diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2019-07-25 12:38:52 -0400 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2019-07-29 07:38:09 +0100 |
commit | 5929eabef63e0167ead14a81f30097c9397f7ee4 (patch) | |
tree | 135c26cdc1ffb8f36e5098d061716500d0de88cb /email-extract-openpgp-certs.1.pod | |
parent | 701c568e78d17f00d44c51201736177323d03e32 (diff) | |
download | mailscripts-5929eabef63e0167ead14a81f30097c9397f7ee4.tar.gz |
Add email-extract-openpgp-certs
Hopefully this tool is useful for other people, not just for myself
and Anarcat.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Diffstat (limited to 'email-extract-openpgp-certs.1.pod')
-rw-r--r-- | email-extract-openpgp-certs.1.pod | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/email-extract-openpgp-certs.1.pod b/email-extract-openpgp-certs.1.pod new file mode 100644 index 0000000..8b7916e --- /dev/null +++ b/email-extract-openpgp-certs.1.pod @@ -0,0 +1,57 @@ +=head1 NAME + +email-extract-openpgp-certs - extract OpenPGP certificates from an e-mail + +=head1 SYNOPSIS + +B<email-extract-openpgp-certs> < B<message.eml> | B<gpg> B<--import> + +=head1 DESCRIPTION + +B<email-extract-openpgp-certs> extracts all the things it can find +that look like they might be OpenPGP certificates in an e-mail, and +produces them on standard output. + +It currently knows about how to find OpenPGP certificates as +attachments of MIME type application/pgp-keys, and Autocrypt: style +headers. + +=head1 OPTIONS + +None. + +=head1 EXAMPLE + +=over 4 + + $ notmuch show --format-raw id:b7e48905-842f@example.net > test.eml + $ email-extract-openpgp-certs < test.eml | gpg --import + +=back + +=head1 LIMITATIONS + +B<email-extract-openpgp-certs> currently does not try to decrypt +encrypted e-mails, so it cannot find certificates that are inside the +message's cryptographic envelope. + +B<email-extract-openpgp-certs> does not attempt to validate the +certificates it finds in any way. It does not ensure that they are +valid OpenPGP certificates, or even that they are of a sane size. It +doeds not try to establish any relationship between the extracted +certificates and the messages in which they are sent. For example, it +does not check the Autocrypt addr= attribute against the message's From: +header. + +Importing certificates extracted from an arbitrary e-mail in this way +into a curated keyring is not a good idea. Better to extract into an +ephemeral location, inspect, filter, and then selectively import. + +=head1 SEE ALSO + +gpg(1), https://autocrypt.org, https://tools.ietf.org/html/rfc4880, https://tools.ietf.org/html/rfc3156 + +=head1 AUTHOR + +B<email-extract-openpgp-certs> and this manpage were written by Daniel +Kahn Gillmor, with guidance and advice from many others. |