbbajHAnyKMOlx3tcgNG7/UVC AbqXcUnyGGOo13Nbas95G34Fee3wsXIFo1obEfgiRzqPzZPLWoZdAnyTlZyTwCHe 6ifVpLTuaXvcn9/76rXoI6u9svN2cqHCgHuNASKHaK9034uq81PSdW4QdGLgLoeB vnGmxE+tGg32= =Xidf -----END PGP SIGNATURE-----
To verify it, you must save it and use the command line. But, it is possible to convert this MIME messages type with Procmail to allow Mutt to recognize it as PGP/MIME. You only need to add this to .procmailrc
:
:0 * !^Content-Type: message/ * !^Content-Type: multipart/ * !^Content-Type: application/pgp { :0 fBw * ^-----BEGIN PGP MESSAGE----- * ^-----END PGP MESSAGE----- | formail \ -i "Content-Type: application/pgp; format=text; x-action=encrypt" :0 fBw * ^-----BEGIN PGP SIGNED MESSAGE----- * ^-----BEGIN PGP SIGNATURE----- * ^-----END PGP SIGNATURE----- | formail \ -i "Content-Type: application/pgp; format=text; x-action=sign" }
As you can see, this is valid to signed messages and to encrypted messages with application/pgp.
When you receive a public key block from a non PGP/MIME compliant MUA, you must save the message body in your disk and then insert it into your public key ring, but, including this lines into your .procmailrc
file, you can include it directly from mutt.
:0 fBw * ^-----BEGIN PGP PUBLIC KEY BLOCK----- * ^-----END PGP PUBLIC KEY BLOCK----- | formail -i "Content-Type: application/pgp-keys; format=text;"
Thanks to Denis Alan for this procmail note.