fdfda1b7a699262e4f35057c3d4128f03493c9b5 — Kevin McCarthy 5 days ago c79c769
Mention base64 keydata being stored in the autocrypt database.
1 files changed, 28 insertions(+), 8 deletions(-)

M doc/manual.xml.head
M doc/manual.xml.head => doc/manual.xml.head +28 -8
@@ 9895,15 9895,35 @@ an appropriate signature message for verified messages.
      </para>
      <para>
-       Both methods have one additional caveat: replying to an
-       Autocrypt decrypted message by default forces Autocrypt mode on.
-       By sharing the same key, all replies will then start in
-       Autocrypt mode, even if the message wasn't sent by one of your
-       Autocrypt peers.  <link
-       linkend="autocrypt-reply">$autocrypt_reply</link> can be
-       <emphasis>unset</emphasis> to allow manual control of the mode
-       when replying.
+       Both methods have a couple additional caveats:
      </para>
+     <itemizedlist>
+       <listitem>
+         <para>
+           First, replying to an Autocrypt decrypted message by default
+           forces Autocrypt mode on.  By sharing the same key, all
+           replies will then start in Autocrypt mode, even if a message
+           wasn't sent by one of your Autocrypt peers.  <link
+           linkend="autocrypt-reply">$autocrypt_reply</link> can be
+           <emphasis>unset</emphasis> to allow manual control of the
+           mode when replying.
+         </para>
+       </listitem>
+       <listitem>
+         <para>
+           Second, when Mutt creates an account from a gpg key, it
+           exports the public key, base64 encodes it, and stores that
+           value in the sqlite3 database.  The value is then used in
+           the Autocrypt header added to outgoing emails.  The ECC keys
+           Mutt creates don't change, but if you use external keys that
+           expire, when you resign to extend the expiration you will
+           need to recreate the Autocrypt account using the <link
+           linkend="autocryptdoc-acctmgmt">account menu</link>.
+           Otherwise the Autocrypt header will contain the old expired
+           exported keydata.
+         </para>
+       </listitem>
+     </itemizedlist>
    </sect2>
  </sect1>
  </chapter>