From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/53382 Path: main.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.general Subject: Re: how to signencrypt with gpg for pgp2 Date: Thu, 10 Jul 2003 17:14:47 +0200 Sender: ding-owner@lists.math.uh.edu Message-ID: References: NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1057850914 2880 80.91.224.249 (10 Jul 2003 15:28:34 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Thu, 10 Jul 2003 15:28:34 +0000 (UTC) Cc: ding@gnus.org Original-X-From: ding-owner+M1926@lists.math.uh.edu Thu Jul 10 17:28:32 2003 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 19adHX-0000QQ-00 for ; Thu, 10 Jul 2003 17:24:27 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 19adI5-0000xm-00; Thu, 10 Jul 2003 10:25:02 -0500 Original-Received: from sclp3.sclp.com ([64.157.176.121]) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 19adI1-0000xh-00 for ding@lists.math.uh.edu; Thu, 10 Jul 2003 10:24:57 -0500 Original-Received: (qmail 4584 invoked by alias); 10 Jul 2003 15:24:56 -0000 Original-Received: (qmail 4579 invoked from network); 10 Jul 2003 15:24:54 -0000 Original-Received: from 178.230.13.217.in-addr.dgcsystems.net (HELO yxa.extundo.com) (217.13.230.178) by sclp3.sclp.com with SMTP; 10 Jul 2003 15:24:54 -0000 Original-Received: from latte.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.9/8.12.9) with ESMTP id h6AFOmka025681 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Thu, 10 Jul 2003 17:24:49 +0200 Original-To: Matthias Andree Mail-Copies-To: nobody X-Payment: hashcash 1.2 0:030710:ma@dt.e-technik.uni-dortmund.de:1f162dc3fb93dc26 X-Hashcash: 0:030710:ma@dt.e-technik.uni-dortmund.de:1f162dc3fb93dc26 X-Payment: hashcash 1.2 0:030710:ding@gnus.org:847d437569707ba4 X-Hashcash: 0:030710:ding@gnus.org:847d437569707ba4 In-Reply-To: (Matthias Andree's message of "Thu, 10 Jul 2003 15:14:59 +0200") User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux) Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:53382 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:53382 Matthias Andree writes: >> We should make the "separate" mode work correctly though. This is >> somewhat unfortunate though. An alternative would be to state that we >> cannot talk to PGP 2.x properly. > > "Replacing PGP 2.x with GnuPG" by Kyle Hasselbacher et al, > , comes to our rescue: > it documents a workaround (with minor errors in the first of the four > stages). It's not trivial, but works. OK, this convinced me. Apparently pure GnuPG users can't talk to PGP 2.x anyway, so this only affect people that have imported their old PGP 2.x into GnuPG but still want to talk to PGP 2.x users. It doesn't look like a broad audience, and they are probably competent enough to either configure PGG to use PGP 2.x (which is supported), or customize pgg-gpg-program to "gpg-2comp", or customize mml-signencrypt-style-alist (although the output doesn't look right in Gnus due to the recursive UU decoding problem, but that may be fixed in the future), or add support for the two-pass mode in pgg-gpg.el, or talk their PGP 2.x users into using GnuPG. I have written down some things learned from this thread in the Message manual, in the Security node. The relevant section included below, comments appreciated. Thanks to everyone who provided information. (Of course, if someone disagree with this, I can be convinced otherwise again. :-)) Using PGP/MIME -------------- PGP/MIME requires an external OpenPGP implementation, such as GNU Privacy Guard (http://www.gnupg.org/). Pre-OpenPGP implementations such as PGP 2.x and PGP 5.x are also supported. One Emacs interface to the PGP implementations, PGG (see *note PGG: (pgg)Top.), is included, but Mailcrypt and Florian Weimer's `gpg.el' are also supported. Note, if you are using the `gpg.el' you must make sure that the directory specified by `gpg-temp-directory' have permissions 0700. Creating your own key is described in detail in the documentation of your PGP implementation, so we refer to it. If you have imported your old PGP 2.x key into GnuPG, and want to send signed and encrypted messages to your fellow PGP 2.x users, you'll discover that the receiver cannot understand what you send. One solution is to use PGP 2.x instead (i.e., if you use `pgg', set `pgg-default-scheme' to `pgp'). If you do want to use GnuPG, you can use a compatibility script called `gpg-2comp' available from . You could also convince your fellow PGP 2.x users to convert to GnuPG. As a final workaround, you can make the sign and encryption work in two steps; separately sign, then encrypt a message. If you would like to change this behavior you can customize the `mml-signencrypt-style-alist' variable. For example: (setq mml-signencrypt-style-alist '(("smime" separate) ("pgp" separate) ("pgpauto" separate) ("pgpmime" separate))) This causes to sign and encrypt in two passes, thus generating a message that can be understood by PGP version 2. (Refer to for more information about the problem.)