diff options
Diffstat (limited to '.config/mutt/mutt-gnupg-howto')
| -rwxr-xr-x | .config/mutt/mutt-gnupg-howto | 611 |
1 files changed, 611 insertions, 0 deletions
diff --git a/.config/mutt/mutt-gnupg-howto b/.config/mutt/mutt-gnupg-howto new file mode 100755 index 0000000..cea471a --- /dev/null +++ b/.config/mutt/mutt-gnupg-howto @@ -0,0 +1,611 @@ +======================================================================== + + Everything You Need To Know To Start Using GnuPG with Mutt + +======================================================================== + + By Justin R. Miller <justin@solidlinux.com> + + Revision 0.1, Released 23 September 2001 + +======================================================================== + + I. Purpose + II. Overview + III. Assumptions + IV. Configuring GnuPG + V. Protecting Your Private Key + VI. Publicizing Your Public Key + VII. Understanding Validity and Your Web of Trust + VIII. Understanding The Need For Message Signatures + IX. Understanding How Signatures Are Made + X. Understanding How Encryption Is Done + XI. A Practical Example of Manual Key Management + XII. A Practical Example of Manual Signing and Verification + XIII. A Practical Example of Manual Encryption and Decryption + XIV. Configuring Mutt For Use With GnuPG + XV. Trying It All Out + XVI. Links For More Information + XVII. Contributors + XVIII. Feedback + +======================================================================== + +I. Purpose + +I'm writing this document for a couple of reasons. Firstly, I believe +that everyone should be using encryption and signatures in their email. + +Secondly, I believe that if you are already using a mail client such as +Mutt (which a lot of people are), then there is absolutely no reason for +you not to be using PGP-compatible software. + +Thirdly, all of the documentation that I've seen thus far is geared +toward someone who is already familiar with PGP, so it just explains +things like how to configure Mutt to do such tasks as automatically sign +outgoing messages or write a procmail recipe to rewrite old-style inline +PGP messages as S/MIME messages. This info means little if you don't +understand the technical jargon. By no means do I want to trample the +existing documentation for Mutt or GnuPG, the Mutt-i, GnuPG and PGP +Howto, nor any other existing documentation. I want simply to provide a +resource for the use of Mutt with GnuPG exclusively and to summarize the +important points of the whole matter so that one can get started quickly +and responsibly. + +Fourthly, I am trying to promote both Mutt and GnuPG, as free software +projects, for use in everyday communications. + +Lastly, I enjoy writing tutorials and I hope that this one is of use to +many people. I did a lot of research and I figured a number of things +out on my own, and now I want to help people along. + +======================================================================== + +II. Overview + +When you are finished with this document, you will be able to send and +receive cryptographically signed and/or encrypted email with the Mutt +mail reader and GnuPG, the GNU software implementation of OpenPGP +(RFC2440). If you want to know why you should use encryption, please +read about that topic first (see the links at the end of this document). + +Using GnuPG with Mutt is quite easy, but the main things to be learned +are the details and the theory behind the actual actions. This document +will explain the need for signing and how to sign messages, how to +verify signatures on mail sent to you, how to encrypt messages, and how +to decrypt messages. It will also show you, within the scope of Mutt, +how to collect and manage the public keys of your correspondents and how +to manage your own private key. Lastly, it will show you how to +publicize your own public key and how to encourage others to use PGP +when communicating with you. + +======================================================================== + +III. Assumptions + +Before reading this document, you should have a working knowledge of the +Mutt mail reader and you should know the basics of public key +cryptography. You should understand that a public key is for others to +use when encrypting messages to you and when verifying signatures from +you, and that a private key is used for creating signatures and for +decrypting messages to you. + +======================================================================== + +IV. Configuring GnuPG + +Follow the instructions that came with GnuPG in order to create a +private and public key. If you are not sure what values to use, pick +the default values for key type and key size and use your name and email +address as you would normally address your email. + +The only other thing that you might want to do is to configure GnuPG to +automatically fetch public keys as necessary. This comes in very handy +with Mutt, as you won't have to go and download and import a key +manually in another terminal. In order to do this, add this line to +your ~/.gnupg/options file: + + keyserver <keyserver address> + +Some good keyservers are: + + wwwkeys.pgp.net + search.keyserver.net + pgp.ai.mit.edu + +Please note that key retrievals do not happen over HTTP and as such, the +keyserver address should not start with 'http://'. + +You may test this out by retrieving my public key: + + gpg --recv-keys 0xC9C40C31 + +You may then confirm that the key was added to your keyring: + + gpg --list-keys justin + +======================================================================== + +V. Protecting Your Private Key + +The most important security points to remember in all of this are to +protect your private keyring file, and above that, to protect your +passphrase. There is still a chance that your private key can be +cracked without the passphrase, but it is slim in the hands of one +person. + +You should limit the number of machines on which your private key is +copied. You should only transfer your private key via a floppy disk or +other physical media. If you do not trust the environment on which you +will be working to be free from the possiblity of snooping (i.e. a work +computer where others have access to your personal files), then you +should not introduce your private key to this environment. Either that, +or you should create a separate key for use as a "work key" and keep +your "home key" in a safe environment. + +Theft of your private key by anyone means theft of your identity. In an +increasingly digital world, your private key will soon carry as much +weight as a photo ID, and in some situations already carries more. + +======================================================================== + +VI. Publicizing Your Public Key + +People will need your public key both to verify signed messages by you +and to send you encrypted messages. You can make it available by +putting it on a website, publishing it in print, mailing it via email or +postal mail, faxing it, uploading it to a keyserver, or any number of +other means. + +The more places your public key is put, the better, since there is a +lower chance of all of them being modified and distributed falsely. +However, just because a key can be obtained from multiple places and all +copies may match doesn't mean that the key should be considered valid. +A key should only be considered valid (i.e. truly belonging to its +owner) if it does so within your web of trust (see next section). To +clarify, you can determine whether or not a message originated from a +particular key, but you cannot, aside from a validity check, determine +whether that key belongs to who it seems to belong to. + +You can find my public key in this document, by searching a keyserver +for key ID 0xC9C40C31 or my name, or from my website. In addition, Mutt +makes it easy to send your public key to someone (once Mutt is +configured to work with GnuPG as described below) through the Esc-k key +sequence. + +You may also add an X-header to your outgoing mail to provide key +download information. All of my personal mail includes this header: + + X-PGP-Key: http://solidlinux.com/~justin/pubkey.asc + +All of these approaches, as well as signing all outgoing mail, help +publicize the fact that you wish to use cryptography for secure email +communication. These things will also often generate questions about +what the signature attachment means or why you have a file full of +garbled characters on your website. This lets you have all the more +chances to publicize PGP usage and awareness. + +There is considerable debate as whether signing messages that are sent +out to mass audiences (via mailing lists and the like) is appropriate. +I hope to make available in the near future some arguments for both +sides of this debate, but if you'd like more info, you can search the +mutt-users and gnupg-users mailing list archives. + +======================================================================== + +VII. Understanding Validity and Your Web of Trust + +'Validity' for a particular key refers to the knowledge that the key +belongs to the person to whom you expect it to belong. This knowledge +comes about based on your trust in the people who have signed the key +(including, but not limited to, the key owner). + +'Trust' in a person is a property of your particular installation of +GnuPG. Trust is a private value that only you have to know about and +refers to whether or not you trust the person's signature on a key to be +as good as your signature on a key, and the degree to which that trust +exists. Initially, key owners have a trust value of 'unknown'. You may +give them a trust value of 'none' if they are known to improperly sign +keys. A value of 'marginal' means that they understand key signing and +perform it properly. A value of 'full' means that they have an +excellent understanding of key signing and that you trust their +signature on a key as well as if you had signed the key yourself. + +By default, a key is considered valid if it is signed by at least one +person to whom you give full trust, or it is signed by at least three +people to whom you give marginal trust. This can of course be +reconfigured, and a lower number of marginally trusted owners would +signify a smaller number of people who would have to conspire against +you to pass a key off as valid. + +Without the necessary trusted signatures, the key is not considered +valid. This does not necessarily mean that the key does not belong to +whom you expect it to, but that the software is warning you that it has +no way of knowing. Obviously, the web of trust is the weak point in +public key cryptography, but when used properly can introduce some level +of assurance into the situation. + +Allow me to illustrate the importance of key validity with an example. +Say that you have met someone on IRC and that she has helped you for a +long time with many systems administration issues. She tells you that +she is going to send you a script that you should run as root on your +machine. If you know this script to come from this person, you would +have no problem running it on your machine, due to your trust in her. +But, perhaps someone has previously hijacked the communication between +you and friend in which you obtained her public key. Then, they could +have possibly altered the message to contain a harmful script and passed +it off as valid. The end result is that you are harmed and that you +possibly blame your friend. + +If you had first validated the public key being used, this would have +been avoided. You could have done this by signing the key yourself. +You also could have insured that the key was signed by at least one +other person to whom you have given full trust. Lastly, you could have +insured that the key was signed by at least three key owners to whom you +have given marginal trust. + +In order to sign a public key with your own private key, you must be +absolutely sure that the key belongs to a person who is who they say +they are. You should use a reliable method of communication to verify +the key fingerprint of the key before signing it with your own. You may +obtain a key fingerprint by doing this: + + gpg --fingerprint <key owner name> + +For example, my key fingerprint is: + + 2231 DFF0 869E E3A5 885A E7D4 F787 7A2B C9C4 0C31 + +If you communicate with the key owner, perhaps in person, or over the +phone (if you know their voice), or over certified mail, you know them +to be who they say they are, and the key fingerprints match, then you +may sign the key. You do this by issuing this command: + + gpg --sign-key <key owner name> + +In order to assign trust to a key owner, you must assign the owner a +value in your GnuPG trust database. You do this by editing their key: + + gpg --edit-key <key owner name> + +Type 'trust' and then follow the directions. + +After all of this is done, if you trust someone fully to understand the +significance of key signing, you can thereby, via your web of trust, +validate all keys signed by them. + +======================================================================== + +VIII. Understanding The Need For Message Signatures + +The first reason for message signatures is authenticity. It is a +largely unknown fact that the From: header of email can be trivially +forged. A quick glance can lead you to believe that the mail was sent +by someone who might not have had anything to do with the message. A +signature will help you determine if the mail was really sent by who you +think it was sent by. + +The second reason for signatures is integrity. Someone who has access +to any piece of mail that is waiting for you (perhaps at your ISP) can +change the message. This could affect something as simple as where you +should meet someone to something as serious as which bank account you +should transfer money to. A signature can tell you if the message was +modified between the sender and your mail client. + +======================================================================== + +IX. Understanding How Signatures Are Made + +Signatures typically are attached to the message. Detached signatures +that are placed in an alternate download location are possible, but are +not practical for something such as email, where all-in-one +communication is the goal. The outdated standard for making attached +signatures was to paste it at the bottom of the message, but the new +standard involves an actual MIME attachment to the message. Regardless, +Mutt can verify either style. + +The important thing to understand is that the signature for each piece +of mail is different and is based on both the sender's key and the +content of the message. If all signatures from a person were the same, +then one could just copy the signature from a mailing list post and +start putting it on their own mail. Therefore, the signature is based +partly on the contents of the data being signed. + +Another important point to note that has been brought up recently in +security forums is a weakness of signatures. Because signatures sign +only the body of an email, a malicious hacker could intercept a message +from one person and redirect it to another while still keeping the +signature intact. For example, if your boss emails a co-worker and says +"You're fired!", you could then send this message on to someone else who +would think it was addressed to them and see that the signature belongs +to their boss. The approach to get around this is to always make it +clear in the message body to whom the message is addressed and to put +things in context so that they could not be misconstrued by a third +party. + +======================================================================== + +X. Understanding How Encryption Is Done + +Aside from the obvious fact that the message is encrypted, an important +thing to note about encryption is that even the sender cannot read the +encrypted message. Fortunately, Mutt has two ways around this. There +is an option that lets you save a plaintext copy of your outgoing +messages when saving to a 'sent' folder (see Mutt's 'fcc_clear' option). +You may also configure Mutt to use GnuPG's '--encrypt-to' option to +additionally encrypt all encrypted mail to you so that encrypted mail in +your 'sent' folder can be decrypted by you. Without one of these +options, only the intended recipient can decrypt the message that was +sent out, even if a copy resides in your 'sent' folder. + +In order to encrypt a message to someone, you need their public key. +Once you've got that, you name them as the recipient and the message is +encrypted in an (as of yet) unbreakable code. + +Remember that encryption alone does not guarantee authenticity, as +anyone with the recipient's public key can send them encrypted mail. +Adding a signature to encrypted mail ensures that it originated from you +and was encrypted by you. + +======================================================================== + +XI. A Practical Example of Manual Key Management + +In order to understand what Mutt is going to do for you, you need to +know what happens behind the scenes. In order to verify a signature or +encrypt a piece of mail for someone, you need their public key. You can +either download it from a person's website or request it from a +keyserver, or perhaps the person will email it to you (by the way, Mutt +of course has a handy shortcut to let you get keys out of an email with +the Control-k keystroke). A key looks something like this (below is my +public key): + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.0.6 (GNU/Linux) +Comment: For info see http://www.gnupg.org + +mQGiBDsNpPoRBAC5A1vMkEiE2Z4AE9YYn3FOYi0K/ZDjUIz2/5wK4vX5IN149Yo5 +HzOH0ftJK2oTBRaKJXF1DvUO+eyIRn02BiWoLB/Dy624LEZ7psyfGLB9v/OO1T8k +2RxAHVZefMOlJZhuAXpts2dtzkc0hBApo80Jgka1LW+i1uR/0EMj98hGwwCgl8cE +k2xD4PZGNygAQ8NkVjkkVr8EALVGxfr4+WmmOn/RFyCnFppyYnTkBIPV0/5fUSzr +z53AYXXCfbHx8eF8rRxCjmFdzSu212s7ISOqUXCahLSDcsWhjaavMzD/pA/GvWhO +vTaVprdqT6pipQTvFXE4IgD1PRwl4KCu6BsJMeVWXQkjmh36y1FIA2Ub43VQnZJE +ZBitBACaS+S7+fVFvyvK654Chh0K3Klc1zUL9TE5l0Os2veFLS2s9d6y6fpEhnB0 +iABWPPXZRuPFjM8GG1cw/KtQDo/H2y2PtwG3mElF3fdZklGurvCTffWJyE2UZBz0 +s1owo2LJF978mzKonLOc2sYT7Ix5mdsgdBAjZ4kH8EP7t3NukrQjSnVzdGluIFIu +IE1pbGxlciA8anVzdGluQHZveGVsLm5ldD6IVwQTEQIAFwUCOw2k+gULBwoDBAMV +AwIDFgIBAheAAAoJEPeHeivJxAwxVeEAnRdggrNekDQMyTmd5C1UjITxIhEoAJ9m +q4RDI8Fw8waK4xIGkT32gcR7H4hGBBARAgAGBQI7DcFUAAoJEN+hndnKoo+RBgMA +n3VjFLMZUJO86aqg4MEoQaouK5L4AJ9X5s07QlGNqRruAAVvyQ2tCIz7KbQoSnVz +dGluIFIuIE1pbGxlciA8anVzdGluQHNvbGlkbGludXguY29tPohXBBMRAgAXBQI7 +DsfIBQsHCgMEAxUDAgMWAgECF4AACgkQ94d6K8nEDDFB/QCfYengAcA03vdik/vp +ktnSg88R8Q8An1iQ8g9UKNIBPzbhLYOSOa441y9guQENBDsNpP4QBAC6KTosKykU +PZQY+bd+hTPBHArGLFXGHC5RJtCVEU7iZHt4CEEEveAt6pAzoM/IBEIl0kHoG9Zq +KUE8DY8Wnc/c0fLBFuLxa5G5J+6NBXrQwf7mOhbpFjvUPegnJJpUaTJRCYLc4sBt +jMfaAUZJR5xRXVipLk0e8EwIuDDR1eVwbwADBwP7BU/PbNPMkGcxdrCyznBEvZAA +txqvplJwPZbOpMJ6ck/ckeXoy6G8f3vGUyGqg8bwS8SC+pxOkaBVDdpLXcfcJwJJ +R88HXIjfYZdalnMDELDHAvSsHxDsjs49tLzXRRQ0NpGPEGFiXHzMv43Ke8oYErqd +BvyyxvcrgZ6DdScYwWOIRgQYEQIABgUCOw2k/gAKCRD3h3orycQMMX4zAKCBlYSH +yeddCzek9yaiPoOD+6s3zQCfU0FwlY6o+vDLhSRerSfoA90g7gk= +=ERSn +-----END PGP PUBLIC KEY BLOCK----- + +Once you've got the key in a file on your computer, to add it to your +keyring, or your store of available keys, you would do this: + + gpg --import <key file> + +GnuPG will take care of the rest. The nice thing about the whole system +is that extraneous text before the beginning and ending markers is +ignored, so keys can be embedded with text files that contain other +information, and GnuPG will still be able to import the key(s) from +those files. + +You can verify that a key is now in your keyring by listing all of your +keys: + + gpg --list-keys + +You can also list particular keys by key ID or a word from the owner's +name: + + gpg --list-keys <owner's first name> + +Please note that this is the bare minimum way to use public keys. You +should also take into account your web of trust and later edit the trust +value for the key's owner and/or sign the key if you really want to rely +on communications using it. + +======================================================================== + +XII. A Practical Example of Manual Signing and Verification + +Take for example a sample piece of text: + + Here is some sample text. + +If I saved this to a file called sample.txt and wanted to sign it before +distributing it, I would do this: + + gpg --clearsign sample.txt + +After entering my passphrase, this will output a new, signed version at +sample.txt.asc: + +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +Here is some sample text. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (GNU/Linux) +Comment: For info see http://www.gnupg.org + +iD8DBQE7fE+B94d6K8nEDDERAnWcAJ9ZOEiWcmfuDokPfvJtch/ERbZZFwCfeNKS +3UFUmgeigIIJQcZbhocMJUQ= +=FCcr +-----END PGP SIGNATURE----- + +With Mutt, your text can be signed automatically, the passphrase can be +cached for a customizable amount of time, and the recipient will get +your message along with a MIME attachment of the signature. + +In order to verify a signed file, I would do this: + + gpg --verify sample.txt.asc + +The output, providing I have the signer's (my own) public key, looks +like this: + + gpg: Signature made Thu 16 Aug 2001 06:56:01 PM EDT using DSA key ID C9C40C31 + gpg: Good signature from "Justin R. Miller <justin@solidlinux.com>" + +Mutt can automatically verify signatures, retrieving public keys if +necessary, and will show signed messages as just the message text with +some status bar info regarding the signature validity. It looks almost +like regular mail, and you don't have to do a thing to verify the +message's integrity besides have the sender's public key (or have it +automatically fetched). + +======================================================================== + +XIII. A Practical Example of Manual Encryption and Decryption + +In order to encrypt our file, we would run this: + + gpg --encrypt --armor sample.txt + +The '--armor' option causes the encrypted file to be outputted as text +instead of binary data. After choosing the public key of the intended +recipient, an encrypted file might look like this: + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v1.0.6 (GNU/Linux) +Comment: For info see http://www.gnupg.org + +wh/HTTQIPdAOfSz9ZwsabH5dS9llSpeHHNGpO2cyR90owL3/p59IqG/7YycnaT6m +s5v45hAdGVVwHjwkUlqJElKgqD02S3i7qbOxOfE5vdeMhdew96/Axvi4QW94gY9R +ZTKjfes5QstgMHswNtn8MHIjZBShVCmRzTh04LjC8R3u/hWSvOZZes2+dJIcZOUE +AMvRRpatVVEb5AzdPRO1QaSHVwKQb+1DxeOWUviVOzp6CkPfmJPeazHRL6QjMZAM +AW5SCo4WME7Gupx931TxckRhCxDjoC63fz5sZzDB6mZhDZRxJf8HcG0L0sz4oCXr +hQEOA5Bet+UpglfCEAQAxojHuWKt/kcsdN8wZc4f0IJUU4WWEXWNoXUx+rN2Qkah +QXNDInfL5U98QkLtiPMLIifkm7YjQtqx0/9Sm8ngpFKb0lkBve/VUt+Z6bRp+2iC +m1KtBnoml6mYKCg05bRY6jrd2/0iT5sVBEHnaA== +=jW1T +-----END PGP MESSAGE----- + +With Mutt, you can just indicate that you would like to encrypt a +message, choose the intended recipient's public key from a menu, and the +message is sent without you ever having to see the encryption. + +Since I cannot decrypt the above file (as it wasn't intended for me), I +will just show the steps necessary to decrypt a file: + + gpg --decrypt <encrypted file> + +After entering my passphrase and if the message was intended for me, a +new file will be written containing the decrypted text. + +With Mutt, the passphrase can be cached and messages will automatically +be decrypted and displayed in the message view screen, along with a +brief indication of whether encryption and/or a signature was involved. + +======================================================================== + +XIV. Configuring Mutt For Use With GnuPG + +In order to use Mutt with GnuPG, PGP support must be compiled in when +building Mutt (this happens by default). Also, you need to add some +directives to your .muttrc (or source a file containing these +directives) which tells Mutt how to interact with GnuPG. Here are the +commands that I use: + +set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f" +set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f" +set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output - %f" +set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f" +set pgp_clearsign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f" +set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0xC9C40C31 -- -r %r -- %f" +set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0xC9C40C31 -- -r %r -- %f" +set pgp_import_command="gpg --no-verbose --import -v %f" +set pgp_export_command="gpg --no-verbose --export --armor %r" +set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --check-sigs %r" +set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons --list-keys %r" +set pgp_list_secring_command="gpg --no-verbose --batch --with-colons --list-secret-keys %r" +set pgp_autosign=yes +set pgp_sign_as=0xC9C40C31 +set pgp_replyencrypt=yes +set pgp_timeout=1800 +set pgp_good_sign="^gpg: Good signature from" + +Aside from the basic commands necessary to inter-operate with GnuPG, +these directives also tell Mutt to automatically sign all outgoing +messages using key ID 0xC9C40C31 (my key), to encrypt all encrypted mail +to me as well (for storage in my 'sent' folder, and to cache my +passphrase for a half hour. + +======================================================================== + +XV. Trying It All Out + +Mutt should be ready to go at this point. The first time you send a +message, Mutt will ask you for your passphrase, which it will then +cache, then it will sign all outgoing messages. When you receive a +signed message, Mutt will use the sender's public key (fetching it if it +has to) to verify the signature. When encrypting messages, it will ask +for your passphrase (if not cached) and will present you with a menu of +public keys that it believes match the intended recipient. Lastly, when +decrypting messages, it will ask you for your passphrase if the cache +has expired or it hasn't been entered yet. + +======================================================================== + +XVI. Links For More Information + +The Mutt E-Mail Client Home Page + (http://www.mutt.org/) + +The GNU Privacy Guard Home Page + (http://www.gnupg.org/) + +The Mutt-i, GnuPG and PGP Howto + (http://linuxdoc.org/HOWTO/Mutt-GnuPG-PGP-HOWTO.html) + +The International PGP Home Page + (http://www.pgpi.org/) + +Why You Should Use Encryption + (http://www.goingware.com/encryption/) + +======================================================================== + +XVII. Contributors + +I'd like to thank the following people for assistance in revising this +document: + + - Dave Chapeskie, for many clarifications, corrections, + recommendations, and security tips + + - Thomas Roessler, for a very clear explanation of validity and trust + +I'd like to thank the following people for suggestions and feedback that +I may incorporate into a later revision of this document: + + - Andrew McDonald + - Rick Moen + - Andy Smith + +Lastly, I would like to thank you for reading this far! + +======================================================================== + +XVIII. Feedback + +I hope that this document has been of use to you. Please let me know if +there is any way that I can improve it. You can contact me via email at +justin@solidlinux.com, and I would of course prefer that you use +encryption when doing so using my public key, found elsewhere in this +document or at http://solidlinux.com/~justin/pubkey.asc. + +$Id: mutt-gnupg-howto,v 1.1.1.1 2002/03/04 00:03:18 incanus Exp $ +http://codesorcery.net/old/mutt/mutt-gnupg-howto |