`zcrypt` encrypts message bodies, but not the message metadata. In particular, instances are visible to anyone who receives a message (as are senders, times, zsigs, etc., though that's less-frequently an issue).
-h2. Creating a `zcrypt`ed zephyr class
+## Creating a `zcrypt`ed zephyr class
The main requirement for a `zcrypt`ed zephyr class is to have a key and distribute it to all the users of the class. Typically, this is done by storing the key in AFS. You can set that up with:
The last line creates the key, which should be a random byte string of at least 126 characters, none of which should be null or newlines.
-h2. Subbing to a `zcrypt`ed zephyr class
+## Subbing to a `zcrypt`ed zephyr class
This may vary between clients. For traditional zephyr clients, you should sub as usual (in Barnowl, run `:sub classname`).