Mailcrypt knows how to fetch PGP public keys from the key servers
(see section 9.2 Key Servers). The function mc-pgp-fetch-key is bound by
default to C-c / k in both mc-read-mode and
mc-write-mode. Additionally, mc-encrypt,
mc-decrypt, and mc-verify will offer to call this function
to automatically fetch a desired key. If you call it manually, it will
prompt you for the User ID of the key to fetch.
The variable mc-pgp-fetch-methods is a list of ways to attempt to
fetch a key. (More precisely, it is a list of functions to be called,
each of which will attempt to fetch the key.) The methods will be tried
in the order listed. The default list is:
For a description of these functions, see the following sections.
If you are not directly on the Internet, you probably want to obtain a
copy of the global public key ring from the keyservers, install it
somewhere under the name `public-keys.pgp', and do:
This will allow you to fetch keys from your local copy of the global key
ring instead of sending requests to the key servers directly
(see section 5.1 Keyring Fetch). Alternately, if your organization has a proxy
HTTP server, you can configure Mailcrypt to use that. See 5.3 HTTP Fetch.
If the key is found, you will be shown the result of running PGP on it
locally. This allows you to inspect the signatures on the key
relative to your own keyring before you consent to having it
added. Inspect the signatures carefully! Key distribution is
often the Achilles' heel of public key protocols. If you blindly use
keys obtained from the key servers, you are asking for trouble.
All of the methods use mc-pgp-fetch-timeout as a timeout in
seconds; the default value is 30.
The function mc-pgp-fetch-from-keyrings will attempt to fetch a
key from a set of keyrings on the locally accessible filesystem. This
is useful if your organization maintains a large common public keyring
whose entire contents you do not wish to duplicate on your own ring. It
is also useful if you download a copy of the global public ring from the
key servers (see section 9.2 Key Servers).
The variable mc-pgp-fetch-keyring-list controls this behavior.
It is a list of file names of public keyrings which this function will
search, in order, when seeking a key. The default value is nil,
meaning this search will always fail.
The function mc-pgp-fetch-from-http will attempt to fetch a key
by connecting to a key server (see section 9.2 Key Servers) which has a World
Wide Web interface.
The variables mc-pgp-keyserver-address,
mc-pgp-keyserver-port, and mc-pgp-keyserver-url-template
control the fetching process. The default is to use Brian LaMacchia's
key server at MIT. If this default should stop working, or if you want
to help with network congestion and machine load, you can choose a
different server. As of this writing, any of the following sequences of
Emacs Lisp in your `.emacs' file will work; choose one:
;; Key server at MIT (Massachusetts, USA)
;; This is the default; these lines are only for reference
;(setq mc-pgp-keyserver-address "pgp.ai.mit.edu")
;(setq mc-pgp-keyserver-port 80)
;(setq mc-pgp-keyserver-url-template
; "/htbin/pks-extract-key.pl?op=get&search=%s")
;; Key server at UPC (Barcelona, Spain)
(setq mc-pgp-keyserver-address "goliat.upc.es")
(setq mc-pgp-keyserver-port 80)
(setq mc-pgp-keyserver-url-template
"/cgi-bin/pks-extract-key.pl?op=get&search=%s")
;; Key server at Cambridge University (Cambridge, England)
(setq mc-pgp-keyserver-address "www.cl.cam.ac.uk")
(setq mc-pgp-keyserver-port 80)
(setq mc-pgp-keyserver-url-template
"/cgi-bin/pks-extract-key.pl?op=get&search=%s")
;; Key server at UIT (Tromso, Norway)
(setq mc-pgp-keyserver-address "www.service.uit.no")
(setq mc-pgp-keyserver-port 80)
(setq mc-pgp-keyserver-url-template
"/cgi-bin/pks-extract-key.pl?op=get&search=%s")
;; Key server at CMU (Pennsylvania, USA)
(setq mc-pgp-keyserver-address "gs211.sp.cs.cmu.edu")
(setq mc-pgp-keyserver-port 80)
(setq mc-pgp-keyserver-url-template "/cgi-bin/pgp-key?pgpid=%s")
If your organization has a firewall, you might not be able to access the
World Wide Web directly. Your organization may have a proxy HTTP server
set up, however. In that case, you should place code like the following
in your `.emacs' file. You can use any of the above key servers
instead of the one at MIT, of course.
;; Mailcrypt configuration for accessing key server through HTTP proxy
(setq mc-pgp-keyserver-address "your.proxy.com")
(setq mc-pgp-keyserver-port 13013) ; Your proxy's port
(setq mc-pgp-keyserver-url-template
"http://pgp.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=%s")
Note that fetching from a key server can be somewhat slow, so be
patient. (At least it beats the tar out of the Email interface.)