1
This is mailcrypt.info, produced by makeinfo version 4.2 from
6
* Mailcrypt: (mailcrypt). An Emacs/PGP interface.
9
This documentation describes Mailcrypt version 3.5.8. This
10
documentation was last updated on August 29, 1998.
12
Copyright 1995 Patrick J. LoPresti Copyright 1998 Leonard R. Budney
13
Copyright 2001 Brian Warner
15
The Mailcrypt program and this manual are published as free software.
16
You may redistribute and/or modify them under the terms of the GNU
17
General Public License as published by the Free Software Foundation;
18
either version 2, or (at your option) any later version.
20
Mailcrypt is distributed in the hope that it will be useful, but
21
WITHOUT ANY WARRANTY; without even the implied warranty of
22
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23
General Public License for more details.
25
You should have received a copy of the GNU General Public License
26
along with GNU Emacs; see the file COPYING. If not, write to the Free
27
Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
30
File: mailcrypt.info, Node: Top, Next: Introduction, Prev: (dir), Up: (dir)
35
Mailcrypt is an Emacs Lisp package which provides a simple but
36
powerful interface to cryptographic functions for mail and news.
38
This documentation describes Mailcrypt version 3.5.8. The
39
documentation was last updated on August 29, 1998.
43
* Introduction:: Read this first.
44
* General Use:: Everyday cryptographic functions.
45
* Remailer Support:: Interface to secure anonymous remailers.
46
* Passphrase Cache:: Letting Mailcrypt remember your passphrase
48
* Key Fetching:: Automatically retrieving public keys
50
* Miscellaneous Configuration:: Random tweakables.
51
* Tips:: Hints and tricks.
52
* Limitations:: Things Mailcrypt does not do.
53
* References:: Pointers to relevant information.
54
* Credits:: Whom to blame.
55
* Index:: Keys, variables, and functions.
57
--- The Detailed Node Listing ---
61
* Prerequisites:: Complicated stuff you may have to do.
62
* Installation:: Simple stuff you probably have to do.
63
* Command Overview:: A brief summary of the most common
68
* Hooking into Rmail::
76
* Encrypting:: Encrypting a message to one or more
78
* Signing:: Clearsigning a message.
79
* Inserting Keys:: Extracting a key from your public key
80
ring and inserting it.
81
* Decrypting:: Decrypting a message to you.
82
* Verifying:: Verifying the signature on a clearsigned
84
* Snarfing Keys:: Finding a key in the current message and
85
adding it to your keyring.
89
* Remailer Introduction:: A little about remailers in general.
90
* Remailer Quick Start:: Getting started quickly.
91
* Remailer Chains:: Creating custom chains of your very own.
92
* Response Blocks:: A way to let people reply to your
94
* Pseudonyms:: Who do you want to be today?
95
* Remailing Posts:: Posting to USENET anonymously or
97
* Mixmaster Support:: Remailers for the truly paranoid.
98
* Remailer Security:: Caveats.
99
* Verifiable Pseudonyms:: Giving expression to the voices in your
101
* Remailer Tips:: Free advice.
105
* Keyring Fetch:: Fetching from one or more other
106
keyrings on the local system.
107
* Finger Fetch:: Fetching a key through finger.
108
* HTTP Fetch:: Fetching a key off of the Web.
109
* GnuPG Fetch:: Using GnuPG's internal keyserver interface.
111
Miscellaneous Configuration
113
* Alternate Keyring:: Specifying a different file to act
114
like your public keyring.
115
* Comment Field:: Burma
117
* Mode Line:: Changing that "MC-w" and "MC-r" stuff
118
* Key Bindings:: Which keys cause which actions.
119
* Nonstandard Paths:: Useful if your PGP installation is weird.
123
* Online Resources:: Recreational reading with a purpose.
124
* Key Servers:: Keepers of the Global Keyring.
125
* Mailing List:: Staying informed while pumping the
127
* Politics:: Anarcho-foobarism.
130
File: mailcrypt.info, Node: Introduction, Next: General Use, Prev: Top, Up: Top
135
Mailcrypt is an Emacs Lisp package which provides a simple but
136
powerful interface to cryptographic functions for mail and news. With
137
Mailcrypt, encryption becomes a seamlessly integrated part of your mail
138
and news handling environment.
140
This manual is long because it is complete. All of the information
141
you need to get started is contained in this Introduction alone.
145
* Prerequisites:: Complicated stuff you may have to do.
146
* Installation:: Simple stuff you probably have to do.
147
* Command Overview:: A brief summary of the most common
151
File: mailcrypt.info, Node: Prerequisites, Next: Installation, Prev: Introduction, Up: Introduction
156
Mailcrypt requires version 19 or higher of GNU Emacs. Mailcrypt has
157
been tested on a variety of systems under both FSF Emacs and XEmacs.
159
Mailcrypt requires Pretty Good (tm) Privacy, usually known as PGP.
160
This document assumes that you have already obtained and installed PGP
161
and that you are familiar with its basic functions. The best way to
162
become familiar with these functions is to read the `PGP User's Guide',
165
For more information on obtaining and installing PGP, refer to the
166
MIT PGP home page at `http://web.mit.edu/network/pgp.html'.
168
Although Mailcrypt may be used to process data in arbitrary Emacs
169
buffers, it is most useful in conjunction with other Emacs packages for
170
handling mail and news. Mailcrypt has specialized support for Rmail
171
(*note Rmail: (emacs)Rmail.), VM (*note VM: (vm)Top.), MH-E, and Gnus
172
(*note Gnus: (gnus)Top.). Information on the general use of these
173
packages is beyond the scope of this manual.
176
File: mailcrypt.info, Node: Installation, Next: Command Overview, Prev: Prerequisites, Up: Introduction
181
If Mailcrypt is not installed on your system, obtain the latest
182
version from the Mailcrypt home page at
183
`http://mailcrypt.sourceforge.net' and follow the instructions in the
186
Next, decide what version of PGP you are using. Versions 3.5 and
187
higher of Mailcrypt support multiple versions of PGP. To choose a
188
version, add the following lines to your `.emacs' file:
190
(load-library "mailcrypt") ; provides "mc-setversion"
191
(mc-setversion "2.6") ; for PGP 2.6 (default); also "5.0" and "gpg"
193
Next, teach your Emacs how and when to load the Mailcrypt functions
194
and install the Mailcrypt key bindings. Almost all Emacs major modes
195
(including mail and news handling modes) have corresponding "hook"
196
variables which hold functions to be run when the mode is entered. All
197
you have to do is add the Mailcrypt installer functions to the
198
appropriate hooks; then the installer functions will add the Mailcrypt
199
key bindings when the respective mode is entered.
201
Specifically, begin by placing the following lines into your
202
`.emacs' file (or the system-wide `default.el' file):
204
(autoload 'mc-install-write-mode "mailcrypt" nil t)
205
(autoload 'mc-install-read-mode "mailcrypt" nil t)
206
(add-hook 'mail-mode-hook 'mc-install-write-mode)
208
Then add additional lines for your own mail and news packages as
213
* Hooking into Rmail::
215
* Hooking into MH-E::
216
* Hooking into Gnus::
220
File: mailcrypt.info, Node: Hooking into Rmail, Next: Hooking into VM, Prev: Installation, Up: Installation
225
To hook Mailcrypt into Rmail, use the following lines:
227
(add-hook 'rmail-mode-hook 'mc-install-read-mode)
228
(add-hook 'rmail-summary-mode-hook 'mc-install-read-mode)
230
Using Emacs version 20.3 or higher, you should use the following
233
(add-hook 'rmail-show-message-hook 'mc-install-read-mode)
234
(add-hook 'rmail-summary-mode-hook 'mc-install-read-mode)
237
File: mailcrypt.info, Node: Hooking into VM, Next: Hooking into MH-E, Prev: Hooking into Rmail, Up: Installation
242
To hook Mailcrypt into VM, use the following lines:
244
(add-hook 'vm-mode-hook 'mc-install-read-mode)
245
(add-hook 'vm-summary-mode-hook 'mc-install-read-mode)
246
(add-hook 'vm-virtual-mode-hook 'mc-install-read-mode)
247
(add-hook 'vm-mail-mode-hook 'mc-install-write-mode)
250
File: mailcrypt.info, Node: Hooking into MH-E, Next: Hooking into Gnus, Prev: Hooking into VM, Up: Installation
255
To hook Mailcrypt into MH-E, use the following lines:
257
(add-hook 'mh-folder-mode-hook 'mc-install-read-mode)
258
(add-hook 'mh-letter-mode-hook 'mc-install-write-mode)
261
File: mailcrypt.info, Node: Hooking into Gnus, Next: Hooking into Mew, Prev: Hooking into MH-E, Up: Installation
266
To hook Mailcrypt into Gnus, use the following lines:
268
(add-hook 'gnus-summary-mode-hook 'mc-install-read-mode)
269
(add-hook 'message-mode-hook 'mc-install-write-mode)
270
(add-hook 'news-reply-mode-hook 'mc-install-write-mode)
273
File: mailcrypt.info, Node: Hooking into Mew, Prev: Hooking into Gnus, Up: Installation
278
To hook Mailcrypt into Mew, use the following lines:
280
(add-hook 'mew-message-mode-hook 'mc-install-read-mode)
281
(add-hook 'mew-summary-mode-hook 'mc-install-read-mode)
282
(add-hook 'mew-draft-mode-hook 'mc-install-write-mode)
284
Note that Mew already has extensive support for MIME-encoded
285
encrypted and/or signed messages (using the "multipart/encrypted" and
286
"application/pgp-encrypted" formats specified by RFC3156). Using
287
MailCrypt within Mew is most useful for traditional "inline" armored
288
encrypted/signed messages.
291
File: mailcrypt.info, Node: Command Overview, Prev: Installation, Up: Introduction
296
All Mailcrypt commands are (by default) activated by three-character
297
key sequences which begin with `C-c /'. The most common operations are:
299
_Encrypting a Message_
300
`C-c / e' encrypts a message using the recipient's (or recipients')
301
public key(s). *Note Encrypting a Message: Encrypting.
303
_Decrypting a Message_
304
`C-c / d' decrypts a message using your secret key. *Note
305
Decrypting a Message: Decrypting.
308
`C-c / s' clearsigns a message using your secret key. *Note
309
Signing a Message: Signing.
311
_Verifying a Signature_
312
`C-c / v' verifies the signature on a clearsigned message using the
313
sender's public key. *Note Verifying a Signature: Verifying.
315
These functions and others are documented in detail in the following
318
Any time you are composing or reading mail or news, you can get a
319
summary of the available commands by typing `C-h m'. If you are
320
running Emacs under X, an even easier way to see the available commands
321
is to access the `Mailcrypt' pull-down menu.
324
File: mailcrypt.info, Node: General Use, Next: Remailer Support, Prev: Introduction, Up: Top
329
By default, Mailcrypt assumes you are using one of the PGP 2.6.x
330
versions. This permits backward compatibility for the millions of
331
satisfied users of Mailcrypt 3.4 worldwide. If you wish to specify a
332
different version of PGP, use this function. Its action is the same as
333
setting the variable `mc-default-scheme'. For a list of supported
334
versions, press the tab key. "2.6" means 2.6.x, the original (and
335
default). "5.0" is pgp 5.0. "gpg" is GnuPG.
337
Mailcrypt works by providing two minor modes for interfacing with
338
cryptographic functions: `mc-read-mode' and `mc-write-mode'.
339
`mc-read-mode' provides key bindings for processing messages which you
340
have received; `mc-write-mode' provides key bindings for processing
341
messages which you are about to send. These minor modes will indicate
342
when they are active by placing a characteristic string in the mode
343
line (*note Mode Line::). They will also add a `Mailcrypt' pull-down
344
menu to the menu bar.
346
The normal installation procedure (*note Installation::) will arrange
347
for the appropriate mode to be active when you read and compose mail and
348
news. But you may want to use Mailcrypt's functions at other times; to
349
do so, you can call `mc-install-read-mode' or `mc-install-write-mode'
350
directly. For example, if you were editing a file in Text mode and
351
wanted to digitally sign it, you would type `M-x
352
mc-install-write-mode', then `C-c / s' (*note Signing::).
354
Once one of the Mailcrypt modes is active, you can get a summary of
355
the available functions by typing `C-h m' or by examining the
356
`Mailcrypt' pull-down menu.
358
The description of each function below includes which of the modes
359
has a binding for that function.
363
* Encrypting:: Encrypting a message to one or more
365
* Signing:: Clearsigning a message.
366
* Inserting Keys:: Extracting a key from your public key
367
ring and inserting it.
368
* Decrypting:: Decrypting a message to you.
369
* Verifying:: Verifying the signature on a clearsigned
371
* Snarfing Keys:: Finding a key in the current message and
372
adding it to your keyring.
375
File: mailcrypt.info, Node: Encrypting, Next: Signing, Prev: General Use, Up: General Use
380
The function `mc-encrypt' will encrypt a message in the current
381
buffer. `mc-write-mode' binds this function to `C-c / e' by default.
383
When this function is called, Mailcrypt will prompt you for a
384
comma-separated list of recipients. If called from a mail composition
385
buffer, the recipient list will default to the Email addresses in the
386
`To', `CC', and `BCC' lines of the message.
388
If you want to be able to decrypt the message yourself, you need to
389
add yourself to the recipient list. If you always want to do so, set
390
the variable `mc-encrypt-for-me' to `t'. (Note that Mailcrypt
391
overrides the PGP "encrypttoself" flag; use this variable instead.)
393
If you provide an empty recipient list, Mailcrypt will ASCII-armor
394
the message without encrypting it.
396
Once you have edited the recipient list to your satisfaction, type
397
`<RET>' to accept it. You will then be asked whether you want to sign
398
the message; answer `y' or `n'. You can avoid this question by setting
399
the variable `mc-pgp-always-sign': A value of `t' means "yes", a value
400
of `'never' means "no".
402
If you elect to sign the message, Mailcrypt will prompt you for the
403
appropriate passphrase unless it is cached (*note Passphrase Cache::).
405
Mailcrypt will then pass the message to PGP for processing.
406
Mailcrypt will call the functions listed in `mc-pre-encryption-hook' and
407
`mc-post-encryption-hook' immediately before and after processing,
408
respectively. The encrypted message will then replace the original
409
message in the buffer. You can undo the encryption with the normal
410
Emacs undo command `C-x u' (*note Emacs Undo: (emacs)Undo.).
412
If an error occurs, Mailcrypt will display an appropriate diagnostic.
413
If you do not have the public key for one of the specified recipients,
414
Mailcrypt will offer to try to fetch it for you (*note Key Fetching::).
416
The default key for signing is the first one on the secret key ring
417
which matches the string `mc-pgp-user-id'; this defaults to
418
`(user-login-name)'. Note that this differs from PGP's normal default,
419
which is to use the first of _all_ of the secret keys. To mimic PGP's
420
behavior, set this variable to `""'. This variable is specific to pgp
421
2.6.x; `mc-pgp50-user-id' and `mc-gpg-user-id' are the corresponding
422
variables for pgp 5.0 and GnuPG.
424
If you want to use a secret key other than your default for signing
425
the message, pass a prefix argument to `mc-encrypt'. (That is, type
426
`C-u C-c / e'.) Mailcrypt will prompt for a string and will sign with
427
the first key on your secret keyring which matches that string. It will
428
be assumed that you want to sign the message, so you will not be
432
File: mailcrypt.info, Node: Signing, Next: Inserting Keys, Prev: Encrypting, Up: General Use
437
The function `mc-sign' will clearsign a message in the current
438
buffer. `mc-write-mode' binds this function to `C-c / s' by default.
440
When this function is called, Mailcrypt will prompt you for the
441
appropriate passphrase unless it is cached (*note Passphrase Cache::).
443
Mailcrypt will then pass the message to PGP for processing.
444
Mailcrypt will call the functions listed in `mc-pre-signature-hook' and
445
`mc-post-signature-hook' immediately before and after processing,
446
respectively. The signed message will replace the original message in
447
the buffer. _Do not_ edit the message further with the signature
448
attached, because the signature would then be incorrect. If you
449
discover you need to edit a message after you have signed it, remove the
450
signature first with the normal Emacs undo command `C-x u' (*note Emacs
453
The variable `mc-pgp-user-id' controls which secret key is used for
454
signing; it is described in *Note Encrypting a Message: Encrypting. To
455
use a different secret key, pass a prefix argument to `mc-sign'. (That
456
is, type `C-u C-c / s'.) Mailcrypt will prompt for a string and will
457
sign with the first key on your secret keyring which matches that
461
File: mailcrypt.info, Node: Inserting Keys, Next: Decrypting, Prev: Signing, Up: General Use
463
Inserting a Public Key Block
464
============================
466
The function `mc-insert-public-key' will extract a key from your
467
public keyring and insert it into the current buffer. `mc-write-mode'
468
binds this function to `C-c / x' by default.
470
This function is useful for sending your public key to someone else
471
or for uploading it to the key servers (*note Key Servers::). The
472
inserted key will be the first one on your public key ring which
473
matches the string `mc-pgp-user-id' (*note Encrypting a Message:
476
You may want to insert a different public key instead; for example,
477
you may have signed someone's key and want to send it back to them. To
478
do so, pass a prefix argument to `mc-insert-public-key'. (That is,
479
type `C-u C-c / x'.) You will be prompted for a string; the first key
480
on your public key ring which matches that string will be inserted.
483
File: mailcrypt.info, Node: Decrypting, Next: Verifying, Prev: Inserting Keys, Up: General Use
488
The function `mc-decrypt' will decrypt a message in the current
489
buffer. `mc-read-mode' binds this function to `C-c / d' by default.
491
When this function is called, Mailcrypt will prompt you for the
492
appropriate passphrase unless it is cached (*note Passphrase Cache::).
494
The encrypted message will then be passed to PGP for processing. If
495
you are not in a mail buffer, the decrypted message will replace the
496
encrypted form. If you are in a mail buffer, you will be prompted
497
whether to do the replacement.
499
If you answer `n', you will be placed in a new mail reading buffer
500
to view the decrypted message. This new mail reading buffer will have
501
no corresponding disk file; its purpose is to provide you with all of
502
your usual reply and citation functions without requiring you to save
503
the message in decrypted form. Type `q' to kill this buffer.
505
You can avoid the question of whether to replace the encrypted
506
message by setting the variable `mc-always-replace'. A value of `t'
507
means "yes"; a value of `'never' means "no".
509
If the encrypted message is also signed, PGP will attempt to verify
510
the signature. If the verification fails because you lack the necessary
511
public key, Mailcrypt will offer to fetch it for you (*note Key
514
Look in the `*MailCrypt*' buffer to see the result of the signature
518
File: mailcrypt.info, Node: Verifying, Next: Snarfing Keys, Prev: Decrypting, Up: General Use
520
Verifying a Signature
521
=====================
523
The function `mc-verify' will verify the cleartext signature on a
524
message in the current buffer. `mc-read-mode' binds this function to
525
`C-c / v' by default.
527
When this function is called, Mailcrypt will pass the message to PGP
528
for processing and report whether or not the signature verified.
530
If the signature failed to verify because you lack the necessary
531
public key, Mailcrypt will offer to fetch it for you (*note Key
535
File: mailcrypt.info, Node: Snarfing Keys, Prev: Verifying, Up: General Use
540
The function `mc-snarf' will add to your keyring any keys in the
541
current buffer. `mc-read-mode' binds this function to `C-c / a' by
544
This function is useful when someone sends you a public key in an
548
File: mailcrypt.info, Node: Remailer Support, Next: Passphrase Cache, Prev: General Use, Up: Top
553
This is a long chapter describing an advanced feature; you may want
554
to skip it on first reading.
558
* Remailer Introduction:: A little about remailers in general.
559
* Remailer Quick Start:: Getting started quickly.
560
* Remailer Chains:: Creating custom chains of your very own.
561
* Response Blocks:: A way to let people reply to your
563
* Pseudonyms:: Who do you want to be today?
564
* Remailing Posts:: Posting to USENET anonymously or
566
* Mixmaster Support:: Remailers for the truly paranoid.
567
* Remailer Security:: Caveats.
568
* Verifiable Pseudonyms:: Giving expression to the voices in your
570
* Remailer Tips:: Free advice.
573
File: mailcrypt.info, Node: Remailer Introduction, Next: Remailer Quick Start, Prev: Remailer Support, Up: Remailer Support
575
Remailer Introduction
576
=====================
578
There are several anonymous remailer services running on the
579
Internet. These are programs that accept mail, strip off information
580
that would identify the origin of the message, and forward the mail to
581
the designated recipient. This simple scheme alone, however, is
582
insecure if the anonymous remailer becomes compromised (or if the
583
remailer was set up by an untrustworthy party in the first place).
584
Whoever controls the remailer will have access to the identities of
585
senders and recipients.
587
One solution to this is to use _chains_ of remailers that send
588
encrypted messages. For example, suppose Bill wishes to send a message
589
to Louis using a chain of remailers A, B, and C. He writes the message
590
(possibly encrypting it for Louis), then encrypts the result (including
591
the fact that Louis is the recipient) using a public key supplied by
592
remailer C. Then he encrypts this result using a public key supplied by
593
remailer B. Then he encrypts this result using a public key supplied by
594
A and sends the message to A.
596
When A receives the message, it decrypts the message with its key to
597
produce something encrypted for B, learns that the next remailer in the
598
chain is B, strips off the information that the message came from Bill,
599
and sends the message on to B. B then decrypts, learns that the next
600
remailer in the chain is C, strips off the information that the message
601
came from A, and sends the result to C. C then decrypts, learns that
602
the destination is Louis, strips off the information that the message
603
came from B, and sends the result to Louis. With this arrangement, only
604
A knows that the original message came from Bill, and only C knows that
605
the intended recipient is Louis. In general, the sender and recipient
606
can both be known only to someone who has compromised all remailers in
609
If Bill wishes, he can include an encrypted "response block" in his
610
message to Louis, which defines a remailer chain that Louis can use to
611
reply to Bill. Louis can use this chain without knowing who Bill is -
612
only the last remailer in the chain need know the final recipient. Bill
613
can also establish a _pseudonym_ for use in signing his anonymous
616
Mailcrypt includes facilities for sending messages via remailers, for
617
defining chains of remailers, for generating response blocks, and for
621
File: mailcrypt.info, Node: Remailer Quick Start, Next: Remailer Chains, Prev: Remailer Introduction, Up: Remailer Support
626
To use Mailcrypt's remailing facilities, you need to configure them
627
first. Begin with the following steps:
629
1. Do `finger rlist@mixmaster.shinn.net > ~/.remailers'. This will
630
create a Levien-format list of remailers in the file `.remailers'
631
in your home directory (see the variable `mc-levien-file-name').
632
Mailcrypt will parse this the first time you access a remailer
633
function. `rlist@noisebox.remailer.org' is another good place to
636
2. Look over the `.remailers' file and find the ones you want to use.
638
3. Add their PGP public keys to your keyring. You can `finger
639
remailer-keys@mixmaster.shinn.net' for an armored keyring full of
640
remailer public keys. Note that Mailcrypt _requires_ that you have
641
the public keys of all the remailers you want to use, and
642
therefore that the remailers support PGP encryption.
645
_Note:_ These steps need only be done once, although repeating them
646
from time to time is probably a good idea, since remailers come
649
Now test the remailer functions. First compose an outgoing Email
650
message (using `C-x m', for example) addressed to yourself. Type `C-c
651
/ r'. Choose a remailer; use `<TAB>' to get completion on its name.
652
The buffer will be rewritten for anonymous mailing through that
655
The remailer list and keyrings can also be obtained via HTTP.
656
`http://anon.efga.org/Remailers/Settings' and
657
`http://mixmaster.shinn.net/stats/settings/index.html' have lists of
658
URLs from which these can be retrieved.
661
File: mailcrypt.info, Node: Remailer Chains, Next: Response Blocks, Prev: Remailer Quick Start, Up: Remailer Support
666
`mc-write-mode' binds the function `mc-remailer-encrypt-for-chain'
667
to the key `C-c / r'. This function rewrites the message for a
668
remailer or chain. The resulting buffer is just a new Email message,
669
so it can itself be rewritten for another remailer; this is one way to
670
manually construct a remailer chain.
672
Mailcrypt also has powerful facilities for defining automatic chains.
673
We will start with an example. Suppose you have put the following into
676
(setq mc-remailer-user-chains
677
'(("Foo" "alumni" "robo")
678
("Bar" (shuffle-vector ["replay" "flame" "spook"]))
679
("Baz" "Foo" "Bar" "rahul" "Bar")
682
This code defines four chains. The first is named "Foo" and
683
consists of "alumni" and "robo", in that order. The second is named
684
"Bar" and consists of "replay", "flame", and "spook" in some random
685
order (a different order will be chosen each time the chain is used).
686
The third is named "Baz" and consists of 9 remailers: The two from
687
"Foo", followed by a permutation of the three from "Bar", followed by
688
"rahul", followed by another permutation of the three from "Bar".
689
Finally, the fourth is named "Quux" and consists of a random
690
permutation of the four best remailers as ordered in the `~/.remailers'
693
Now whenever you are prompted for a "remailer or chain", the chains
694
"Foo", "Bar", "Baz", and "Quux" will be available, including `<TAB>'
695
completion on their names. By capitalizing their names, you guarantee
696
they will show up near the top of the completion list if you type
697
`<TAB>' on an empty input.
699
Now for the gritty details. `mc-remailer-user-chains' is a list of
700
chain definitions. A chain definition is a list whose first element is
701
the name (a string) and whose remaining elements form a "remailer
702
list". Each element of a remailer list is one of the following:
704
1. A raw remailer structure. This is the base case, but you will
705
probably never want nor need to deal with these directly.
707
2. A string naming another remailer chain to be spliced in at this
710
3. A positive integer N representing a chain to be spliced in at this
711
point and consisting of a random permutation of the top N
712
remailers as ordered in the `~/.remailers' file.
714
4. An arbitrary Emacs Lisp form, which should return another remailer
715
list which will be spliced in at this point and recursively
716
evaluated. Mmmm, Lisp.
718
So, in the example "Bar" above, `shuffle-vector' is actually a
719
Lisp primitive which returns a random permutation of the argument
720
vector. (Which brings up a side note: A remailer list can be a vector
721
instead of a list if you like.)
723
So where do the definitions for "replay" etc. come from?
725
There is another variable, `mc-remailer-internal-chains', which has
726
the same format as `mc-remailer-user-chains'. In fact, the
727
concatenation of the two is always used internally when resolving chains
728
by name. The "internal chains" are normally generated automatically
729
from a Levien-format remailer list, which lives in `~/.remailers' by
730
default and is parsed at startup time. The parser creates several
731
chains, each containing a single remailer, and names each chain after
732
the respective remailer.
734
Thus "replay" (for example) is actually the name of a _chain_ whose
735
single element is the remailer at <remailer@replay.com>. So "replay"
736
is a valid name of a chain to include in the definition of another
737
chain, as was done above in the definition of "Bar".
740
File: mailcrypt.info, Node: Response Blocks, Next: Pseudonyms, Prev: Remailer Chains, Up: Remailer Support
745
Mailcrypt can generate a response block for you. Just type `C-c / b'
746
in an outgoing mail buffer. That will prompt you for a chain to use,
747
and will insert the response block at point. Note that you can use any
748
chain you want for your response block; it need not be related to the
749
chain you (later) use to remail the message.
751
If instead you type `C-u C-c / b', you will be dropped into a
752
recursive edit of the innermost part of the response block. This text
753
is what you will see at the top of the message when the response block
754
is used. This text is the only way to identify the response block,
755
since it will be used to mail you through anonymous remailers.
757
You probably won't need to use the `C-u' feature, since by default
758
the response block contains the date, `To' field, and `From' field of
759
the message you are composing. However, if you want your response
760
block to point to a USENET newsgroup instead of your Email address, you
761
may edit the innermost part of the response block to have a
762
`Newsgroups' line instead of a `To' line.
764
Inserting a response block also updates the `Reply-to' hashmark
765
header field. So, when your recipient replies to your message, the
766
reply will automatically be addressed properly. This only works if the
767
last remailer in the chain used to encrypt the _message_ supports
768
hashmarks (the response block chain doesn't matter). If the last
769
remailer does not support hashmarks, Mailcrypt will generate an error
770
when you try to use the chain.
772
Note that you should insert your response block before you encrypt
773
the message for remailing. Also, see *Note Remailer Security::.
776
File: mailcrypt.info, Node: Pseudonyms, Next: Remailing Posts, Prev: Response Blocks, Up: Remailer Support
781
Mailcrypt supports pseudonyms. Type `C-c / p' in an outgoing message
782
buffer and you will be prompted for a pseudonym to use. Your pseudonym
783
will show up in the `From' line that the recipient sees. Your
784
pseudonym may either be a complete `From' line (including an Email
785
address), or just a full name (with no Email address). In the latter
786
case, the Email address will automatically be set to <x@x.x>, an invalid
787
address designed to prevent sendmail from going rewrite-happy.
789
If you have one or more pseudonyms which you normally use, and you
790
aren't afraid of revealing them if your account is compromised, you can
791
set up a default list of pseudonyms with lines like the following in
794
(setq mc-remailer-pseudonyms
795
'("Elvis Presley" "Vanna White" "Charles Manson"))
797
Then those names will be available for completion when you are
798
prompted for your pseudonym.
800
You should insert your pseudonym before you insert a response block,
801
so that the response block will contain the `From' line as well as the
802
`To' line. That way you can tell who you were pretending to be when
803
you get a reply to your message.
805
Note: Many remailers do not support pseudonyms. In addition, the
806
Levien format does not (yet) indicate which do and which do not, so
807
Mailcrypt can't warn you when your pseudonym isn't going to work. The
808
only way to be sure is to send yourself a test message, and to try
809
different remailers until you find one or more which work. On the
810
bright side, only the last remailer in the chain needs to provide such
811
support; none of the others matter.
814
File: mailcrypt.info, Node: Remailing Posts, Next: Mixmaster Support, Prev: Pseudonyms, Up: Remailer Support
819
Mailcrypt knows how to rewrite USENET posts for anonymous or
820
pseudonymous remailing. Just compose your post or followup normally,
821
and use `C-c / r' to rewrite it for a remailer chain. You don't even
822
need to start your newsreader to make a post; you can just compose a
823
message in mail mode and replace the `To' line with a `Newsgroups' line
824
before doing `C-c / r'.
826
Mailcrypt will generate an error if the last remailer in the chain
827
does not have both the `post' and `hash' (hashmarks) properties. The
828
hashmarks are used to preserve `References' and similar headers, so
829
your anonymous or pseudonymous followups will thread properly. The
830
variable `mc-remailer-preserved-headers' controls which headers are
831
preserved when rewriting a message, but you should not need to change
832
it since the default value is reasonable.
834
Before rewriting, you can use `C-c / p' to insert your pseudonym,
835
and `C-c / b' to insert your response block, just like when composing
836
mail. In this case, the response block will include the `From' line
837
and the `Newsgroups' line (which is the news analogue to the `To' line).
840
File: mailcrypt.info, Node: Mixmaster Support, Next: Remailer Security, Prev: Remailing Posts, Up: Remailer Support
845
"Mixmaster" is a new kind of remailer which provides excellent
846
security against traffic analysis and replay attacks. (For more
847
information on these attacks and Mixmaster, see Lance Cottrell's home
848
page at `http://www.obscura.com/~loki/'.
850
If you do not use Mixmaster, you may skip this section entirely;
851
Mailcrypt's default configuration treats Mixmaster as if it did not
854
If you have the Mixmaster executable installed, you can tell
855
Mailcrypt to use it by placing lines like the following into your
858
(setq mc-mixmaster-path "mixmaster")
859
(setq mc-mixmaster-list-path "/foo/bar/baz/type2.list")
861
`mc-mixmaster-path' is a string representing the Mixmaster
862
executable. `mc-mixmaster-list-path' is the complete path to the
865
Once these variables are defined, Mailcrypt will automatically try to
866
use the Mixmaster executable whenever possible. Specifically, when you
867
rewrite a message for a chain, Mailcrypt will find maximal length
868
sub-chains which have the `mix' property and will use the Mixmaster
869
executable to rewrite for those sub-chains.
871
This allows arbitrary intermingling of Mixmaster and normal (also
872
called "Type 1") remailers, but you should note that this is _not
873
recommended_. The recommended procedure is to have a single Mixmaster
874
sub-chain which is most or all of the whole chain.
876
There are advantages and disadvantages to having the Mixmaster
877
sub-chain at the end of the whole chain. The primary advantage is that
878
Mixmaster remailers support multiple recipients. The primary
879
disadvantages are that they do not support pseudonyms nor posting.
881
So here, as always, it is the last element of the chain which needs
882
to support the special features you want. In general, the remaining
883
elements do not matter, and the superior security of Mixmaster remailers
884
is a good argument for using them for the bulk of your chains.
886
Mixmaster remailers also have a "Type 1 compatibility mode" which you
887
might want to invoke to use a pseudonym or make a post. You can do this
888
with the function `mc-demix'. Here is an example of its use:
890
(setq mc-remailer-user-chains
891
'(("Foo" "vishnu" "spook")
892
("Bar" "Foo" (mc-demix "replay"))))
894
This makes "Bar" a chain of three remailers, and guarantees that the
895
last one ("replay") will be used in compatibility mode.
897
Note that Mixmaster remailers cannot be used for response blocks.
898
Mailcrypt will ignore the `mix' property when generating a response
902
File: mailcrypt.info, Node: Remailer Security, Next: Verifiable Pseudonyms, Prev: Mixmaster Support, Up: Remailer Support
907
Keep in mind that there is only one person fully qualified to protect
908
your privacy: _you_. You are responsible for obtaining a list of
909
remailers and their public keys; you are responsible for choosing which
910
of them to use and in what order. There are public lists of remailers
911
and keys (the Quick Start section above relies on them), but you pay for
912
the convenience by putting your trust in a single source. This is one
913
reason Mailcrypt does not access these public lists automatically; you
914
need to get into the habit of watching what goes on behind the scenes.
915
You should also try to learn something about the remailers themselves,
916
since you are relying on them to help protect your privacy.
918
How many remailers should you include in your chain, and how should
919
you choose them? That depends on whom you perceive as a threat. If
920
the threat is your ex-spouse or your boss, even a single remailer is
921
probably adequate (more won't hurt, but will cost in latency). If the
922
threat is the Church of Scientology, you probably want to use a fair
923
number of remailers across multiple continents. If the threat is a
924
major world government, well, best of luck to you.
926
Also, there is a huge difference between chains suitable for regular
927
messages and chains suitable for response blocks. Some remailers don't
928
even keep mail logs (at least, their operators claim they do not), so it
929
may be literally impossible to trace a message back to you after the
930
fact if you chain it through enough remailers. Response blocks, on the
931
other hand, have your identity buried in there _somewhere_. In
932
principle, at least, it is possible to compromise the keys of all the
933
remailers in the chain and decrypt the response block. So you should
934
either use very long and strong chains for your response blocks, avoid
935
using response blocks at all, or only use response blocks which
936
themselves ultimately point to a newsgroup.
939
File: mailcrypt.info, Node: Verifiable Pseudonyms, Next: Remailer Tips, Prev: Remailer Security, Up: Remailer Support
941
Verifiable Pseudonyms
942
=====================
944
Here is a plausible sequence of operations when using the remailer
945
support in Mailcrypt:
947
1. You create a public/private PGP key pair. You give it a User ID
948
which is your pseudonym. You upload the public key to the key
949
servers or otherwise distribute it. (Be aware that anyone who
950
compromises your account can read the IDs on your secret keyring,
951
thus discovering your verifiable pseudonyms.)
953
2. You compose an Email message, Email reply, news post, or news
956
3. You insert your pseudonym with `C-c / p'.
958
4. (Optional) You insert your response block with `C-c / b'.
960
5. You type `C-c / s' to sign the message. The `mc-sign' function
961
understands pseudonyms.
963
6. You type `C-c / r' to rewrite the message for remailing. (Or use
964
`C-u C-c / r' to view each step of the rewriting as it happens.)
966
7. You type `C-c C-c' to send the message.
969
Now the recipient(s), reading your message through mail or news, can
970
verify your pseudonymous signature; thus you have started to create a
971
verifiable pseudonymous identity. If you use it consistently, it will
972
develop a reputation of its own. With Mailcrypt, using a pseudonym is
973
almost as easy as using your real name (and your followups in news will
974
even thread properly). Welcome to the new age of letters...
977
File: mailcrypt.info, Node: Remailer Tips, Prev: Verifiable Pseudonyms, Up: Remailer Support
982
This is a collection of tips for using Mailcrypt's remailer support.
984
* Read and understand the `.remailers' file. Other sources for this
985
list include `http://www.chez.com/frogadmin/MyCypSta1.txt' and
986
`http://anon.efga.org/Remailers/rlist'. If all of these servers
987
have gone away by the time you read this, track down a comparable
988
service elsewhere. (Do a web search for "anonymous remailer
989
list", ask around in `news:alt.privacy.anon-server', or, as a last
990
resort, `news:alt.security.pgp'.) Check the documentation (`C-h
991
v') for the variable `mc-levien-file-name' for a description of
994
* Mailcrypt needs to be able to encrypt a message to each remailer in
995
the chain, so it needs access to their public keys, in a keyring
996
usable by the currently selected backend. Keyrings containing keys
997
for all the well-known remailers are usually available from the
998
same places as the remailer lists above:
999
`http://www.chez.com/frogadmin/Keys/dsskeys.asc',
1000
`http://anon.efga.org/Remailers/TypeIList/pubring.asc'.
1002
* The relevant remailer properties are `pgp' (required), `hash'
1003
(required if you use hashmark headers), and `post' (required for
1004
posting to USENET). Remailers which do not support PGP won't even
1005
show up in the completion list.
1007
* The only remailer which needs special properties (e.g., posting,
1008
hashmarks, pseudonym support) is the last one in a chain. Any
1009
remailer can be used at the beginning or in the middle. So if you
1010
find a few remailers which support the feature(s) you require, and
1011
you always use them at the end of your chains, then you can be
1012
confident that even the longest chains will work.
1014
* If you update your `~/.remailers' file, you can reread it with
1015
`M-x mc-reread-levien-file'.
1017
* Remember the natural order of operations. First you compose your
1018
message. Then you insert your pseudonym with `C-c / p'. Then you
1019
insert your response block with `C-c / b'. Then you sign (`C-c /
1020
s') or sign and encrypt (`C-c / e') the message. Then you rewrite
1021
it for a remailer or chain (`C-c / r'). Then you send it. All
1022
but the first and last two of these are optional. (Well, strictly
1023
speaking, they are all optional, but you get the idea.)
1025
* Find and read some of the excellent remailer documentation
1026
available on the Internet. For some good starting points, see
1031
File: mailcrypt.info, Node: Passphrase Cache, Next: Key Fetching, Prev: Remailer Support, Up: Top
1036
Mailcrypt can remember your passphrase so that you need not type it
1037
repeatedly. It will also "forget" your passphrase if it has not been
1038
used in a while, thus trading some security for some convenience. You
1039
can tune this tradeoff with the variable `mc-passwd-timeout', which is
1040
a duration in seconds from the last time the passphrase was used until
1041
Mailcrypt will forget it. The default value is 60 seconds.
1043
So, for example, to make Mailcrypt remember your passphrase for 10
1044
minutes after each use, you would use the following line in your
1047
(setq mc-passwd-timeout 600)
1049
A value of `nil' or 0 will disable passphrase caching completely.
1050
This provides some increase in security, but be aware that you are
1051
already playing a dangerous game by typing your passphrase at a Lisp
1054
Mailcrypt understands multiple secret keys with distinct passphrases.
1056
To manually force Mailcrypt to forget your passphrase(s), use the
1057
function `mc-deactivate-passwd'. Both `mc-read-mode' and
1058
`mc-write-mode' bind this function to `C-c / f' by default.
1060
*Warning:* Although Mailcrypt takes pains to overwrite your
1061
passphrase when "forgetting", it cannot prevent the Emacs garbage
1062
collector from possibly leaving copies elsewhere in memory. Also,
1063
your last 100 keystrokes can always be viewed with the function
1064
`view-lossage', normally bound to `C-h l'. So be sure to type at
1065
least 100 characters after typing your passphrase if you plan to
1066
leave your terminal unattended.
1069
File: mailcrypt.info, Node: Key Fetching, Next: Miscellaneous Configuration, Prev: Passphrase Cache, Up: Top
1074
Mailcrypt knows how to fetch PGP public keys from the key servers
1075
(*note Key Servers::). The function `mc-pgp-fetch-key' is bound by
1076
default to `C-c / k' in both `mc-read-mode' and `mc-write-mode'.
1077
Additionally, `mc-encrypt', `mc-decrypt', and `mc-verify' will offer to
1078
call this function to automatically fetch a desired key. If you call
1079
it manually, it will prompt you for the User ID of the key to fetch.
1081
The variable `mc-pgp-fetch-methods' is a list of ways to attempt to
1082
fetch a key. (More precisely, it is a list of functions to be called,
1083
each of which will attempt to fetch the key.) The methods will be tried
1084
in the order listed. The default list is:
1086
'(mc-pgp-fetch-from-keyrings
1087
mc-pgp-fetch-from-finger
1088
mc-pgp-fetch-from-http)
1090
For a description of these functions, see the following sections.
1092
If you are not directly on the Internet, you probably want to obtain
1093
a copy of the global public key ring from the keyservers, install it
1094
somewhere under the name `public-keys.pgp', and do:
1096
(setq mc-pgp-fetch-methods '(mc-pgp-fetch-from-keyrings))
1097
(setq mc-pgp-fetch-keyring-list '("/blah/blah/blah/public-keys.pgp"))
1099
This will allow you to fetch keys from your local copy of the global
1100
key ring instead of sending requests to the key servers directly (*note
1101
Keyring Fetch::). Alternately, if your organization has a proxy HTTP
1102
server, you can configure Mailcrypt to use that. See *Note HTTP
1105
If the key is found, you will be shown the result of running PGP on
1106
it locally. This allows you to inspect the signatures on the key
1107
_relative to your own keyring_ before you consent to having it added.
1108
*Inspect the signatures carefully!* Key distribution is often the
1109
Achilles' heel of public key protocols. If you blindly use keys
1110
obtained from the key servers, you are asking for trouble.
1112
All of the methods use `mc-pgp-fetch-timeout' as a timeout in
1113
seconds; the default value is 30.
1117
* Keyring Fetch:: Fetching from one or more other
1118
keyrings on the local system.
1119
* Finger Fetch:: Fetching a key through finger.
1120
* HTTP Fetch:: Fetching a key off of the Web.
1121
* GnuPG Fetch:: Using GnuPG's internal keyserver interface.
1124
File: mailcrypt.info, Node: Keyring Fetch, Next: Finger Fetch, Prev: Key Fetching, Up: Key Fetching
1129
The function `mc-pgp-fetch-from-keyrings' will attempt to fetch a
1130
key from a set of keyrings on the locally accessible filesystem. This
1131
is useful if your organization maintains a large common public keyring
1132
whose entire contents you do not wish to duplicate on your own ring. It
1133
is also useful if you download a copy of the global public ring from the
1134
key servers (*note Key Servers::).
1136
The variable `mc-pgp-fetch-keyring-list' controls this behavior. It
1137
is a list of file names of public keyrings which this function will
1138
search, in order, when seeking a key. The default value is `nil',
1139
meaning this search will always fail.
1142
File: mailcrypt.info, Node: Finger Fetch, Next: HTTP Fetch, Prev: Keyring Fetch, Up: Key Fetching
1147
The function `mc-pgp-fetch-from-finger' will attempt to fetch a key
1148
by fingering an address and parsing the output for a PGP public key