[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to set up signing/encryption with GnuPG? Some newbie questions
|
From: |
Kevin Brubeck Unhammer |
|
Subject: |
Re: How to set up signing/encryption with GnuPG? Some newbie questions |
|
Date: |
Tue, 16 Oct 2012 11:21:44 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux) |
Marius Hofert <marius.hofert@math.ethz.ch> writes:
> Hi,
>
> Although I found and read (not necessarily understood :-) ) the security
> related
> parts of the Gnus manual (e.g., C-h i Gnus -> Security), I still have the
> following questions concerning signing and encryption of messages with Gnus:
>
> 1) What is a useful/meaningful setup in ~/.gnus.el for obtaining enabling
> GnusPG
> for PGP/MIME?
> I figured the following to be useful:
> (setq mm-verify-option 'always); always verify signed parts
> (setq mm-decrypt-option 'always); always decrypt encrypted parts
> (setq gnus-message-replysign t); gnus-message-replyencrypt,
> gnus-message-replysignencrypted are already t by default
> I also found Gnus users who set
> (setq gnus-treat-x-pgp-sig t)
> but I could not find sufficient documentation of gnus-treat-x-pgp-sig to
> determine whether this is useful.
There's also these two (defaulting to nil):
mm-sign-option 'guided
mm-encrypt-option 'guided
If set to 'guided, you'll get a menu on sending signed/encrypted
messages asking which key you want to use.
> 2) Why are gnus-message-replyencrypt and gnus-message-replysignencrypted set
> to
> t by default, but gnus-message-replysign defaults to nil? Has this been
> forgotten in the recent change (see
> http://comments.gmane.org/gmane.emacs.gnus.general/75543)?
>
> 3) Is it "good practice" to always sign messages? AFAIK, this does not require
> the recipient to deal with encryption, but he could at least check that the
> message has the correct signature. How would one always sign messages in Gnus
> by
> default?
(no idea)
> 4) Where are my private/public keys? I never saw them nor was asked to
> generate
> them.
You make them with GnuPG (gpg --gen-key); Emacs seems to figure out how
to run gpg on its own.
There are some issues with gpg2 though (specifically, with pinentry).
I've installed gpg1 alongside gpg2 for the time being and have
(when (file-executable-p "/usr/bin/gpg1")
(setq epg-gpg-program "/usr/bin/gpg1"))
More at http://www.emacswiki.org/emacs/EasyPG#toc4
> 5) Am I correct in that signing a message simply requires C-c C-m s p? (and
> signing + encrypting C-c C-m c p?)
Yes. I find `C-c C-m C-s' faster though (pinky never leaves the caps key).
> I tried to send a test mail to adele@gnupp.de (mentioned on the german wiki
> page
> http://de.wikipedia.org/wiki/GNU_Privacy_Guard). I used C-c C-m c p. On
> sending
> via C-c C-c, I received "No public key for <adele@gnupp.de>; skip it? (y or
> n)". I chose 'y', since the public key will be sent by adele@gnupp.de. I then
> obtained "mml2015-epg-encrypt: No recipient specified". What does this mean?
My German is not so good, but it seemed to me you're supposed to just
attach your public key to Adele. So don't encrypt that e-mail. Then she
sends back her own key, but now encrypted for your eyes only. Now you
can save that key as a file on disk, and do
$ gpg --import that-file-on-disk
to import her key. _Now_ you should be able to `C-c C-m C-c' and encrypt
your next email for Adele.
Also, if you want to check my signature, do
$ gpg --keyserver pgp.mit.edu --recv-keys 0x766AC60C
Then in gnus, press "g" to redisplay this email, and it should no longer
say "No public key for …".
I use the following to fetch unknown keys on `C-c k', though it's not
particularly pretty:
#+begin_src emacs-lisp
(defun gnus-article-receive-epg-keys ()
"Fetch unknown keys from a signed message."
(interactive)
(with-current-buffer gnus-article-buffer
(save-excursion
(goto-char (point-min))
(if
(re-search-forward "\\[\\[PGP Signed Part:No public key for
\\([A-F0-9]\\{16,16\\}\\) created at "
nil 'noerror)
(shell-command (format "gpg --keyserver %s --recv-keys %s"
"pgp.mit.edu"
(match-string 1)))
(message "No unknown signed parts found.")))))
(add-hook
'gnus-startup-hook
(lambda nil
(define-key gnus-article-mode-map (kbd "C-c k")
'gnus-article-receive-epg-keys)
(define-key gnus-summary-mode-map (kbd "C-c k")
'gnus-article-receive-epg-keys)))
#+end_src
--
Kevin Brubeck Unhammer
GPG: 0x766AC60C
pgphSmpGPRkhI.pgp
Description: PGP signature