From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/28825
Path: main.gmane.org!not-for-mail
From: Florian Weimer <fw@s.netic.de>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: MML, message-send-hook and automatically GnuPG-signing messages.
Date: 18 Jan 2000 14:50:33 +0100
Sender: owner-ding@hpc.uh.edu
Message-ID: <87ya9n7al2.fsf@deneb.cygnus.argh.org>
References: <wtnpuv5wurx.fsf@licia.dtek.chalmers.se> <87d7r25t6t.fsf@deneb.cygnus.argh.org> <wtn3drwabws.fsf@licia.dtek.chalmers.se> <87aem49cht.fsf@deneb.cygnus.argh.org> <wtnr9ffbrbs.fsf@licia.dtek.chalmers.se> <87n1q38v8f.fsf@deneb.cygnus.argh.org> <wtn1z7f8rl8.fsf@licia.dtek.chalmers.se>
NNTP-Posting-Host: coloc-standby.netfonds.no
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: main.gmane.org 1035165602 31830 80.91.224.250 (21 Oct 2002 02:00:02 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Mon, 21 Oct 2002 02:00:02 +0000 (UTC)
Return-Path: <owner-ding@hpc.uh.edu>
Original-Received: from bart.math.uh.edu (bart.math.uh.edu [129.7.128.48])
	by mailhost.sclp.com (Postfix) with ESMTP id B4116D051E
	for <jason@mailhost.sclp.com>; Tue, 18 Jan 2000 10:07:08 -0500 (EST)
Original-Received: from sina.hpc.uh.edu (lists@Sina.HPC.UH.EDU [129.7.3.5])
	by bart.math.uh.edu (8.9.1/8.9.1) with ESMTP id JAB11681;
	Tue, 18 Jan 2000 09:06:36 -0600 (CST)
Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Tue, 18 Jan 2000 09:06:05 -0600 (CST)
Original-Received: from mailhost.sclp.com (postfix@sclp3.sclp.com [204.252.123.139])
	by sina.hpc.uh.edu (8.9.3/8.9.3) with ESMTP id JAA19526
	for <ding@hpc.uh.edu>; Tue, 18 Jan 2000 09:05:36 -0600 (CST)
Original-Received: from mail.cid.net (cephyr.cid.net [212.172.21.2])
	by mailhost.sclp.com (Postfix) with ESMTP id C7E82D051E
	for <ding@gnus.org>; Tue, 18 Jan 2000 10:05:27 -0500 (EST)
Original-Received: from uucp by mail.cid.net (Exim 3.11) with local-bsmtp
	id 12AaCR-0007LW-00; Tue, 18 Jan 2000 16:05:39 +0100
Original-Received: from deneb.cygnus.argh.org ([192.168.1.2] ident=exim)
	by cygnus.argh.org with esmtp (Exim 3.12 #1)
	id 12AZ1J-0002in-00
	for ding@gnus.org; Tue, 18 Jan 2000 14:50:05 +0100
Original-Received: from fw by deneb.cygnus.argh.org with local (Exim 3.12 #1)
	id 12AZ1l-0001pY-00
	for ding@gnus.org; Tue, 18 Jan 2000 14:50:33 +0100
Original-To: ding@gnus.org
In-Reply-To: Jonas Steverud's message of "18 Jan 2000 13:57:55 +0100"
Original-Lines: 57
User-Agent: Gnus/5.0804 (Gnus v5.8.4) Emacs/20.4
Precedence: list
X-Majordomo: 1.94.jlt7
Xref: main.gmane.org gmane.emacs.gnus.general:28825
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:28825

Jonas Steverud <d4jonas@dtek.chalmers.se> writes:

> If I understand it correctly this would work:
> In message-send-hook having a function adding
> <#encrypted>/<#/encrypted> (or whatever) around the entire text and
> then having a buffer that looks like:
> 
> ----------8<--------
> -----texts follows...----
> <#encrypted>
> Some text...
> <#attachment ...>
> ...more text.
> -- 
> .sig
> <#/encrypted>
> ----------8<--------

Yes, that's the idea.  You probably want to add extra information to the
`<#encrypted>' tag, for example the recpients' key ID.

> I will dig into it later when I have a Gnus that works with
> mml-blah-alist.

Glad you found it.  I guess the variable is only defined if `mml' has
been loaded, which happens automatically when you compose a message
(and not upon Gnus startup).

> > I don't think an additional hook is required, in fact, I would be
> > surprised. ;)
> 
> See other mail, I found message-send-*-hook. I blame the manual.

`message-send-*-hook' won't work, that's too late.  You have to bind
`mm-use-ultra-safe-encoding' to `t' while encoding the parts over which
the signature is to be calculated (this prohibits 8-bit data and other
nasty things, as mandated by RFC 2015).

> > You only need additional data structures for decrypting and verifying
> > signatures.
> 
> You forgot the `"' around the word "only"... ;-)

Well, I should have put it before `for'. ;)

> I spoke with the people in se.dator.sys.unix (swedish *nix group) and
> the conclusion was that although it was not 100% safe one could fairly
> sure that it was safe enough to use on Linux/Solaris. 

Linux and Solaris are completely different in this regard. Solaris
(at least the version I tested) is safe, while Linux isn't.

> There where possibilities to intercept my passphrase but the work
> and luck that was needed was too great. You needed to be root to
> begin with (which is a bit hard on a well administred system).

In fact, this is not necessary, and that's the problem. :(