opportunistic PGP encryption/signing

opportunistic PGP encryption/signing

[dme]

With the release of a new PGP interface for gnus, I'm again thinking
about more aggressive use of PGP myself.

My idea interface would be one where:
   - all outgoing mail is signed,
   - all outgoing mail is encrypted if I have a key for the receiving
     party/parties,
   - the key used for signing/encryption can be determined by a hook
     function (such as something added to message-send-hook, which I
     currently use for choosing a From: address, signature, etc.).

Coupled with interfaces for acquiring keys, etc. this would be great.

Does it exist ?

Re: opportunistic PGP encryption/signing

[Jack Twilley]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "dme" == dme  <dme@dme.org> writes:

dme> With the release of a new PGP interface for gnus, I'm again
dme> thinking about more aggressive use of PGP myself.

I had similar thoughts recently, and have done some of what you've
described below with bbdb-pgp.

dme> My idea interface would be one where:
dme>  - all outgoing mail is signed,

Nearly all my outgoing mail and posts are signed.  I have bbdb entries
flagged with exceptions (some newsgroups and some people can't deal
with signatures, for example).

dme>  - all outgoing mail is encrypted if I have a key for the
dme>    receiving party/parties,

Other bbdb entries have tags requiring encryption.  I have not yet
written a script to associate keys with bbdb entries or to traverse my
key-ring and set the related encryption tag in the bbdb entries, but
it's on my list.

dme>  - the key used for signing/encryption can be determined by a
dme>    hook function (such as something added to message-send-hook,
dme>    which I currently use for choosing a From: address, 
dme>    signature, etc.).

This would be pretty simple, but it's not something I would ever use
so I never implemented it.

dme> Coupled with interfaces for acquiring keys, etc. this would be
dme> great.

Something that snarfed keys and updated the bbdb would probably
complete my needs in this case.

dme> Does it exist ?

If you think my bbdb-pgp changes would suit your needs, let me know
and I'll post them here.

Jack.
(whee.)
- -- 
Jack Twilley
jmt at twilley dot org
http colon slash slash www dot twilley dot org slash tilde jmt slash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE9k0KfGPFSfAB/ezgRAsEcAKDizrLb+gdS0s5BsqC3K8D71UaEYwCg+i4+
zTMMb3hEzKBrIYRvROPQx2c=
=RRzo
-----END PGP SIGNATURE-----

Re: opportunistic PGP encryption/signing

[Daniel Pittman]

On Thu, 26 Sep 2002, dme@dme.org wrote:
> With the release of a new PGP interface for gnus, I'm again thinking
> about more aggressive use of PGP myself.
> 
> My idea interface would be one where:
>    - all outgoing mail is signed,
>    - all outgoing mail is encrypted if I have a key for the receiving
>      party/parties,
>    - the key used for signing/encryption can be determined by a hook
>      function (such as something added to message-send-hook, which I
>      currently use for choosing a From: address, signature, etc.).
> 
> Coupled with interfaces for acquiring keys, etc. this would be great.
> 
> Does it exist ?

Try <http://anubis.sourceforge.net/>, which proclaims itself to do what
you want independent of the MUA.

It sounds like it's flexible enough to allow you to hook up things by
adding a custom header, though.

OTOH it's a non Emacs solution which may be less than desirable.

     Daniel


-- 
The past is a foreign country: they do things differently there.
        -- L P Hartley, _The Go-Between_

Re: opportunistic PGP encryption/signing

[Andreas Fuchs]

[-- Attachment #1.1: Type: text/plain, Size: 645 bytes --]

On 2002-09-26, Jack Twilley <jmt+usenet@twilley.org> wrote:
> dme>  - all outgoing mail is encrypted if I have a key for the
> dme>    receiving party/parties,
> 
> Other bbdb entries have tags requiring encryption.  I have not yet
> written a script to associate keys with bbdb entries or to traverse my
> key-ring and set the related encryption tag in the bbdb entries, but
> it's on my list.

I've done such a thing, but it is really buggy (the regex matching names
requires special care - it matches a " " at the end too many). Please
don't use the module unmodified, it could might ruin your .bbdb
(i.e. add a lot of dupes).


[-- Attachment #1.2: bbdb-gpg-ring.el --]
[-- Type: application/emacs-lisp, Size: 1535 bytes --]

[-- Attachment #1.3: Type: text/plain, Size: 1256 bytes --]


I hope that helps (even though there are no comments (-;).

> dme>  - the key used for signing/encryption can be determined by a
> dme>    hook function (such as something added to message-send-hook,
> dme>    which I currently use for choosing a From: address, 
> dme>    signature, etc.).
> 
> This would be pretty simple, but it's not something I would ever use
> so I never implemented it.

I don't think it would be very useful for people who have more than one
private key in their ring for one address (people like me, for example,
who created a key with a very old version of gpg and then created a new
one when the security advisory was posted).

> dme> Coupled with interfaces for acquiring keys, etc. this would be
> dme> great.
> 
> Something that snarfed keys and updated the bbdb would probably
> complete my needs in this case.

Yow, that would be really great.

> dme> Does it exist ?
> 
> If you think my bbdb-pgp changes would suit your needs, let me know
> and I'll post them here.

Please do. I hope you're using the mml-secure-message-.*-pgpmime stuff?

Have fun,
-- 
Andreas Fuchs, <asf@acm.org>, asf@jabber.at, antifuchs
Was I helpful?  Let others know:
http://svcs.affero.net/rm.php?r=antifuchs

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]