From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/15894 Path: news.gmane.org!not-for-mail From: Kevin Brubeck Unhammer Newsgroups: gmane.emacs.gnus.user Subject: Re: How to set up signing/encryption with GnuPG? Some newbie questions Date: Tue, 16 Oct 2012 11:21:44 +0200 Message-ID: <87vceavkk7.fsf@fsfe.org> References: <87a9vmamou.fsf@sklar.v.cablecom.net> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8719429736283254733==" X-Trace: ger.gmane.org 1350379385 19392 80.91.229.3 (16 Oct 2012 09:23:05 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 16 Oct 2012 09:23:05 +0000 (UTC) To: info-gnus-english@gnu.org Original-X-From: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Tue Oct 16 11:23:12 2012 Return-path: Envelope-to: gegu-info-gnus-english@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TO3Ml-00009x-4g for gegu-info-gnus-english@m.gmane.org; Tue, 16 Oct 2012 11:23:11 +0200 Original-Received: from localhost ([::1]:45501 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TO3Me-0007o4-8d for gegu-info-gnus-english@m.gmane.org; Tue, 16 Oct 2012 05:23:04 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:36871) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TO3MY-0007ne-HP for info-gnus-english@gnu.org; Tue, 16 Oct 2012 05:23:03 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TO3MW-000639-UQ for info-gnus-english@gnu.org; Tue, 16 Oct 2012 05:22:58 -0400 Original-Received: from plane.gmane.org ([80.91.229.3]:35161) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TO3MW-000630-Ko for info-gnus-english@gnu.org; Tue, 16 Oct 2012 05:22:56 -0400 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1TO3MZ-0008Oj-Fx for info-gnus-english@gnu.org; Tue, 16 Oct 2012 11:22:59 +0200 Original-Received: from cde31bf51.dhcp.as2116.net ([81.191.49.222]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 16 Oct 2012 11:22:59 +0200 Original-Received: from unhammer by cde31bf51.dhcp.as2116.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 16 Oct 2012 11:22:59 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 152 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: cde31bf51.dhcp.as2116.net User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux) Cancel-Lock: sha1:RV8TIrr254CJ26gdxQg/mHU/LeY= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: info-gnus-english@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Announcements and discussions for GNUS, the GNU Emacs Usenet newsreader \(in English\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Original-Sender: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.gnus.user:15894 Archived-At: --===============8719429736283254733== Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Marius Hofert writes: > Hi, > > Although I found and read (not necessarily understood :-) ) the security = related > parts of the Gnus manual (e.g., C-h i Gnus -> Security), I still have the > following questions concerning signing and encryption of messages with Gn= us: > > 1) What is a useful/meaningful setup in ~/.gnus.el for obtaining enabling= GnusPG > for PGP/MIME? > I figured the following to be useful: > (setq mm-verify-option 'always); always verify signed parts > (setq mm-decrypt-option 'always); always decrypt encrypted parts > (setq gnus-message-replysign t); gnus-message-replyencrypt, > gnus-message-replysignencrypted are already t by default > I also found Gnus users who set > (setq gnus-treat-x-pgp-sig t) > but I could not find sufficient documentation of gnus-treat-x-pgp-sig to > determine whether this is useful. There's also these two (defaulting to nil): mm-sign-option 'guided mm-encrypt-option 'guided If set to 'guided, you'll get a menu on sending signed/encrypted messages asking which key you want to use. > 2) Why are gnus-message-replyencrypt and gnus-message-replysignencrypted = set to > t by default, but gnus-message-replysign defaults to nil? Has this been > forgotten in the recent change (see > http://comments.gmane.org/gmane.emacs.gnus.general/75543)? > > 3) Is it "good practice" to always sign messages? AFAIK, this does not re= quire > the recipient to deal with encryption, but he could at least check that t= he > message has the correct signature. How would one always sign messages in = Gnus by > default? (no idea) > 4) Where are my private/public keys? I never saw them nor was asked to ge= nerate > them.=20 You make them with GnuPG (gpg --gen-key); Emacs seems to figure out how to run gpg on its own. There are some issues with gpg2 though (specifically, with pinentry). I've installed gpg1 alongside gpg2 for the time being and have (when (file-executable-p "/usr/bin/gpg1") (setq epg-gpg-program "/usr/bin/gpg1")) More at http://www.emacswiki.org/emacs/EasyPG#toc4 > 5) Am I correct in that signing a message simply requires C-c C-m s p? (a= nd > signing + encrypting C-c C-m c p?) Yes. I find `C-c C-m C-s' faster though (pinky never leaves the caps key). > I tried to send a test mail to adele@gnupp.de (mentioned on the german wi= ki page > http://de.wikipedia.org/wiki/GNU_Privacy_Guard). I used C-c C-m c p. On s= ending > via C-c C-c, I received "No public key for ; skip it? (y = or > n)". I chose 'y', since the public key will be sent by adele@gnupp.de. I = then > obtained "mml2015-epg-encrypt: No recipient specified". What does this me= an? My German is not so good, but it seemed to me you're supposed to just attach your public key to Adele. So don't encrypt that e-mail. Then she sends back her own key, but now encrypted for your eyes only. Now you can save that key as a file on disk, and do=20 $ gpg --import that-file-on-disk to import her key. _Now_ you should be able to `C-c C-m C-c' and encrypt your next email for Adele. Also, if you want to check my signature, do $ gpg --keyserver pgp.mit.edu --recv-keys 0x766AC60C Then in gnus, press "g" to redisplay this email, and it should no longer say "No public key for =E2=80=A6".=20 I use the following to fetch unknown keys on `C-c k', though it's not particularly pretty: #+begin_src emacs-lisp (defun gnus-article-receive-epg-keys () "Fetch unknown keys from a signed message." (interactive) (with-current-buffer gnus-article-buffer (save-excursion (goto-char (point-min)) (if (re-search-forward "\\[\\[PGP Signed Part:No public key for \\([A-F0-9]\= \{16,16\\}\\) created at " nil 'noerror) (shell-command (format "gpg --keyserver %s --recv-keys %s" "pgp.mit.edu" (match-string 1))) (message "No unknown signed parts found."))))) (add-hook 'gnus-startup-hook (lambda nil (define-key gnus-article-mode-map (kbd "C-c k") 'gnus-article-receive-ep= g-keys) (define-key gnus-summary-mode-map (kbd "C-c k") 'gnus-article-receive-ep= g-keys))) #+end_src =2D-=20 Kevin Brubeck Unhammer GPG: 0x766AC60C --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJQfScoAAoJEHQmBt52asYMJ2QH/A2ZEnoZT6jyXDvAYMxHaHR1 yew3dLy1tL3CgUkPS0OkEGxhQN36N/GWehDu/rwcRSDibCoNTKtmTmlYyAwfb3ey OHjpaIgx1r41g6ns8GWzONMi8YjXm7gyIMy3APJ8VlT6oKjeEB9/AFZmFpsd5KqH k8SmLnLzfnmWN6b235wDC+kHwo74QnvXzL8FtBad+TIicwQ9d2syhywMXv15KwOF 0zNYuwFkzai2HGIXSKUCr3IAgraa4aFyyoshNiAbyE0XOJWctFOkqxEt/X25G/7O aGAjwyFB9IBx1T1BYr+yMeOMXq5Am8pZaqoqEdZztr010dXE4thm4GSlcutvjtM= =nKPU -----END PGP SIGNATURE----- --=-=-=-- --===============8719429736283254733== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english --===============8719429736283254733==--