From: Marius Hofert <marius.hofert@math.ethz.ch>
To: gnu.emacs.gnus@googlegroups.com
Cc: info-gnus-english@gnu.org
Subject: Re: How to set up signing/encryption with GnuPG? Some newbie questions
Date: Tue, 16 Oct 2012 07:42:50 -0700 (PDT) [thread overview]
Message-ID: <58e2ae8a-d659-4960-9c43-ccfcd6001efb@googlegroups.com> (raw)
In-Reply-To: <mailman.11101.1350379384.855.info-gnus-english@gnu.org>
> > 1) What is a useful/meaningful setup in ~/.gnus.el for obtaining enabling GnusPG
> > for PGP/MIME?
> > I figured the following to be useful:
> > (setq mm-verify-option 'always); always verify signed parts
> > (setq mm-decrypt-option 'always); always decrypt encrypted parts
> > (setq gnus-message-replysign t); gnus-message-replyencrypt,
> > gnus-message-replysignencrypted are already t by default
> > I also found Gnus users who set
> > (setq gnus-treat-x-pgp-sig t)
> > but I could not find sufficient documentation of gnus-treat-x-pgp-sig to
> > determine whether this is useful.
>
> There's also these two (defaulting to nil):
>
> mm-sign-option 'guided
> mm-encrypt-option 'guided
Thanks, Kevin.
Do you know what gnus-treat-x-pgp-sig does? I could not find documentation on this.
>
> If set to 'guided, you'll get a menu on sending signed/encrypted
> messages asking which key you want to use.
>
> > 2) Why are gnus-message-replyencrypt and gnus-message-replysignencrypted set to
> > t by default, but gnus-message-replysign defaults to nil? Has this been
> > forgotten in the recent change (see
> > http://comments.gmane.org/gmane.emacs.gnus.general/75543)?
> >
> > 3) Is it "good practice" to always sign messages? AFAIK, this does not require
> > the recipient to deal with encryption, but he could at least check that the
> > message has the correct signature. How would one always sign messages in Gnus by
> > default?
>
> (no idea)
In the meantime, I found the solution to 3) on http://www.emacswiki.org/emacs/GnusPGG (just look for "Automatic signing/encryption of messages")
>
> > 4) Where are my private/public keys? I never saw them nor was asked to generate
> > them.
>
> You make them with GnuPG (gpg --gen-key); Emacs seems to figure out how
> to run gpg on its own.
This is strange: I already have a folder ~/.gnupg (owned by root). I found this
problem online at various places and I followed the advice to change the
ownership.
> There are some issues with gpg2 though (specifically, with pinentry).
> I've installed gpg1 alongside gpg2 for the time being and have
>
> (when (file-executable-p "/usr/bin/gpg1")
> (setq epg-gpg-program "/usr/bin/gpg1"))
>
> More at http://www.emacswiki.org/emacs/EasyPG#toc4
>
>
> > 5) Am I correct in that signing a message simply requires C-c C-m s p? (and
> > signing + encrypting C-c C-m c p?)
>
> Yes. I find `C-c C-m C-s' faster though (pinky never leaves the caps key).
Thanks, that's indeed nice.
>
> > I tried to send a test mail to ad...@gnupp.de (mentioned on the german wiki page
> > http://de.wikipedia.org/wiki/GNU_Privacy_Guard). I used C-c C-m c p. On sending
> > via C-c C-c, I received "No public key for <ad...@gnupp.de>; skip it? (y or
> > n)". I chose 'y', since the public key will be sent by ad...@gnupp.de. I then
> > obtained "mml2015-epg-encrypt: No recipient specified". What does this mean?
>
> My German is not so good, but it seemed to me you're supposed to just
> attach your public key to Adele. So don't encrypt that e-mail. Then she
> sends back her own key, but now encrypted for your eyes only. Now you
> can save that key as a file on disk, and do
>
> $ gpg --import that-file-on-disk
>
> to import her key. _Now_ you should be able to `C-c C-m C-c' and encrypt
> your next email for Adele.
>
>
>
> Also, if you want to check my signature, do
>
> $ gpg --keyserver pgp.mit.edu --recv-keys 0x766AC60C
>
> Then in gnus, press "g" to redisplay this email, and it should no longer
> say "No public key for …".
>
> I use the following to fetch unknown keys on `C-c k', though it's not
> particularly pretty:
>
> #+begin_src emacs-lisp
> (defun gnus-article-receive-epg-keys ()
> "Fetch unknown keys from a signed message."
> (interactive)
> (with-current-buffer gnus-article-buffer
> (save-excursion
> (goto-char (point-min))
> (if
> (re-search-forward "\\[\\[PGP Signed Part:No public key for \\([A-F0-9]\\{16,16\\}\\) created at "
> nil 'noerror)
> (shell-command (format "gpg --keyserver %s --recv-keys %s"
> "pgp.mit.edu"
> (match-string 1)))
> (message "No unknown signed parts found.")))))
> (add-hook
> 'gnus-startup-hook
> (lambda nil
> (define-key gnus-article-mode-map (kbd "C-c k") 'gnus-article-receive-epg-keys)
> (define-key gnus-summary-mode-map (kbd "C-c k") 'gnus-article-receive-epg-keys)))
> #+end_src
>
Great, many thanks!
next prev parent reply other threads:[~2012-10-16 14:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-16 7:41 Marius Hofert
2012-10-16 9:21 ` Kevin Brubeck Unhammer
2014-05-15 19:40 ` Peter Münster
[not found] ` <mailman.11101.1350379384.855.info-gnus-english@gnu.org>
2012-10-16 14:42 ` Marius Hofert [this message]
2012-10-16 19:45 ` Kevin Brubeck Unhammer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58e2ae8a-d659-4960-9c43-ccfcd6001efb@googlegroups.com \
--to=marius.hofert@math.ethz.ch \
--cc=gnu.emacs.gnus@googlegroups.com \
--cc=info-gnus-english@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).