From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/15895 Path: news.gmane.org!not-for-mail From: Marius Hofert Newsgroups: gmane.emacs.gnus.user Subject: Re: How to set up signing/encryption with GnuPG? Some newbie questions Date: Tue, 16 Oct 2012 07:42:50 -0700 (PDT) Message-ID: <58e2ae8a-d659-4960-9c43-ccfcd6001efb@googlegroups.com> References: <87a9vmamou.fsf@sklar.v.cablecom.net> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1350398582 31501 80.91.229.3 (16 Oct 2012 14:43:02 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 16 Oct 2012 14:43:02 +0000 (UTC) Cc: info-gnus-english@gnu.org To: gnu.emacs.gnus@googlegroups.com Original-X-From: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Tue Oct 16 16:43:07 2012 Return-path: Envelope-to: gegu-info-gnus-english@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TO8ML-00050W-Tp for gegu-info-gnus-english@m.gmane.org; Tue, 16 Oct 2012 16:43:06 +0200 Original-Received: from localhost ([::1]:41174 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TO8MF-0003l0-2r for gegu-info-gnus-english@m.gmane.org; Tue, 16 Oct 2012 10:42:59 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:57982) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TO8MC-0003ku-Rk for info-gnus-english@gnu.org; Tue, 16 Oct 2012 10:42:58 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TO8M7-00011W-So for info-gnus-english@gnu.org; Tue, 16 Oct 2012 10:42:56 -0400 Original-Received: from mail-ie0-f189.google.com ([209.85.223.189]:60126) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TO8M7-00011G-NJ for info-gnus-english@gnu.org; Tue, 16 Oct 2012 10:42:51 -0400 Original-Received: by mail-ie0-f189.google.com with SMTP id c10so15210871ieb.6 for ; Tue, 16 Oct 2012 07:42:50 -0700 (PDT) Original-Received: by 10.52.71.38 with SMTP id r6mr2323265vdu.12.1350398570487; Tue, 16 Oct 2012 07:42:50 -0700 (PDT) Original-Path: glegroupsg2000goo.googlegroups.com!not-for-mail Original-Newsgroups: gnu.emacs.gnus In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=217.162.131.152; posting-account=dsyhxQoAAABLzi0plWayNf56xCjInCn7 Original-NNTP-Posting-Host: 217.162.131.152 User-Agent: G2/1.0 X-Google-Web-Client: true X-Google-IP: 217.162.131.152 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 209.85.223.189 X-BeenThere: info-gnus-english@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Announcements and discussions for GNUS, the GNU Emacs Usenet newsreader \(in English\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Original-Sender: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.gnus.user:15895 Archived-At: > > 1) What is a useful/meaningful setup in ~/.gnus.el for obtaining enabli= ng GnusPG > > for PGP/MIME? > > I figured the following to be useful: > > (setq mm-verify-option 'always); always verify signed parts > > (setq mm-decrypt-option 'always); always decrypt encrypted parts > > (setq gnus-message-replysign t); gnus-message-replyencrypt, > > gnus-message-replysignencrypted are already t by default > > I also found Gnus users who set > > (setq gnus-treat-x-pgp-sig t) > > but I could not find sufficient documentation of gnus-treat-x-pgp-sig to > > determine whether this is useful. > > There's also these two (defaulting to nil): > > mm-sign-option 'guided > mm-encrypt-option 'guided Thanks, Kevin. Do you know what gnus-treat-x-pgp-sig does? I could not find documentation = on this. > > If set to 'guided, you'll get a menu on sending signed/encrypted > messages asking which key you want to use. > > > 2) Why are gnus-message-replyencrypt and gnus-message-replysignencrypte= d set to > > t by default, but gnus-message-replysign defaults to nil? Has this been > > forgotten in the recent change (see > > http://comments.gmane.org/gmane.emacs.gnus.general/75543)? > > > > 3) Is it "good practice" to always sign messages? AFAIK, this does not = require > > the recipient to deal with encryption, but he could at least check that= the > > message has the correct signature. How would one always sign messages i= n Gnus by > > default? > > (no idea) In the meantime, I found the solution to 3) on http://www.emacswiki.org/ema= cs/GnusPGG (just look for "Automatic signing/encryption of messages") > > > 4) Where are my private/public keys? I never saw them nor was asked to = generate > > them. > > You make them with GnuPG (gpg --gen-key); Emacs seems to figure out how > to run gpg on its own. This is strange: I already have a folder ~/.gnupg (owned by root). I found = this problem online at various places and I followed the advice to change the ownership. > There are some issues with gpg2 though (specifically, with pinentry). > I've installed gpg1 alongside gpg2 for the time being and have > > (when (file-executable-p "/usr/bin/gpg1") > (setq epg-gpg-program "/usr/bin/gpg1")) > > More at http://www.emacswiki.org/emacs/EasyPG#toc4 > > > > 5) Am I correct in that signing a message simply requires C-c C-m s p? = (and > > signing + encrypting C-c C-m c p?) > > Yes. I find `C-c C-m C-s' faster though (pinky never leaves the caps key). Thanks, that's indeed nice. > > > I tried to send a test mail to ad...@gnupp.de (mentioned on the german = wiki page > > http://de.wikipedia.org/wiki/GNU_Privacy_Guard). I used C-c C-m c p. On= sending > > via C-c C-c, I received "No public key for ; skip it? (= y or > > n)". I chose 'y', since the public key will be sent by ad...@gnupp.de. = I then > > obtained "mml2015-epg-encrypt: No recipient specified". What does this = mean? > > My German is not so good, but it seemed to me you're supposed to just > attach your public key to Adele. So don't encrypt that e-mail. Then she > sends back her own key, but now encrypted for your eyes only. Now you > can save that key as a file on disk, and do > > $ gpg --import that-file-on-disk > > to import her key. _Now_ you should be able to `C-c C-m C-c' and encrypt > your next email for Adele. > > > > Also, if you want to check my signature, do > > $ gpg --keyserver pgp.mit.edu --recv-keys 0x766AC60C > > Then in gnus, press "g" to redisplay this email, and it should no longer > say "No public key for =85". > > I use the following to fetch unknown keys on `C-c k', though it's not > particularly pretty: > > #+begin_src emacs-lisp > (defun gnus-article-receive-epg-keys () > "Fetch unknown keys from a signed message." > (interactive) > (with-current-buffer gnus-article-buffer > (save-excursion > (goto-char (point-min)) > (if > (re-search-forward "\\[\\[PGP Signed Part:No public key for \\(= [A-F0-9]\\{16,16\\}\\) created at " > nil 'noerror) > (shell-command (format "gpg --keyserver %s --recv-keys %s" > "pgp.mit.edu" > (match-string 1))) > (message "No unknown signed parts found."))))) > (add-hook > 'gnus-startup-hook > (lambda nil > (define-key gnus-article-mode-map (kbd "C-c k") 'gnus-article-receive-= epg-keys) > (define-key gnus-summary-mode-map (kbd "C-c k") 'gnus-article-receive-= epg-keys))) > #+end_src > Great, many thanks!