Gnus PGP Questions

Gnus PGP Questions

[Christoph Seibert]

Hi!

We (a friend of mine and myself) are trying to use PGP following RFC
2015 (PGP-Elkins, which integrates PGP with MIME, using the
<application/pgp-encrypted> - header) with Gnus. We're using Gnus
5.4.52, MailCrypt 3.4 and tm 7.82 (?) in XEmacs 20.2. My friend put
together some questions on this topic, which he asked me to mail here.

Here goes:

About _writing_ PGP-encrypted messages:

1) When I do mime-editor/set-encrypt and try to send the message, the
complete "To:" address is used to find the key in the public
keyring. When no matching key is found, it seems I can only try to
"fetch" it. I haven't found a way yet to enter an alternative key-ID
by hand (as in mc-encrypt). So when someone has a new mail address or
there's a slight change in the user ID, I can't send him a
PGP-encrypted message without him adding the new ID to his key and me
adding this key to my public keyring. This is very annoying. :-(

2) How can I send messages "Sign & Encrypt"? mime-editor/set-encrypt
and -/set-sign seem to exclude each other. When I call both, only the
function called last is executed (i.e., the message gets either
signed or encrypted, but not both). mc-pgp-always-sign is set to
t, so when I use mc-encrypt to send the message, the message gets both
signed and encrypted - only not following PGP-Elkins, but PGP-Kazu.

About _reading__ PGP-encrypted messages:

I can read PGP/MIME messages by using mouse-2 on the appropriate
MIME-header. However, the decrypted message is shown in a
"preview"-buffer, so when I try to "Reply & Yank", the original,
encrypted message is quoted. When I mc-decrypt the message, the
MIME-headers remain as plain text in the decrypted message.
Also, quoted-printable messages get "broken" this way, as there is no
appropriate mail header for q-p any more. umlauts (is there an english
word for that?) don't get displayed correctly, because the q-p header
now resides in the (sub-)MIME-headers of the
<application/pgp-encrypted> part and not in the mail header.

How can I (without calling "only" mc-decrypt)

1) reply to PGP-encrypted messages so that the decrypted message gets
quoted?

2) optionally (or always) replace the en- by the decrypted message on
disk as in mc-decrypt?

3) decrypt and display a PGP-encrypted message by pressing a key in
the Summary buffer or automagically by using an appropriate hook
without having to use the mouse? That is, how can I simulate mouse-2
on the appropriate MIME-header?
Do I have to write a function that changes to the Article buffer,
searches for the MIME-header in question by regexp, moves the cursor
to that header and calls the MIME-decode-function?

I hope this hasn't been too long and not too hard to understand.

Of course, I also hope that someone can help us.

Bye,
Christoph

-- 
--- Christoph Seibert (seibert@cs.uni-bonn.de seibert@dmcs.de) ---
-- Farlon Dragon -==(UDIC)==-    http://home.pages.de/~seibert/ --
- Who can possibly rule if no one                                -
-         who wants to can be allowed to?     - D. Adams, HHGTTG -

Re: Gnus PGP Questions

[+list.ding]

[-- Attachment #1: Type: text/plain, Size: 2728 bytes --]

| 98-04-02 Stainless Steel Rat <ratinox@peorth.gweep.net> list.ding
|
| >>>>> "CS" == Christoph Seibert <seibert@cs.uni-bonn.de> writes:
| CS> <application/pgp-encrypted> - header) with Gnus.
|
| Hoo-boy.
|
| Both PGP/MIME and X-PGP have similar flaws: if the message body is altered
| by the inclusion or removal of whitespace, a transformation that many
| transfer agents will perform, it is impossible to properly reconstruct the
| message for validation or decryption.

Erm. I haven't encountered such MTA yet.
The PGP/MIME has worked fine. It's also standard.

| CS> When no matching key is found, it seems I can only try to "fetch" it. I
| CS> haven't found a way yet to enter an alternative key-ID by hand (as in
| CS> mc-encrypt).
|
| The PGP/MIME tools are woefully inadequate for any serious PGP user.

I have used PGP/MIME for 2 years now without problems in Emacs/TM.

| suggestion is to use mailcrypt instead.  It works, it works as reliably as
| PGP itself.  Any good MUA that groks PGP will (or at least can) hide PGP's
| delimiter lines and signature blocks.


| [Christoper continues]
|
|1) When I do mime-editor/set-encrypt and try to send the message, the
|complete "To:" address is used to find the key...
| So when someone has a new mail address or
|there's a slight change in the user ID, I can't send him a
|PGP-encrypted message without him adding the new ID to his key and me
|adding this key to my public keyring. This is very annoying. :-(

TinyPgp can handle this. you just define REGEXP to match
emails and specify keyHexId or email address where to translate the

See section 12.7 from the manual.
ftp://cs.uta.fi/pub/ssjaaa/ema-tipgp.html

|2) How can I send messages "Sign & Encrypt"? mime-editor/set-encrypt

TinyPgp has this "one pass, Sign & Encrypt" command: C-c / t

|signed and encrypted - only not following PGP-Elkins, but PGP-Kazu.

But for MIME you don't have to call it yourself.

|How can I (without calling "only" mc-decrypt)
|
|1) reply to PGP-encrypted messages so that the decrypted message gets
|quoted?

Good suggestion. I haven't thought this yet. Will be
corrected in next release.

|2) optionally (or always) replace the en- by the decrypted message on
|disk as in mc-decrypt?

Replacing MIM/PGP message is a bit hairy, because TM takes the
control. But I check if I have add this feature to TinyPgp too.

|3) decrypt and display a PGP-encrypted message by pressing a key in
|the Summary buffer or automagically by using an appropriate hook
|without having to use the mouse? That is, how can I simulate mouse-2
|on the appropriate MIME-header?

TinyPgp has Summary-minor mode, but I don't it doesn't know MIMe/PGP
yet, only regular PGP. I'll add this feature to todo.

jari


[-- Attachment #2: Type: application/pgp-signature, Size: 244 bytes --]