Control: tags -1 +patch +pending
Hi Nicholas!
I believe I have now fixed this in the 2.x branch of Monkeysign,
available through git at:
git://git.monkeysphere.info/monkeysign
Basically, commit local signature makes --no-mail encrypt the blob it
generates for the copy-paste. The underlying data still has MIME
headers, but I think this is preferable, code-wise, than rewiring a
whole different code path for this use case. Plus, if the user manages
to set headers correctly on his MUA, the usability on the other side is
much better, as MIME would then be properly decapsulated.
The degenerate case isn't much worse than before: the receiver of the
signature gets an encrypted PGP message, decrypts it, and sees a bunch
of weird MIME messages, but then scrolls down and can find the signed
public key material.
I have also made sure you can use other MTAs than sendmail, as long as
they support piping the message through stdin, which is the case for
Mutt. For example, you could use this to send monkeysign emails with
mutt:
monkeysign --mta "mutt %(to)s"
I have also recently refined the SMTP support to deal better with SMTPS
servers (port 465) and forbid sending passwords in the clear (instead of
just warning).
Finally, notice how this change closes the last gap that was allowing
users to make public certifications of public OpenPGP key material
without the consent of the private key owner. Previously, someone could
have used --no-mail to get the signed key material and re-import it
directly into GPG. Now this is simply not possible with Monkeysign. Of
course, one can use --local when doing signatures, but those signatures
won't propagate to the public keyservers.
(And of course someone can just use always gpg --sign-key directly, if
such a public signature is desired immediately :)
Thanks for your feedback!
A.
PS: unfortunately, since this is a pretty major change in Monkeysign, it
won't be shipped in stable for a while. I need to make a 2.1 Monkeysign
release that supports GnuPG 2.1, SMTPS and this....
--
La nature n'a créé ni maîtres ni esclaves
Je ne veux ni donner ni recevoir de lois.
- Denis Diderot
