-Zephyr at MIT doesn't support* limiting who can sub to a zephyr class, so if you want to have reasonably private conversations, encrypting them is a good idea. `zcrypt` is the standard tool used for doing that.
+Zephyr at MIT doesn't support* limiting who can sub to a zephyr class, so if you want to have reasonably private conversations, encrypting them is a good idea. `zcrypt` is the standard tool for that.
`zcrypt` encrypts message bodies, but not the message metadata. In particular, instances are visible to anyone who receives a message (as are senders, times, zsigs, etc., though that's less-frequently an issue).
-h2. Creating a `zcrypt`ed zephyr class
+## Creating a `zcrypt`ed zephyr class
-The main requirement for a `zcrypt`ed zephyr class is to have a key and distribute it to all the users of the class. Typically, this is done by storing the key in AFS. You can set that up with:
+The main requirement for a `zcrypt`ed zephyr class is to distribute a key to all the intended users of the class. Typically, this is done by storing the key in AFS. You can set that up with:
mkdir -p ~/Public/zcrypt/label/ # Pick an arbitrary label for your class.
fs sa ~/Public/zcrypt/label/ system:anyuser none # Keep randoms from reading your key
The last line creates the key, which should be a random byte string of at least 126 characters, none of which should be null or newlines.
-h2. Subbing to a `zcrypt`ed zephyr class
+## Subbing to a `zcrypt`ed zephyr class
This may vary between clients. For traditional zephyr clients, you should sub as usual (in Barnowl, run `:sub classname`).