Use of mime attachments to sign (and verify signed) messages

Use of mime attachments to sign (and verify signed) messages

[Jorge Godoy]

Hi!


Is it possible to configure mailcrypt to use MIME attachments to sign
and also to verify signed messages? IIRC, there's some RFC that says
this is the correct way to use this kind of cryptography stuff...


See you,
-- 
Godoy. <godoy@conectiva.com>

Departamento de Publicações       Conectiva S.A.
Publishing Department             Conectiva Inc.

Re: Use of mime attachments to sign (and verify signed) messages

[Jorge Godoy]

>>>>> On 31 Oct 2000 16:21:26 -0200, Jorge Godoy <godoy@conectiva.com> said:

    JG> Hi!
    JG> Is it possible to configure mailcrypt to use MIME attachments to sign
    JG> and also to verify signed messages? IIRC, there's some RFC that says
    JG> this is the correct way to use this kind of cryptography stuff...

OK, answering myself... I finally found the correct term to explain
what I wanted... Under "Mailcrypt -> Limitations" info node, there is:

        _Detached Signatures_
             Mailcrypt does not support the creation nor the verification of
             detached signatures.


:-((

Is there an alternative program to use with GPG that groks detached
signatures? 



Thanks,
-- 
Godoy. <godoy@conectiva.com>

Departamento de Publicações       Conectiva S.A.
Publishing Department             Conectiva Inc.

Re: Use of mime attachments to sign (and verify signed) messages

[Simon Josefsson]

Jorge Godoy <godoy@conectiva.com> writes:

>     JG> Is it possible to configure mailcrypt to use MIME attachments to sign
>     JG> and also to verify signed messages? IIRC, there's some RFC that says
>     JG> this is the correct way to use this kind of cryptography stuff...
> 
> OK, answering myself... I finally found the correct term to explain
> what I wanted... Under "Mailcrypt -> Limitations" info node, there is:
> 
>         _Detached Signatures_
>              Mailcrypt does not support the creation nor the verification of
>              detached signatures.
>...
> Is there an alternative program to use with GPG that groks detached
> signatures? 

Gnus in CVS support PGP/MIME. 

Re: Use of mime attachments to sign (and verify signed) messages

[Jorge Godoy]

>>>>> On 31 Oct 2000 19:55:58 +0100, Simon Josefsson <sj@extundo.com> said:

    SJ> Gnus in CVS support PGP/MIME. 

I'm using the CVS snapshot (MAIN branch)... Is there any special thing
to do?


[godoy@dagon gnus]$ cvs status ChangeLog 
===================================================================
File: ChangeLog         Status: Up-to-date

   Working revision:    6.0
   Repository revision: 6.0     /usr/local/cvsroot/gnus/ChangeLog,v
   Sticky Tag:          (none)
   Sticky Date:         (none)
   Sticky Options:      (none)



Thanks!
-- 
Godoy. <godoy@conectiva.com>

Departamento de Publicações       Conectiva S.A.
Publishing Department             Conectiva Inc.

Re: Use of mime attachments to sign (and verify signed) messages

[Kai Großjohann]

On 31 Oct 2000, godoy@conectiva.com wrote:
>>>>>> On 31 Oct 2000 19:55:58 +0100, Simon Josefsson <sj@extundo.com>
>>>>>> said:
> 
>     SJ> Gnus in CVS support PGP/MIME. 
> 
> I'm using the CVS snapshot (MAIN branch)... Is there any special
> thing to do?

See the file mml2015.el.  The setup instructions might be sufficient,
but the usage instructions are really concise.  But maybe enough?

kai
-- 
I like BOTH kinds of music.

Re: Use of mime attachments to sign (and verify signed) messages

[ShengHuo ZHU]

Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes:

> On 31 Oct 2000, godoy@conectiva.com wrote:
> >>>>>> On 31 Oct 2000 19:55:58 +0100, Simon Josefsson <sj@extundo.com>
> >>>>>> said:
> > 
> >     SJ> Gnus in CVS support PGP/MIME. 
> > 
> > I'm using the CVS snapshot (MAIN branch)... Is there any special
> > thing to do?
> 
> See the file mml2015.el.  The setup instructions might be sufficient,
> but the usage instructions are really concise.  But maybe enough?

I've removed the instructions.  Now PGP/MIME has been set up, i.e.
rfc2015-setup is no longer needed.  What you need to do is to setup
mailcrypt or use gpg.el, which is alpha and undocumented.  You could
manually select mailcrypt or gpg.el by (setq mml2015-use 'mailcrypt)
or (setq mml2015-use 'gpg).

To encrypt or sign, use menu MML/Security.  Decryption and
verification are automatically invoked.

ShengHuo

Re: Use of mime attachments to sign (and verify signed) messages

[Jorge Godoy]

>>>>> On 31 Oct 2000 18:14:58 -0200, Jorge Godoy <godoy@conectiva.com> said:

>>>>> On 31 Oct 2000 19:55:58 +0100, Simon Josefsson <sj@extundo.com> said:
    SJ> Gnus in CVS support PGP/MIME. 

    JG> I'm using the CVS snapshot (MAIN branch)... Is there any special thing
    JG> to do?

Simon,

It worked with some messages I signed or encrypted to myself.
I've found that messages that I sign are correctly decoded by Gnus,
but messages that other people sign sometimes presents some
problem. I'm suspecting of the char encoding for non-ASCII letters...  
How can I check for that? 


See you,
-- 
Godoy. <godoy@conectiva.com>

Departamento de Publicações       Conectiva S.A.
Publishing Department             Conectiva Inc.

Re: Use of mime attachments to sign (and verify signed) messages

[Jorge Godoy]

>>>>> On 31 Oct 2000 18:44:02 -0500, ShengHuo ZHU <zsh@cs.rochester.edu> said:

    ZSH> I've removed the instructions.  Now PGP/MIME has been set up, i.e.
    ZSH> rfc2015-setup is no longer needed.  What you need to do is to setup
    ZSH> mailcrypt or use gpg.el, which is alpha and undocumented.  You could
    ZSH> manually select mailcrypt or gpg.el by (setq mml2015-use 'mailcrypt)
    ZSH> or (setq mml2015-use 'gpg).

    ZSH> To encrypt or sign, use menu MML/Security.  Decryption and
    ZSH> verification are automatically invoked.

It worked with this new setup (using "(set mml2015-use 'gpg)"), but I
get an error message about a temporary directory permission. Where's
this directory and how can I change it to one in my home directory?


Thank you very much!
-- 
Godoy. <godoy@conectiva.com>

Departamento de Publicações       Conectiva S.A.
Publishing Department             Conectiva Inc.

Re: Use of mime attachments to sign (and verify signed) messages

[ShengHuo ZHU]

Jorge Godoy <godoy@conectiva.com> writes:

> It worked with some messages I signed or encrypted to myself.  I've
> found that messages that I sign are correctly decoded by Gnus, but
> messages that other people sign sometimes presents some problem. I'm
> suspecting of the char encoding for non-ASCII letters...  How can I
> check for that?

When did you update? The latest CVS Gnus should send out message with
all non-ASCII letters encoded in QP or BASE64.

The another problem is that some MUA sends a message with a wrong
micalg.  For some messages, manually replacing micalg=pgp-md5 to
micalg=pgp-sha1 works.  I am not sure whose fault it is.

ShengHuo

Re: Use of mime attachments to sign (and verify signed) messages

[ShengHuo ZHU]

Jorge Godoy <godoy@conectiva.com> writes:

> >>>>> On 31 Oct 2000 18:44:02 -0500, ShengHuo ZHU <zsh@cs.rochester.edu> said:
> 
>     ZSH> I've removed the instructions.  Now PGP/MIME has been set up, i.e.
>     ZSH> rfc2015-setup is no longer needed.  What you need to do is to setup
>     ZSH> mailcrypt or use gpg.el, which is alpha and undocumented.  You could
>     ZSH> manually select mailcrypt or gpg.el by (setq mml2015-use 'mailcrypt)
>     ZSH> or (setq mml2015-use 'gpg).
> 
>     ZSH> To encrypt or sign, use menu MML/Security.  Decryption and
>     ZSH> verification are automatically invoked.
> 
> It worked with this new setup (using "(set mml2015-use 'gpg)"), but I
> get an error message about a temporary directory permission. Where's
> this directory and how can I change it to one in my home directory?

It is the variable gpg-temp-directory.

ShengHuo

Re: Use of mime attachments to sign (and verify signed) messages

[Jorge Godoy]

>>>>> On 31 Oct 2000 19:08:39 -0500, ShengHuo ZHU <zsh@cs.rochester.edu> said:

    ZSH> Jorge Godoy <godoy@conectiva.com> writes:
    >> It worked with some messages I signed or encrypted to myself.  I've
    >> found that messages that I sign are correctly decoded by Gnus, but
    >> messages that other people sign sometimes presents some problem. I'm
    >> suspecting of the char encoding for non-ASCII letters...  How can I
    >> check for that?

    ZSH> When did you update? The latest CVS Gnus should send out message with
    ZSH> all non-ASCII letters encoded in QP or BASE64.

It's fixed now. I've updated it right now.

    ZSH> The another problem is that some MUA sends a message with a wrong
    ZSH> micalg.  For some messages, manually replacing micalg=pgp-md5 to
    ZSH> micalg=pgp-sha1 works.  I am not sure whose fault it is.

I'm having another problem --- OK, I know I'm boring you, but you all
know how a new user is, don't you? :-)) Please, be patient with me ---
with signing messages. It's looking after a 'gpg-2comp' program and
I'm not being able to find where I change this. 

I've tried

(setq gpg-command-default-alist (quote ((gpg . "gpg") (gpg . "gpg"))))

and

(setq gpg-command-default-alist (quote ((gpg . "gpg"))))

in my ~/.gnus, but although the variable value is set up correctly (as
shown by M-x describe-variable) Gnus's still trying to use this
'gpg-2comp' program (BTW, I think that compatibility with PGP2.6
should be left as optional and not as default...)



Thanks for your help!
-- 
Godoy. <godoy@conectiva.com>

Departamento de Publicações       Conectiva S.A.
Publishing Department             Conectiva Inc.

Re: Use of mime attachments to sign (and verify signed) messages

[ShengHuo ZHU]

Jorge Godoy <godoy@conectiva.com> writes:

> I'm having another problem --- OK, I know I'm boring you, but you all
> know how a new user is, don't you? :-)) Please, be patient with me ---
> with signing messages. It's looking after a 'gpg-2comp' program and
> I'm not being able to find where I change this. 
> 
> I've tried
> 
> (setq gpg-command-default-alist (quote ((gpg . "gpg") (gpg . "gpg"))))
> 
> and
> 
> (setq gpg-command-default-alist (quote ((gpg . "gpg"))))
> 
> in my ~/.gnus, but although the variable value is set up correctly (as
> shown by M-x describe-variable) Gnus's still trying to use this
> 'gpg-2comp' program (BTW, I think that compatibility with PGP2.6
> should be left as optional and not as default...)

I am not sure it either. But you could try

(setq gpg-command-default-alist (quote ((gpg . "gpg") (gpg-2comp . "gpg"))))

or

to create gpg-2comp

,----[ gpg-2comp ]
| #!/bin/sh
| exec gpg --rfc1991 "$@"
`----

ShengHuo

Re: Use of mime attachments to sign (and verify signed) messages

[Jorge Godoy]

>>>>> On 31 Oct 2000 19:46:08 -0500, ShengHuo ZHU <zsh@cs.rochester.edu> said:

    ZSH> I am not sure it either. But you could try

    ZSH> (setq gpg-command-default-alist (quote ((gpg . "gpg") (gpg-2comp . "gpg"))))

I've tried that. It causes a loop where I'm asked for my passphrase
indefinitely. (maybe a bug?)

I've kept with

(setq gpg-command-default-alist (quote ((gpg . "gpg"))))

    ZSH> to create gpg-2comp

    ZSH> ,----[ gpg-2comp ]
    ZSH> | #!/bin/sh
    ZSH> | exec gpg --rfc1991 "$@"
    ZSH> `----

I've done:

,----
| #!/bin/bash
| # exec gpg --rfc1991 "$@"
| exec gpg "$@"
`----


But I keep getting "Wrong type argument: stringp, gpg-2comp"
messages. I'm probably missing something... 


-- 
Godoy. <godoy@conectiva.com>

Departamento de Publicações       Conectiva S.A.
Publishing Department             Conectiva Inc.

Re: Use of mime attachments to sign (and verify signed) messages

[ShengHuo ZHU]

Jorge Godoy <godoy@conectiva.com> writes:

> I've tried that. It causes a loop where I'm asked for my passphrase
> indefinitely. (maybe a bug?)

It asks passphrase 3 times for one sign or encrypt.  But you can do
(setq gpg-passphrase-timeout 3600).

> But I keep getting "Wrong type argument: stringp, gpg-2comp"
> messages. I'm probably missing something... 

The package is ALPHA.  I don't know what's wrong.  It is also my first
time.

ShengHuo

Re: Use of mime attachments to sign (and verify signed) messages

[Steve Youngs]

* "ZSH" == ShengHuo ZHU <zsh@cs.rochester.edu> writes:

 ZSH> Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes:
 >>See the file mml2015.el.  The setup instructions might be sufficient,
 >>but the usage instructions are really concise.  But maybe enough?

 ZSH> I've removed the instructions.  Now PGP/MIME has been set up, i.e.
 ZSH> rfc2015-setup is no longer needed.  What you need to do is to setup
 ZSH> mailcrypt or use gpg.el, which is alpha and undocumented.  You could
 ZSH> manually select mailcrypt or gpg.el by (setq mml2015-use 'mailcrypt)
 ZSH> or (setq mml2015-use 'gpg).

 ZSH> To encrypt or sign, use menu MML/Security.  Decryption and
 ZSH> verification are automatically invoked.

Works well, at least with (setq mml2015-use 'mailcrypt).  One question
though, how to turn off the automatic decryption/verification and do
it manually?

-- 
|---<Regards, Steve Youngs>-----------[GnuPG KeyID: EFD82ED2]---|
|     It's a funny thing about life; if you refuse to accept    |
|          anything but the best, you very often get it         |
|-----------------------------<mailto:youngs_s@ozlinx.com.au>---|

Re: Use of mime attachments to sign (and verify signed) messages

[ShengHuo ZHU]

Steve Youngs <youngs_s@ozlinx.com.au> writes:

[...]

> Works well, at least with (setq mml2015-use 'mailcrypt).  One question
> though, how to turn off the automatic decryption/verification and do
> it manually?

(setq mm-verify-option 'never)
(setq mm-decrypt-option 'never)

Then type `W s' on the article (only available in the latest CVS.)

ShengHuo

Re: Use of mime attachments to sign (and verify signed) messages

[Steve Youngs]

* "ZSH" == ShengHuo ZHU <zsh@cs.rochester.edu> writes:

 ZSH> (setq mm-verify-option 'never)
 ZSH> (setq mm-decrypt-option 'never)

 ZSH> Then type `W s' on the article (only available in the latest CVS.)

Wow, talk about interactive computing. :-)  Thanks ShengHuo.

Another challenge for you: Is there anyway to make the modeline show a
'p' indicator for messages signed or encrypted in this way?

-- 
|---<Regards, Steve Youngs>-----------[GnuPG KeyID: EFD82ED2]---|
|     It's a funny thing about life; if you refuse to accept    |
|          anything but the best, you very often get it         |
|-----------------------------<mailto:youngs_s@ozlinx.com.au>---|

Re: Use of mime attachments to sign (and verify signed) messages

[ShengHuo ZHU]

Steve Youngs <youngs_s@ozlinx.com.au> writes:

> Another challenge for you: Is there anyway to make the modeline show a
> 'p' indicator for messages signed or encrypted in this way?

Added.

ShengHuo