pgg doesn't mention that the signature is untrusted

pgg doesn't mention that the signature is untrusted

[David Kågedal]

PGG can tell verify signatures, and if I button2-click an extra time
on the button, it will give me full information about the key that
signed the message.  So far, so good.

But in the pre-pgg days, when the message was signed by I can to which
gpg couldn't find a trust path, it would display "Utrusted: Some Name
<foo@bar>".  Today, you won't see that mentioned unless you click the
button to get full information.

-- 
David Kågedal

Re: pgg doesn't mention that the signature is untrusted

[Simon Josefsson]

David Kågedal <davidk@lysator.liu.se> writes:

> PGG can tell verify signatures, and if I button2-click an extra time
> on the button, it will give me full information about the key that
> signed the message.  So far, so good.
>
> But in the pre-pgg days, when the message was signed by I can to which
> gpg couldn't find a trust path, it would display "Utrusted: Some Name
> <foo@bar>".  Today, you won't see that mentioned unless you click the
> button to get full information.

This is probably also because the status parsing change.  Does loading
contrib/gpg.el help?  If someone would like to remove the use of
`gpg-unabbrev-trust-alist' in mml2015.el it would help.

Re: pgg doesn't mention that the signature is untrusted

[Josh Huber]

Simon Josefsson <jas@extundo.com> writes:

> This is probably also because the status parsing change.  Does
> loading contrib/gpg.el help?  If someone would like to remove the
> use of `gpg-unabbrev-trust-alist' in mml2015.el it would help.

Does PGG even using the status output?  expanding the button doesn't
show any of it...

-- 
Josh Huber

Re: pgg doesn't mention that the signature is untrusted

[Simon Josefsson]

Josh Huber <huber@alum.wpi.edu> writes:

> Simon Josefsson <jas@extundo.com> writes:
>
>> This is probably also because the status parsing change.  Does
>> loading contrib/gpg.el help?  If someone would like to remove the
>> use of `gpg-unabbrev-trust-alist' in mml2015.el it would help.
>
> Does PGG even using the status output?  

Yes, it looks for DECRYPTION_OKAY and GOODSIG.

> expanding the button doesn't show any of it...

PGP or PGPMIME?  It works here for the tests I posted to gnus.test on
quimby.

Re: pgg doesn't mention that the signature is untrusted

[David Kågedal]

Simon Josefsson <jas@extundo.com> writes:

> David Kågedal <davidk@lysator.liu.se> writes:
>
>> PGG can tell verify signatures, and if I button2-click an extra time
>> on the button, it will give me full information about the key that
>> signed the message.  So far, so good.
>>
>> But in the pre-pgg days, when the message was signed by I can to which
>> gpg couldn't find a trust path, it would display "Utrusted: Some Name
>> <foo@bar>".  Today, you won't see that mentioned unless you click the
>> button to get full information.
>
> This is probably also because the status parsing change.  Does loading
> contrib/gpg.el help?  If someone would like to remove the use of
> `gpg-unabbrev-trust-alist' in mml2015.el it would help.

I loaded contrib/gpg.el in my running gnus, and it made no difference.

-- 
David Kågedal

Re: pgg doesn't mention that the signature is untrusted

[Simon Josefsson]

[-- Attachment #1: Type: text/plain, Size: 964 bytes --]

David Kågedal <davidk@lysator.liu.se> writes:

> Simon Josefsson <jas@extundo.com> writes:
>
>> David Kågedal <davidk@lysator.liu.se> writes:
>>
>>> PGG can tell verify signatures, and if I button2-click an extra time
>>> on the button, it will give me full information about the key that
>>> signed the message.  So far, so good.
>>>
>>> But in the pre-pgg days, when the message was signed by I can to which
>>> gpg couldn't find a trust path, it would display "Utrusted: Some Name
>>> <foo@bar>".  Today, you won't see that mentioned unless you click the
>>> button to get full information.
>>
>> This is probably also because the status parsing change.  Does loading
>> contrib/gpg.el help?  If someone would like to remove the use of
>> `gpg-unabbrev-trust-alist' in mml2015.el it would help.
>
> I loaded contrib/gpg.el in my running gnus, and it made no difference.

I removed the dependency on gpg.el, does it work on e.g. this mail?

[-- Attachment #2: Type: application/pgp-signature, Size: 348 bytes --]

Re: pgg doesn't mention that the signature is untrusted

[David Kågedal]

Simon Josefsson <jas@extundo.com> writes:

> I removed the dependency on gpg.el, does it work on e.g. this mail?

I don't have access to your public key (it's not on the keyserver that
gpg tried to use), so I just get "Failed".

But I tried another message, and it looks good.  Example below

[[PGP Signed Part:Andreas Fuchs <asf@void.at>
Untrusted, Fingerprint: 7E3A 9931 2430 BC5A 51AC F960 B9C0 C058 04D7 F45F]]

Thanks

-- 
David Kågedal

Re: pgg doesn't mention that the signature is untrusted

[Mark Trettin]

* On: Thu, 10 Oct 2002 18:41:27 +0200 Simon Josefsson writes:
> David Kågedal <davidk@lysator.liu.se> writes:
>> Simon Josefsson <jas@extundo.com> writes:

[...]

>>> This is probably also because the status parsing change.  Does loading
>>> contrib/gpg.el help?  If someone would like to remove the use of
>>> `gpg-unabbrev-trust-alist' in mml2015.el it would help.
>> 
>> I loaded contrib/gpg.el in my running gnus, and it made no difference.

> I removed the dependency on gpg.el, does it work on e.g. this mail?

Works nice now. Thanks. But it seems that passphrase caching no longer
works.

Bis dann

	 Mark
-- 
Mark Trettin · Aachen · Germany · Where is Aachen? --> N: 50°46' E: 06°05'
BOFH excuse #115:

your keyboard's space bar is generating spurious keycodes.

Re: pgg doesn't mention that the signature is untrusted

[Simon Josefsson]

Mark Trettin <mtr-dev0@gmx.de> writes:

> * On: Thu, 10 Oct 2002 18:41:27 +0200 Simon Josefsson writes:
>> David Kågedal <davidk@lysator.liu.se> writes:
>>> Simon Josefsson <jas@extundo.com> writes:
>
> [...]
>
>>>> This is probably also because the status parsing change.  Does loading
>>>> contrib/gpg.el help?  If someone would like to remove the use of
>>>> `gpg-unabbrev-trust-alist' in mml2015.el it would help.
>>> 
>>> I loaded contrib/gpg.el in my running gnus, and it made no difference.
>
>> I removed the dependency on gpg.el, does it work on e.g. this mail?
>
> Works nice now. Thanks. But it seems that passphrase caching no longer
> works.

Passphrase caching never worked with PGG for me so I guess that is a
separate bug.  Or did passphrase caching used to work with PGG for
you before this change?

Re: pgg doesn't mention that the signature is untrusted

[Josh Huber]

Simon Josefsson <jas@extundo.com> writes:

> Passphrase caching never worked with PGG for me so I guess that is a
> separate bug.  Or did passphrase caching used to work with PGG for
> you before this change?

Works for me with this setting:

(setq pgg-passphrase-cache-expiry 300)

-- 
Josh Huber

Re: pgg doesn't mention that the signature is untrusted

[Simon Josefsson]

Josh Huber <huber@alum.wpi.edu> writes:

> Simon Josefsson <jas@extundo.com> writes:
>
>> Passphrase caching never worked with PGG for me so I guess that is a
>> separate bug.  Or did passphrase caching used to work with PGG for
>> you before this change?
>
> Works for me with this setting:
>
> (setq pgg-passphrase-cache-expiry 300)

Not here, it seems to be a bug; PGG stores the passphrase on the key
ID actually used by GnuPG to sign something, but it later looks up the
passphrase using the first private key ID from --list-secret-keys.
This didn't work for me as I have many secret keys.  Hm.  Shouldn't be
difficult to fix, I think.

Re: pgg doesn't mention that the signature is untrusted

[Josh Huber]

Simon Josefsson <jas@extundo.com> writes:

> Not here, it seems to be a bug; PGG stores the passphrase on the key
> ID actually used by GnuPG to sign something, but it later looks up
> the passphrase using the first private key ID from
> --list-secret-keys.  This didn't work for me as I have many secret
> keys.  Hm.  Shouldn't be difficult to fix, I think.

Perhaps it works for me because of this configuration?

(setq jmh::primary-key "6B21489A")
(setq pgg-passphrase-cache-expiry 300)
(setq pgg-default-user-id jmh::primary-key)

-- 
Josh Huber

Re: pgg doesn't mention that the signature is untrusted

[Simon Josefsson]

Josh Huber <huber@alum.wpi.edu> writes:

> Simon Josefsson <jas@extundo.com> writes:
>
>> Not here, it seems to be a bug; PGG stores the passphrase on the key
>> ID actually used by GnuPG to sign something, but it later looks up
>> the passphrase using the first private key ID from
>> --list-secret-keys.  This didn't work for me as I have many secret
>> keys.  Hm.  Shouldn't be difficult to fix, I think.
>
> Perhaps it works for me because of this configuration?
>
> (setq jmh::primary-key "6B21489A")
> (setq pgg-passphrase-cache-expiry 300)
> (setq pgg-default-user-id jmh::primary-key)

Yes, I leave the `pgg-default-user-id' to its default value "jas",
which matches several keys and PGG picks the first one which turns out
to be a expired key I don't use anymore.  PGG should handle this
without additional configuration IMHO.  I added it to my TODO list..

Re: pgg doesn't mention that the signature is untrusted

[Mark Trettin]

* On: Fri, 11 Oct 2002 06:17:41 +0200 Simon Josefsson writes:

[ sorry for the late response ]

> Josh Huber <huber@alum.wpi.edu> writes:
>> Simon Josefsson <jas@extundo.com> writes:
>> 
>>> Not here, it seems to be a bug; PGG stores the passphrase on the key
>>> ID actually used by GnuPG to sign something, but it later looks up
>>> the passphrase using the first private key ID from
>>> --list-secret-keys.  This didn't work for me as I have many secret
>>> keys.  Hm.  Shouldn't be difficult to fix, I think.
>> 
>> Perhaps it works for me because of this configuration?
>> 
>> (setq jmh::primary-key "6B21489A")
>> (setq pgg-passphrase-cache-expiry 300)
>> (setq pgg-default-user-id jmh::primary-key)

> Yes, I leave the `pgg-default-user-id' to its default value "jas",
> which matches several keys and PGG picks the first one which turns out
> to be a expired key I don't use anymore.  PGG should handle this
> without additional configuration IMHO.  I added it to my TODO list..

I figured out when caching works (for me) and when it doesn't.

It works for all mails *I* encrypted to¹ myself and another recipient.
But it does not work for mails that were encrypted by others *to* me
and themselves. Then PGG always asks me for the passphrase of the
sender's key-id. Tested with gpg v1.0.6 and v1.2.0.

,----
| [GNUPG:] ENC_TO 1DED9050DB90BB4A 16 0
| [GNUPG:] USERID_HINT 1DED9050DB90BB4A Mark Trettin <snipped>
| [GNUPG:] NEED_PASSPHRASE 1DED9050DB90BB4A AE51CC4123467AF1 16 0
| [GNUPG:] GOOD_PASSPHRASE
| [GNUPG:] ENC_TO 4138A8C151C7A0DB 16 0
| [GNUPG:] NO_SECKEY 4138A8C151C7A0DB
| [GNUPG:] BEGIN_DECRYPTION
| [GNUPG:] SIG_ID TKhfrEdHg1EpB1U9HyVpUWL/G/0 2002-10-14 1034624614
| [GNUPG:] GOODSIG 9D8F3593032E13AC Yvonne Hoffmüller <snipped>
| [GNUPG:] VALIDSIG D2F106C3873507C8F06446069D8F3593032E13AC 2002-10-14 1034624614 0
| [GNUPG:] TRUST_FULLY
| [GNUPG:] DECRYPTION_OKAY
| [GNUPG:] GOODMDC
| [GNUPG:] END_DECRYPTION
`----

Everytime I visit the above mail I need to renter my passphrase.

,----
| [GNUPG:] ENC_TO 4138A8C151C7A0DB 16 0
| [GNUPG:] ENC_TO 1DED9050DB90BB4A 16 0
| [GNUPG:] USERID_HINT 1DED9050DB90BB4A Mark Trettin <snipped>
| [GNUPG:] NEED_PASSPHRASE 1DED9050DB90BB4A AE51CC4123467AF1 16 0
| [GNUPG:] GOOD_PASSPHRASE
| [GNUPG:] NO_SECKEY 4138A8C151C7A0DB
| [GNUPG:] BEGIN_DECRYPTION
| [GNUPG:] SIG_ID g3fcQ49lvXr5KM8ecQ82mt2YyyI 2002-10-14 1034630253
| [GNUPG:] GOODSIG AE51CC4123467AF1 Mark Trettin <snipped>
| [GNUPG:] VALIDSIG EB0DE52C22DB340030AF11D9AE51CC4123467AF1 2002-10-14 1034630253 0
| [GNUPG:] TRUST_ULTIMATE
| [GNUPG:] DECRYPTION_OKAY
| [GNUPG:] GOODMDC
| [GNUPG:] END_DECRYPTION
`----

Visiting this mail works with the cached passphrase. 

Maybe it has something to do with order of this "ENC_TO/USERID_HINT"
stuff?

Or am I just plainly mistaken and everything works as intendend, thus
caching is only supposed to work for mails I encrypted?
 
Bye

	 Mark

______________ 
¹  is it "encrypt to" or "encrypt for"?
-- 
Mark Trettin · Aachen · Germany · Where is Aachen? --> N: 50°46' E: 06°05'
BOFH excuse #67:

descramble code needed from software company