From: Kevin Brubeck Unhammer <unhammer@fsfe.org>
To: info-gnus-english@gnu.org
Subject: Re: How to set up signing/encryption with GnuPG? Some newbie questions
Date: Tue, 16 Oct 2012 11:21:44 +0200 [thread overview]
Message-ID: <87vceavkk7.fsf@fsfe.org> (raw)
In-Reply-To: <87a9vmamou.fsf@sklar.v.cablecom.net>
[-- Attachment #1.1: Type: text/plain, Size: 4243 bytes --]
Marius Hofert <marius.hofert@math.ethz.ch> writes:
> Hi,
>
> Although I found and read (not necessarily understood :-) ) the security related
> parts of the Gnus manual (e.g., C-h i Gnus -> Security), I still have the
> following questions concerning signing and encryption of messages with Gnus:
>
> 1) What is a useful/meaningful setup in ~/.gnus.el for obtaining enabling GnusPG
> for PGP/MIME?
> I figured the following to be useful:
> (setq mm-verify-option 'always); always verify signed parts
> (setq mm-decrypt-option 'always); always decrypt encrypted parts
> (setq gnus-message-replysign t); gnus-message-replyencrypt,
> gnus-message-replysignencrypted are already t by default
> I also found Gnus users who set
> (setq gnus-treat-x-pgp-sig t)
> but I could not find sufficient documentation of gnus-treat-x-pgp-sig to
> determine whether this is useful.
There's also these two (defaulting to nil):
mm-sign-option 'guided
mm-encrypt-option 'guided
If set to 'guided, you'll get a menu on sending signed/encrypted
messages asking which key you want to use.
> 2) Why are gnus-message-replyencrypt and gnus-message-replysignencrypted set to
> t by default, but gnus-message-replysign defaults to nil? Has this been
> forgotten in the recent change (see
> http://comments.gmane.org/gmane.emacs.gnus.general/75543)?
>
> 3) Is it "good practice" to always sign messages? AFAIK, this does not require
> the recipient to deal with encryption, but he could at least check that the
> message has the correct signature. How would one always sign messages in Gnus by
> default?
(no idea)
> 4) Where are my private/public keys? I never saw them nor was asked to generate
> them.
You make them with GnuPG (gpg --gen-key); Emacs seems to figure out how
to run gpg on its own.
There are some issues with gpg2 though (specifically, with pinentry).
I've installed gpg1 alongside gpg2 for the time being and have
(when (file-executable-p "/usr/bin/gpg1")
(setq epg-gpg-program "/usr/bin/gpg1"))
More at http://www.emacswiki.org/emacs/EasyPG#toc4
> 5) Am I correct in that signing a message simply requires C-c C-m s p? (and
> signing + encrypting C-c C-m c p?)
Yes. I find `C-c C-m C-s' faster though (pinky never leaves the caps key).
> I tried to send a test mail to adele@gnupp.de (mentioned on the german wiki page
> http://de.wikipedia.org/wiki/GNU_Privacy_Guard). I used C-c C-m c p. On sending
> via C-c C-c, I received "No public key for <adele@gnupp.de>; skip it? (y or
> n)". I chose 'y', since the public key will be sent by adele@gnupp.de. I then
> obtained "mml2015-epg-encrypt: No recipient specified". What does this mean?
My German is not so good, but it seemed to me you're supposed to just
attach your public key to Adele. So don't encrypt that e-mail. Then she
sends back her own key, but now encrypted for your eyes only. Now you
can save that key as a file on disk, and do
$ gpg --import that-file-on-disk
to import her key. _Now_ you should be able to `C-c C-m C-c' and encrypt
your next email for Adele.
Also, if you want to check my signature, do
$ gpg --keyserver pgp.mit.edu --recv-keys 0x766AC60C
Then in gnus, press "g" to redisplay this email, and it should no longer
say "No public key for …".
I use the following to fetch unknown keys on `C-c k', though it's not
particularly pretty:
#+begin_src emacs-lisp
(defun gnus-article-receive-epg-keys ()
"Fetch unknown keys from a signed message."
(interactive)
(with-current-buffer gnus-article-buffer
(save-excursion
(goto-char (point-min))
(if
(re-search-forward "\\[\\[PGP Signed Part:No public key for \\([A-F0-9]\\{16,16\\}\\) created at "
nil 'noerror)
(shell-command (format "gpg --keyserver %s --recv-keys %s"
"pgp.mit.edu"
(match-string 1)))
(message "No unknown signed parts found.")))))
(add-hook
'gnus-startup-hook
(lambda nil
(define-key gnus-article-mode-map (kbd "C-c k") 'gnus-article-receive-epg-keys)
(define-key gnus-summary-mode-map (kbd "C-c k") 'gnus-article-receive-epg-keys)))
#+end_src
--
Kevin Brubeck Unhammer
GPG: 0x766AC60C
[-- Attachment #1.2: Type: application/pgp-signature, Size: 489 bytes --]
[-- Attachment #2: Type: text/plain, Size: 162 bytes --]
_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english
next prev parent reply other threads:[~2012-10-16 9:21 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-16 7:41 Marius Hofert
2012-10-16 9:21 ` Kevin Brubeck Unhammer [this message]
2014-05-15 19:40 ` Peter Münster
[not found] ` <mailman.11101.1350379384.855.info-gnus-english@gnu.org>
2012-10-16 14:42 ` Marius Hofert
2012-10-16 19:45 ` Kevin Brubeck Unhammer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vceavkk7.fsf@fsfe.org \
--to=unhammer@fsfe.org \
--cc=info-gnus-english@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).