-These commands do not immediately sign or encrypt the message, they
-merely insert the proper @acronym{MML} secure tag to instruct the
-@acronym{MML} engine to perform that operation when the message is
-actually sent. They may perform other operations too, such as locating
-and retrieving a @acronym{S/MIME} certificate of the person you wish to
-send encrypted mail to. When the mml parsing engine converts your
-@acronym{MML} into a properly encoded @acronym{MIME} message, the secure
-tag will be replaced with either a part or a multipart tag. If your
-message contains other mml parts, a multipart tag will be used; if no
-other parts are present in your message a single part tag will be used.
-This way, message mode will do the Right Thing (TM) with
-signed/encrypted multipart messages.
-
-Since signing and especially encryption often is used when sensitive
-information is sent, you may want to have some way to ensure that your
-mail is actually signed or encrypted. After invoking the above
-sign/encrypt commands, it is possible to preview the raw article by
-using @kbd{C-u C-c RET P} (@code{mml-preview}). Then you can
-verify that your long rant about what your ex-significant other or
-whomever actually did with that funny looking person at that strange
-party the other night, actually will be sent encrypted.
-
-@emph{Note!} Neither @acronym{PGP/MIME} nor @acronym{S/MIME} encrypt/signs
-RFC822 headers. They only operate on the @acronym{MIME} object. Keep this
-in mind before sending mail with a sensitive Subject line.
-
-By default, when encrypting a message, Gnus will use the
-``signencrypt'' mode, which means the message is both signed and
-encrypted. If you would like to disable this for a particular
-message, give the @code{mml-secure-message-encrypt-*} command a prefix
-argument, e.g., @kbd{C-u C-c C-m c p}.
-
-Actually using the security commands above is not very difficult. At
-least not compared with making sure all involved programs talk with each
-other properly. Thus, we now describe what external libraries or
-programs are required to make things work, and some small general hints.
-
-@subsection Using S/MIME
-
-@emph{Note!} This section assume you have a basic familiarity with
-modern cryptography, @acronym{S/MIME}, various PKCS standards, OpenSSL and
-so on.
-
-The @acronym{S/MIME} support in Message (and @acronym{MML}) require
-OpenSSL. OpenSSL performs the actual @acronym{S/MIME} sign/encrypt
-operations. OpenSSL can be found at @uref{http://www.openssl.org/}.
-OpenSSL 0.9.6 and later should work. Version 0.9.5a cannot extract mail
-addresses from certificates, and it insert a spurious CR character into
-@acronym{MIME} separators so you may wish to avoid it if you would like
-to avoid being regarded as someone who send strange mail. (Although by
-sending @acronym{S/MIME} messages you've probably already lost that
-contest.)
-
-To be able to send encrypted mail, a personal certificate is not
-required. Message (@acronym{MML}) need a certificate for the person to whom you
-wish to communicate with though. You're asked for this when you type
-@kbd{C-c C-m c s}. Currently there are two ways to retrieve this
-certificate, from a local file or from DNS. If you chose a local
-file, it need to contain a X.509 certificate in @acronym{PEM} format.
-If you chose DNS, you're asked for the domain name where the
-certificate is stored, the default is a good guess. To my belief,
-Message (@acronym{MML}) is the first mail agent in the world to support
-retrieving @acronym{S/MIME} certificates from DNS, so you're not
-likely to find very many certificates out there. At least there
-should be one, stored at the domain @code{simon.josefsson.org}. LDAP
-is a more popular method of distributing certificates, support for it
-is planned. (Meanwhile, you can use @code{ldapsearch} from the
-command line to retrieve a certificate into a file and use it.)
-
-As for signing messages, OpenSSL can't perform signing operations
-without some kind of configuration. Especially, you need to tell it
-where your private key and your certificate is stored. @acronym{MML}
-uses an Emacs interface to OpenSSL, aptly named @code{smime.el}, and it
-contain a @code{custom} group used for this configuration. So, try
-@kbd{M-x customize-group RET smime RET} and look around.
-
-Currently there is no support for talking to a CA (or RA) to create
-your own certificate. None is planned either. You need to do this
-manually with OpenSSL or using some other program. I used Netscape
-and got a free @acronym{S/MIME} certificate from one of the big CA's on the
-net. Netscape is able to export your private key and certificate in
-PKCS #12 format. Use OpenSSL to convert this into a plain X.509
-certificate in PEM format as follows.
+\e$B$3$l$i$NL?Na$O!"$=$N>l$G%a%C%;!<%8$K=pL>$7$?$j0E9f2=$9$k$o$1$G$O$J$/!"C1\e(B
+\e$B$K%;%-%e%j%F%#!<$N$?$a$NE,@Z$J\e(B @acronym{MML} \e$B%?%0$rA^F~$7$F!"%a%C%;!<%8\e(B
+\e$B$,<B:]$KAw?.$5$l$k$H$-$K$=$NF0:n$r<B9T$9$k$h$&$K!"\e(B@acronym{MML} \e$B%(%s%8%s\e(B
+\e$B$K;X<($rM?$($k$@$1$G$9!#$=$l$i$OB>$N;E;v!"Nc$($P0E9f2=$5$l$?%a!<%k$rAw$j\e(B
+\e$B$?$$Aj<j$N?M$N\e(B @acronym{S/MIME} \e$B$N>ZL@=q$rC5$7$F!"<h$j4s$;$k$h$&$J$3$H$b\e(B
+\e$B9T$J$&$+$b$7$l$^$;$s!#\e(Bmml \e$B2r@O%(%s%8%s$,\e(B @acronym{MML} \e$B$G=q$+$l$?%a%C%;!<\e(B
+\e$B%8$rE,@Z$K\e(B @acronym{MIME} \e$B%a%C%;!<%8$KJQ49$9$k$H$-!"%;%-%e%j%F%#!<$N$?$a\e(B
+\e$B$N%?%0$O!"%Q!<%H$^$?$O%^%k%A%Q!<%H$N$I$A$i$+$N%?%0$GCV$-49$($i$l$^$9!#%a%C\e(B
+\e$B%;!<%8$,B>$N\e(B mml \e$B%Q!<%H$b4^$s$G$$$k>l9g$K$O%^%k%A%Q!<%H$N%?%0$,;H$o$l!"\e(B
+\e$BB>$N%Q!<%H$,L5$$>l9g$OC10l$N%Q!<%H$N%?%0$,;H$o$l$k$G$7$g$&!#$3$N$h$&$K$7\e(B
+\e$B$F!"=pL>$5$l$k\e(B/\e$B0E9f2=$5$l$k%^%k%A%Q!<%H$N%a%C%;!<%8$KBP$7!"%a%C%;!<%8!&\e(B
+\e$B%b!<%I$O!V@5$7$$$3$H\e(B (\e$BEPO?>&I8\e(B)\e$B!W\e(B(\e$B86J8\e(B: the Right Thing (TM)) \e$B$r9T$J$$$^\e(B
+\e$B$9!#\e(B
+
+\e$B=pL>$=$7$FFC$K0E9f2=$O$7$P$7$P5!L)>pJs$rAw?.$9$k$H$-$K;H$o$l$k$N$G!"%a!<\e(B
+\e$B%k$,K\Ev$K=pL>$^$?$O0E9f2=$5$l$k$3$H$r3N$+$a$k$?$a$N2?$i$+$N<jCJ$rI,MW$H\e(B
+\e$B$9$k$G$7$g$&!#>e5-$N=pL>\e(B/\e$B0E9f2=$N$?$a$NL?Na$r<B9T$7$?8e$G$J$i!"\e(B
+@kbd{C-u C-c RET P} (@code{mml-preview}) \e$B$r;H$&$3$H$K$h$C$F@8$N5-;v$r2<\e(B
+\e$B8+$9$k$3$H$,2DG=$G$9!#$=$&$7$F!"$"$J$?$N0JA0$KBg@Z$@$C$??M$K4X$9$k!"$"$k\e(B
+\e$B$$$O!"$3$NA0$NLk$NJQ$J%Q!<%F%#!<$G!"$"$N$*$+$7$J?H$J$j$N?M$,<B:]$K$d$C$?\e(B
+\e$B$3$H$K4X$9$k$"$J$?$ND9$$GME]$,!"K\Ev$K0E9f2=$5$l$FAw?.$5$l$k$G$"$m$&$3$H\e(B
+\e$B$r3NG'$9$k$3$H$,$G$-$^$9!#\e(B
+
+@emph{\e$BCm0U\e(B!} @acronym{PGP/MIME} \e$B$H\e(B @acronym{S/MIME} \e$B$N$I$A$i\e(B
+\e$B$b\e(B RFC822 \e$B%X%C%@!<$r=pL>\e(B/\e$B0E9f2=$7$^$;$s!#$=$l$i$O\e(B @acronym{MIME} \e$B%Q!<%H\e(B
+\e$B$K$N$_:nMQ$7$^$9!#5!L)$NI=Bj$H$H$b$K%a!<%k$rAw$C$F$7$^$&A0$K!"$3$N$3$H$r\e(B
+\e$B4N$KL?$8$F$*$$$F$/$@$5$$!#\e(B
+
+\e$B%a%C%;!<%8$r0E9f2=$9$k$H$-!"\e(BGnus \e$B$O%G%#%U%)%k%H$G!V=pL>\e(B+\e$B0E9f2=!W\e(B(\e$B%a%C%;!<\e(B
+\e$B%8$KBP$7$F=pL>$H0E9f2=$NN>J}$,9T$J$o$l$k\e(B) \e$B%b!<%I$r;H$$$^$9!#FCDj$N%a%C%;!<\e(B
+\e$B%8$KBP$7$F$3$l$r9T$J$o$;$?$/$J$$$J$i$P!"\e(B
+@code{mml-secure-message-encrypt-*} \e$BL?Na$K@\F,0z?t$rM?$($F\e(B (\e$BNc$(\e(B
+\e$B$P\e(B @kbd{C-u C-c C-m c p} \e$B$r;H$C$F\e(B) \e$B$/$@$5$$!#\e(B
+
+\e$B>e5-$N%;%-%e%j%F%#!<L?Na$r<B:]$K;H$&$N$O$5$[$IFq$7$/$"$j$^$;$s!#>/$J$/$H\e(B
+\e$B$b!"$9$Y$F$N4X78$9$k%W%m%0%i%`$,E,@Z$KDL?.$79g$&$3$H$r3N$+$a$k$3$H$HHf3S\e(B
+\e$B$7$F!#$=$3$G!"30It$N$I$s$J%i%$%V%i%j!<$^$?$O%W%m%0%i%`$,I,MW$+$K$D$$$F!"\e(B
+\e$B$*$h$S$$$/$D$+$N:3:Y$G0lHLE*$J%R%s%H$r=R$Y$k$3$H$K$7$^$9!#\e(B
+
+@node Using S/MIME
+@subsection S/MIME \e$B$r;H$&\e(B
+
+@emph{\e$BCm0U\e(B!} \e$B$3$N>O$O6aBeE*$J0E9fK!!"\e(B@acronym{S/MIME}\e$B!"$5$^$6$^\e(B
+\e$B$J\e(B PKCS \e$B$NI8=`!"\e(BOpenSSL \e$B$J$I$N4pAC$K!"$"$J$?$,@:DL$7$F$$$k$3$H$rA[Dj$7$F\e(B
+\e$B$$$^$9!#\e(B
+
+Message (\e$B$=$l$K\e(B @acronym{MML}) \e$B$,\e(B @acronym{S/MIME} \e$B$r%5%]!<%H$9$k$K\e(B
+\e$B$O\e(B OpenSSL \e$B$,I,MW$G$9!#\e(BOpenSSL \e$B$O<B:]$N\e(B @acronym{S/MIME} \e$B$K$h$k=pL>\e(B/\e$B0E9f\e(B
+\e$B2=$N=hM}$r<B9T$7$^$9!#\e(BOpenSSL \e$B$O\e(B @uref{http://www.openssl.org/} \e$B$G8+$D$+\e(B
+\e$B$k$G$7$g$&!#\e(BOpenSSL 0.9.6 \e$B0J9_$N$b$N$,F0:n$9$k$O$:$G$9!#%P!<%8%g\e(B
+\e$B%s\e(B 0.9.5a \e$B$O>ZL@=q$+$i%a!<%k%"%I%l%9$rCj=P$9$k$3$H$,$G$-$^$;$s!#$^$?$=$l\e(B
+\e$B$O\e(B @acronym{MIME} \e$B$N%;%Q%l!<%?$KM>7W$J\e(B CR \e$BJ8;z$rA^F~$9$k$N$G!"JQ$J%a!<%k\e(B
+\e$B$rAw$k?M$@$H;W$o$l$?$/$J$1$l$P!"$=$l$r;H$&$3$H$rHr$1$?$$$G$7$g$&!#\e(B(\e$B$b$C\e(B
+\e$B$H$b$"$J$?$O\e(B @acronym{S/MIME} \e$B$N%a%C%;!<%8$rAw$C$?;~E@$G!"$*$=$i$/$=$NJQ\e(B
+\e$B?M%3%s%F%9%H$G$N>!Mx$rF($7$F$7$^$$$^$7$?$,!#\e(B)
+
+\e$B0E9f2=$5$l$?%a!<%k$rAw$k$?$a$K8D?M$N>ZL@=q$OMW$j$^$;$s!#$b$C$H$b\e(B Message
+(@acronym{MML}) \e$B$O!"DL?.$7$?$$Aj<j$N?M$N>ZL@=q$rI,MW$H$7$^$9$1$l$I!#$3$l\e(B
+\e$B$O\e(B @kbd{C-c C-m c s} \e$B$r%?%$%W$7$?$H$-$K?R$M$i$l$^$9!#:#$N$H$3$m!">ZL@=q\e(B
+\e$B$r%m!<%+%k%U%!%$%k$+$i<h$j=P$9$+\e(B DNS \e$B$+$i<h$j4s$;$k$+$N!"Fs$D$NJ}K!$,$"\e(B
+\e$B$j$^$9!#%m!<%+%k%U%!%$%k$rA*Br$7$?>l9g!"$=$l$O\e(B @acronym{PEM} \e$B7A<0$K$h\e(B
+\e$B$k\e(B X.509 \e$B>ZL@=q$r4^$s$G$$$kI,MW$,$"$j$^$9!#\e(BDNS \e$B$rA*$s$@>l9g$K$O!"$=$N>Z\e(B
+\e$BL@=q$,3JG<$5$l$F$$$k%I%a%$%sL>$r?R$M$i$l$^$9\e(B (\e$B%G%#%U%)%k%H$O>e<j$K?dB,$7\e(B
+\e$B$?$b$N$G$9\e(B)\e$B!#;d$,?.$8$k8B\e(B
+\e$B$j\e(B Message (@acronym{MML}) \e$B$O\e(B @acronym{S/MIME} \e$B$N>ZL@=q$r\e(B DNS \e$B$+$i<h$j4s\e(B
+\e$B$;$k@$3&=i$N%a!<%k!&%(!<%8%'%s%H$J$N$G!"$"$^$j$?$/$5$s$N>ZL@=q$,$=$3$G8+\e(B
+\e$B$D$+$k$3$H$OL5$$$G$7$g$&!#>/$J$/$H$b0l$D$@$1\e(B
+\e$B$O\e(B @code{simon.josefsson.org} \e$B%I%a%$%s\e(B (\e$BLuCm\e(B: \e$B86Cx<T$N%5%$%H\e(B) \e$B$K3JG<$5$l\e(B
+\e$B$?$b$N$,$"$k$O$:$G$9$,!#\e(BLDAP \e$B$O>ZL@=q$rG[5k$9$k$?$a$N$b$C$HIa5Z$7$F$$$k\e(B
+\e$B<jK!$G!"$=$l$r%5%]!<%H$9$k$3$H$,7W2h$5$l$F$$$^$9!#\e(B(\e$BOC$OJQ$o$j$^$9$,!"\e(B
+@code{ldapsearch} \e$B$r%3%^%s%I%i%$%s$+$i<B9T$7$F>ZL@=q$r%U%!%$%k$K<h$j9~$_!"\e(B
+\e$B$=$l$r;H$&$3$H$,$G$-$^$9$h!#\e(B)
+
+\e$B%a%C%;!<%8$N=pL>$K$D$$$F$O!"$"$k<o$N@_DjL5$7$G$O\e(B OpenSSL \e$B$O=pL>$N=hM}$r\e(B
+\e$B<B9T$9$k$3$H$,$G$-$^$;$s!#$H$j$o$1!"$"$J$?$NHkL)80\e(B (private key) \e$B$H>ZL@\e(B
+\e$B=q$,$I$3$K3JG<$5$l$F$$$k$+$r65$($F$"$2$kI,MW$,$"$j$^$9!#\e(B@acronym{MML} \e$B$O\e(B
+\e$B$=$NL>$K$U$5$o$7$$\e(B @code{smime.el} \e$B$H$$$&\e(B OpenSSL \e$B$X$N\e(B Emacs \e$B%$%s%?!<%U%'!<\e(B
+\e$B%9$r;H$$$^$9$,!"$=$l$O$3$N@_Dj$K;H$&$?$a$N$?$a$N\e(B @code{custom} \e$B%0%k!<%W\e(B
+\e$B$r;}$C$F$$$^$9!#$G$9$+$i\e(B @kbd{M-x customize-group RET smime RET} \e$B$r;n$7\e(B
+\e$B$F!"D/$a$F$_$F$/$@$5$$!#\e(B
+
+\e$B8=:_$O!"\e(BCA (\e$B$^$?$O\e(B RA) \e$B$HDL?.$7$F$"$J$?<+?H$N>ZL@=q$r@8@.$9$k$3$H$O%5%]!<\e(B
+\e$B%H$5$l$F$$$^$;$s!#$=$l$K7W2h$b$"$j$^$;$s!#;d$O\e(B Netscape \e$B$r;H$C$F!"%M%C%H\e(B
+\e$B>e$K$"$kBg$-$J\e(B CA \e$B$N0l$D$+$iL5NA$N\e(B @acronym{S/MIME} \e$B$N>ZL@=q$r$b$i$$$^$7\e(B
+\e$B$?!#\e(BNetscape \e$B$OHkL)80$H>ZL@=q$r\e(B PKCS #12 \e$B7A<0$GM"=P\e(B (export) \e$B$9$k$3$H$,\e(B
+\e$B$G$-$^$9!#\e(BOpenSSL \e$B$r;H$C$F!"$3$l$r0J2<$N$h$&$K\e(B PEM \e$B7A<0$K$h$k\e(B
+\e$BAG\e(B (plain) \e$B$N\e(B X.509 \e$B>ZL@=q$KJQ49$7$F$/$@$5$$!#\e(B