info-gnus-english
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

EasyPG for signing and en/decrypting Email


From: Suno Ano
Subject: EasyPG for signing and en/decrypting Email
Date: Sun, 05 Apr 2009 13:43:14 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.91 (gnu/linux)

Hi folks,

I hope it is okay that I put few names into CC which I found out (by
looking at the mail archive) shared an interest into this subject during
the last two years or so ...

Due to the lack of documentation on the matter I am trying to
summarize/clarify a few things and when done, put it onto
http://www.emacswiki.org/emacs/EasyPG so others will have an easier path
to gettings things done with regards to signing and en/decrypting
emails.



There are at least 5 threads started by folks, starting with 2007, which
run into the same obstacles as I did

 - what do I use i.e. pgg? epg? mailcrypt?
 - how do I verify a signature?
 - how do I switch key IDs for signing (manually)
 - how do I switch key IDs for signing automatically based on what
   group I send mail from


Here is what I learned during the past few days:

 - pgg and mailcrypt are obsolete. One should use EasyPG now.
 - EasyPG ships with current Emacs versions like for example 23.0.91.1,
   the one I use
 - one can switch among his key IDs signing and/or en/decryption if
   needed (lines 9 to 18) below



The other day we had another thread which contained this message of
Thierry

 Thierry> if you call `epa-mail-sign' with a prefix arg, you will have
 Thierry> an interface to choose your key.

I set (setq mml2015-verbose t) so I get asked which key ID (I have two)
I want to use for both of the following cases: mml-secure-message-sign
as well as epa-mail-sign. Hmmm ... About that ...

 - there is the Attachment menu providing us with C-c RET C-s (which for
   example invokes mml-secure-message-sign) and friends, but then
 - there also is the epa-* set of commands to do the whole signing and
   encryption/decryption thing.

So what do I use? The mml-* commands or the epa-* ones?


Below is my current setup


 1  (require 'epa)
 2
 3  (setq mml2015-use 'epg)
 4  (setq mml2015-encrypt-to-self t)
 5  (setq mml2015-verbose t)
 6  (setq mml2015-always-trust nil)
 7  (setq mml2015-passphrase-cache-expiry '7200)
 8
 9  (add-hook 'message-setup-hook
10            (lambda ()
11              (if gnus-newsgroup-name
12                  (let ((signers (gnus-group-get-parameter
13                                  gnus-newsgroup-name
14                                  'mml2015-signers
15                                  t)))
16                    (if signers
17                        (set (make-local-variable 'mml2015-signers)
18                             signers))))))
19
20
21  (setq gnus-message-replysign t
22        gnus-message-replyencrypt t
23        gnus-message-replysignencrypted t
24        gnus-treat-x-pgp-sig t
25        mm-verify-option 'always
26        mm-decrypt-option 'always
27  )
28
29  (setq gnus-buttonized-mime-types
30        '("multipart/alternative"
31          "multipart/encrypted"
32          "multipart/signed"))
33
34  (setq mm-coding-system-priorities
35        '(iso-latin-1 iso-latin-9 mule-utf-8))


My question is, signing and choosing a key ID now seems to work because
of line 5.

However, even if I use my own key ID and send mail to myself, verifying
the signature does not seem to work because I see no "[[PGP Signed Part:
Good Signature ...]]" line but just the usual "[[PGP Signed Part:]]"
line i.e. no indication whatsoever Gnus could successfully verify that
(my own) signature.

On the other hand, if I use epa-mail-sign (without a prefix argument)
and then C-c RET P (preview, see Attachment menu), I get the "[[PGP
Signed Part: Good Signature ...]]" line in the preview. Oddly enough,
when I send that mail, the version I receive again only shows "[[PGP
Signed Part:]]".

What is wrong here?


Note: for this post I used C-c RET C-s to sign it with one of my two
keys.

Attachment: pgpSO0cjbWgOC.pgp
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]