/usr/share/doc/mailcrypt/HTML/mailcrypt_4.html is in mailcrypt 3.5.9-7.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
<html>
<!-- Created on May 27, 2014 by texi2html 1.82
texi2html was written by:
Lionel Cons <Lionel.Cons@cern.ch> (original author)
Karl Berry <karl@freefriends.org>
Olaf Bachmann <obachman@mathematik.uni-kl.de>
and many others.
Maintained by: Many creative people.
Send bugs and suggestions to <texi2html-bug@nongnu.org>
-->
<head>
<title>No value for TITLE: 5. Key Fetching</title>
<meta name="description" content="No value for TITLE: 5. Key Fetching">
<meta name="keywords" content="No value for TITLE: 5. Key Fetching">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="texi2html 1.82">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.smallquotation {font-size: smaller}
pre.display {font-family: serif}
pre.format {font-family: serif}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: serif; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: serif; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.roman {font-family:serif; font-weight:normal;}
span.sansserif {font-family:sans-serif; font-weight:normal;}
ul.toc {list-style: none}
-->
</style>
</head>
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
<a name="Key-Fetching"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="mailcrypt_3.html#Passphrase-Cache" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#Keyring-Fetch" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="mailcrypt_3.html#Passphrase-Cache" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_0.html#Introduction" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_5.html#Miscellaneous-Configuration" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="mailcrypt_0.html#Introduction" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_10.html#Index" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<a name="Key-Fetching-1"></a>
<h1 class="chapter">5. Key Fetching</h1>
<a name="index-mc_002dfetch_002dkey"></a>
<a name="index-C_002dc-_002f-k"></a>
<p>Mailcrypt knows how to fetch PGP public keys from the key servers
(see section <a href="mailcrypt_8.html#Key-Servers">Key Servers</a>). The function <code>mc-fetch-key</code> is bound by
default to <kbd>C-c / k</kbd> in both <code>mc-read-mode</code> and
<code>mc-write-mode</code>. Additionally, <code>mc-encrypt</code>,
<code>mc-decrypt</code>, and <code>mc-verify</code> will offer to call this function
to automatically fetch a desired key. If you call it manually, it will
prompt you for the User ID of the key to fetch.
</p>
<a name="index-mc_002dpgp_002dfetch_002dmethods"></a>
<p>The variable <code>mc-pgp-fetch-methods</code> is a list of ways to attempt to
fetch a key. (More precisely, it is a list of functions to be called,
each of which will attempt to fetch the key.) The methods will be tried
in the order listed. The default list is:
</p>
<table><tr><td> </td><td><pre class="lisp">'(mc-pgp-fetch-from-keyrings
mc-pgp-fetch-from-finger
mc-pgp-fetch-from-http)
</pre></td></tr></table>
<p>For a description of these functions, see the following sections.
</p>
<p>If you are not directly on the Internet, you probably want to obtain a
copy of the global public key ring from the keyservers, install it
somewhere under the name ‘<tt>public-keys.pgp</tt>’, and do:
</p>
<table><tr><td> </td><td><pre class="lisp">(setq mc-pgp-fetch-methods '(mc-pgp-fetch-from-keyrings))
(setq mc-pgp-fetch-keyring-list '("/blah/blah/blah/public-keys.pgp"))
</pre></td></tr></table>
<p>This will allow you to fetch keys from your local copy of the global key
ring instead of sending requests to the key servers directly
(see section <a href="#Keyring-Fetch">Keyring Fetch</a>). Alternately, if your organization has a proxy
HTTP server, you can configure Mailcrypt to use that. See <a href="#HTTP-Fetch">HTTP Fetch</a>.
</p>
<p>If the key is found, you will be shown the result of running PGP on it
locally. This allows you to inspect the signatures on the key
<em>relative to your own keyring</em> before you consent to having it
added. <strong>Inspect the signatures carefully!</strong> Key distribution is
often the Achilles’ heel of public key protocols. If you blindly use
keys obtained from the key servers, you are asking for trouble.
</p>
<p>All of the methods use <code>mc-pgp-fetch-timeout</code> as a timeout in
seconds; the default value is 30.
</p>
<table class="menu" border="0" cellspacing="0">
<tr><td align="left" valign="top"><a href="#Keyring-Fetch">5.1 Keyring Fetch</a></td><td> </td><td align="left" valign="top"> Fetching from one or more other
keyrings on the local system.
</td></tr>
<tr><td align="left" valign="top"><a href="#Finger-Fetch">5.2 Finger Fetch</a></td><td> </td><td align="left" valign="top"> Fetching a key through finger.
</td></tr>
<tr><td align="left" valign="top"><a href="#HTTP-Fetch">5.3 HTTP Fetch</a></td><td> </td><td align="left" valign="top"> Fetching a key off of the Web.
</td></tr>
<tr><td align="left" valign="top"><a href="#GnuPG-Fetch">5.4 GnuPG Fetch</a></td><td> </td><td align="left" valign="top"> Using GnuPG’s internal keyserver interface.
</td></tr>
</table>
<hr size="6">
<a name="Keyring-Fetch"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#Key-Fetching" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#Finger-Fetch" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#Key-Fetching" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#Key-Fetching" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_5.html#Miscellaneous-Configuration" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="mailcrypt_0.html#Introduction" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_10.html#Index" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<a name="Keyring-Fetch-1"></a>
<h2 class="section">5.1 Keyring Fetch</h2>
<a name="index-mc_002dpgp_002dfetch_002dfrom_002dkeyrings"></a>
<p>The function <code>mc-pgp-fetch-from-keyrings</code> will attempt to fetch a
key from a set of keyrings on the locally accessible filesystem. This
is useful if your organization maintains a large common public keyring
whose entire contents you do not wish to duplicate on your own ring. It
is also useful if you download a copy of the global public ring from the
key servers (see section <a href="mailcrypt_8.html#Key-Servers">Key Servers</a>).
</p>
<a name="index-mc_002dpgp_002dfetch_002dkeyring_002dlist"></a>
<p>The variable <code>mc-pgp-fetch-keyring-list</code> controls this behavior.
It is a list of file names of public keyrings which this function will
search, in order, when seeking a key. The default value is <code>nil</code>,
meaning this search will always fail.
</p>
<hr size="6">
<a name="Finger-Fetch"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#Keyring-Fetch" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#HTTP-Fetch" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#Key-Fetching" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#Key-Fetching" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_5.html#Miscellaneous-Configuration" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="mailcrypt_0.html#Introduction" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_10.html#Index" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<a name="Finger-Fetch-1"></a>
<h2 class="section">5.2 Finger Fetch</h2>
<a name="index-mc_002dpgp_002dfetch_002dfrom_002dfinger"></a>
<p>The function <code>mc-pgp-fetch-from-finger</code> will attempt to fetch a key
by fingering an address and parsing the output for a PGP public key
block.
</p>
<hr size="6">
<a name="HTTP-Fetch"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#Finger-Fetch" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#GnuPG-Fetch" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#Key-Fetching" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#Key-Fetching" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_5.html#Miscellaneous-Configuration" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="mailcrypt_0.html#Introduction" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_10.html#Index" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<a name="HTTP-Fetch-1"></a>
<h2 class="section">5.3 HTTP Fetch</h2>
<a name="index-mc_002dpgp_002dfetch_002dfrom_002dhttp"></a>
<p>The function <code>mc-pgp-fetch-from-http</code> will attempt to fetch a key
by connecting to a key server (see section <a href="mailcrypt_8.html#Key-Servers">Key Servers</a>) which has a World
Wide Web interface.
</p>
<a name="index-mc_002dpgp_002dkeyserver_002daddress"></a>
<a name="index-mc_002dpgp_002dkeyserver_002dport"></a>
<a name="index-mc_002dpgp_002dkeyserver_002durl_002dtemplate"></a>
<p>The variables <code>mc-pgp-keyserver-address</code>,
<code>mc-pgp-keyserver-port</code>, and <code>mc-pgp-keyserver-url-template</code>
control the fetching process. The default is to use Brian LaMacchia’s
key server at MIT. If this default should stop working, or if you want
to help with network congestion and machine load, you can choose a
different server. As of this writing, any of the following sequences of
Emacs Lisp in your ‘<tt>.emacs</tt>’ file will work; choose one:
</p>
<table><tr><td> </td><td><pre class="lisp">;; Key server at MIT (Massachusetts, USA)
;; This is the default; these lines are only for reference
;(setq mc-pgp-keyserver-address "pgp.ai.mit.edu")
;(setq mc-pgp-keyserver-port 80)
;(setq mc-pgp-keyserver-url-template
; "/htbin/pks-extract-key.pl?op=get&search=%s")
</pre></td></tr></table>
<table><tr><td> </td><td><pre class="lisp">;; Key server at UPC (Barcelona, Spain)
(setq mc-pgp-keyserver-address "goliat.upc.es")
(setq mc-pgp-keyserver-port 80)
(setq mc-pgp-keyserver-url-template
"/cgi-bin/pks-extract-key.pl?op=get&search=%s")
</pre></td></tr></table>
<table><tr><td> </td><td><pre class="lisp">;; Key server at Cambridge University (Cambridge, England)
(setq mc-pgp-keyserver-address "www.cl.cam.ac.uk")
(setq mc-pgp-keyserver-port 80)
(setq mc-pgp-keyserver-url-template
"/cgi-bin/pks-extract-key.pl?op=get&search=%s")
</pre></td></tr></table>
<table><tr><td> </td><td><pre class="lisp">;; Key server at UIT (Tromso, Norway)
(setq mc-pgp-keyserver-address "www.service.uit.no")
(setq mc-pgp-keyserver-port 80)
(setq mc-pgp-keyserver-url-template
"/cgi-bin/pks-extract-key.pl?op=get&search=%s")
</pre></td></tr></table>
<table><tr><td> </td><td><pre class="lisp">;; Key server at CMU (Pennsylvania, USA)
(setq mc-pgp-keyserver-address "gs211.sp.cs.cmu.edu")
(setq mc-pgp-keyserver-port 80)
(setq mc-pgp-keyserver-url-template "/cgi-bin/pgp-key?pgpid=%s")
</pre></td></tr></table>
<p>If your organization has a firewall, you might not be able to access the
World Wide Web directly. Your organization may have a proxy HTTP server
set up, however. In that case, you should place code like the following
in your ‘<tt>.emacs</tt>’ file. You can use any of the above key servers
instead of the one at MIT, of course.
</p>
<table><tr><td> </td><td><pre class="lisp">;; Mailcrypt configuration for accessing key server through HTTP proxy
(setq mc-pgp-keyserver-address "your.proxy.com")
(setq mc-pgp-keyserver-port 13013) ; Your proxy's port
(setq mc-pgp-keyserver-url-template
"http://pgp.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=%s")
</pre></td></tr></table>
<p>Note that fetching from a key server can be somewhat slow, so be
patient. (At least it beats the tar out of the Email interface.)
</p>
<hr size="6">
<a name="GnuPG-Fetch"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#HTTP-Fetch" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_5.html#Miscellaneous-Configuration" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#Key-Fetching" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#Key-Fetching" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_5.html#Miscellaneous-Configuration" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="mailcrypt_0.html#Introduction" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_10.html#Index" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<a name="GnuPG-Fetch-1"></a>
<h2 class="section">5.4 GnuPG Fetch</h2>
<p>GnuPG happens to have a built-in HKP keyserver interface which is
completely independent from MailCrypt’s own key fetching support. If
your ‘<tt>.gnupg/gpg.conf</tt>’ (‘<tt>.gnupg/options</tt>’ for older versions)
file includes a line like:
</p>
<p>‘<samp>keyserver wwwkeys.pgp.net</samp>’
</p>
<p>then any operation that needs an otherwise-unavailable public key
(which generally means signature verification) will automatically
contact the keyserver and try to retrieve the key. It sends the hex
keyid to the server, not a string, so it could only be used at
encryption time if you already know the keyid of your recipients.
</p>
<p>You can also tell GPG to explicitly request a key (by hex keyid) with
‘<samp>--recv-keys</samp>’, or to send your own key with ‘<samp>--send-keys</samp>’.
Check the GnuPG manual for details.
</p>
<p>It is also possible to fetch keys with <code>mc-fetch-key</code>, although
its behaviour is a bit different from the one described in the pgp
section, if <code>mc-default-scheme</code> is set to
<code>'mc-scheme-gpg</code>. When called interactively, it will prompt for
a key ID to fetch from a keyserver. You can either set the server to
query with
</p>
<table><tr><td> </td><td><pre class="lisp">;; Key server at DFN (Germany)
;; You should choose another one in your region.
(setq mc-gpg-keyserver "blackhole.pca.dfn.de")
</pre></td></tr></table>
<p>in your ‘<tt>.emacs</tt>’ file or let GPG use its default defined in its
configuration file. Every string that can be passed to the gpg
‘<samp>--keyserver</samp>’ option is allowed for <code>mc-gpg-keyserver</code>. At
the moment it is <em>not</em>
possible to pass a search string to the function. Please use the
‘<samp>--search-key</samp>’ command option if you have a newer version of
gpg. Maybe someday we will write a frontend for this.
</p>
<p>If you want to finger a key from a server use the
<code>mc-gpg-fetch-from-finger</code> function. It expects an input of the
form ‘<samp>USER@HOST</samp>’. The variable <code>mc-gpg-finger-timeout</code>
defines the timeout in seconds for the operation.
</p>
<hr size="6">
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#Key-Fetching" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_5.html#Miscellaneous-Configuration" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="mailcrypt_0.html#Introduction" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_10.html#Index" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="mailcrypt_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<p>
<font size="-1">
This document was generated by <em>Barak A. Pearlmutter</em> on <em>May 27, 2014</em> using <a href="http://www.nongnu.org/texi2html/"><em>texi2html 1.82</em></a>.
</font>
<br>
</p>
</body>
</html>
|