A few questions on signing/encrypting emails

A few questions on signing/encrypting emails

[Leo]

[-- Attachment #1: Type: text/plain, Size: 1411 bytes --]

Hi all,

I lately received some signed emails and I don't know how to properly
handle them. So I started learning to use signing/encrypting
facilities in Gnus by reading the security section in message info.

I have few questions:

        o When signing an email, my private key will be used, right?
          And I could encrypt an email with just the recipient's pub
          key. But when I send an encrypted email, I will also be
          prompted to input passphrase. Does this mean signing is
          automatically done?

        o What is the simplest way to handle multiple personal keys? I
          created two keys. One for work and one for anything
          else. But when I signed an email, only the one indicated by
          pgg-default-user-id is used.

          I am somehow stuck with Gnus 5.11 but I have easypg
          installed. As I understood, for Gnus 5.11 to sign/encrypt
          emails using epg, I need to use pgg-epg.el which is also
          installed.
          
        o When I try to encrypt an email to a recipient whose pub key
          is not in my pub-key-ring, I will get an error
          (wrong-type-argument epg-key-p nil) (full backtrace
          attached). How to set up gnus to import the pubkey from
          key-server?

If you have any suggestions on signing and encrypting emails, I am
very happy to hear them. Thank you in advance for your help.

[-- Attachment #2: epg-bt.log --]
[-- Type: text/plain, Size: 4049 bytes --]

Debugger entered--Lisp error: (wrong-type-argument epg-key-p nil)
  signal(wrong-type-argument (epg-key-p nil))
  (condition-case error (setq cipher (epg-encrypt-string context ... ... sign t) pgg-epg-secret-key-id-list nil) (error (while pgg-epg-secret-key-id-list ... ...) (signal ... ...)))
  (let ((context ...) (inhibit-redisplay t) cipher) (epg-context-set-armor context t) (epg-context-set-textmode context pgg-text-mode) (epg-context-set-passphrase-callback context (function pgg-epg-passphrase-callback)) (save-excursion (set-buffer ...) (erase-buffer) (set-buffer ...) (erase-buffer)) (condition-case error (setq cipher ... pgg-epg-secret-key-id-list nil) (error ... ...)) (save-excursion (set-buffer ...) (insert cipher)) t)
  pgg-epg-encrypt-region(1 637 ("steve@sxemacs.org") t nil)
  funcall(pgg-epg-encrypt-region 1 637 ("steve@sxemacs.org") t nil)
  apply(funcall pgg-epg-encrypt-region (1 637 ("steve@sxemacs.org") t nil))
  pgg-invoke("encrypt-region" epg 1 637 ("steve@sxemacs.org") t nil)
  pgg-encrypt-region(1 637 ("steve@sxemacs.org") t)
  mml2015-pgg-encrypt((part (sign . "pgpmime") (encrypt . "pgpmime") (tag-location . 1286) (contents . "\nHi Steve,\n\n* [2006.12.11 01:35 +1000] Steve Youngs wrote:\n                           ^^^^^^^^^^^^\n> * Sebastian Freundt <hroptatyr@sxemacs.org> writes:\n>\n>   > Hm, now that I've seen all the goals, it would have been wise to\n>   > put 22.1.7 in steve@sxemacs.org--2008, would it not? :)\n>\n> Well, the thought did cross my mind, but then I realised that I'd miss\n> all those annual events that involve beer consumption.  You know,\n> birthdays, anniversaries, Octoberfest, any day ending in a `y'. :-)\n\n\nregards,\n-- \nLeo <sdl.web AT gmail.com>                         (GPG Key: 9283AA3F)\n")) t)
  mml2015-encrypt((part (sign . "pgpmime") (encrypt . "pgpmime") (tag-location . 1286) (contents . "\nHi Steve,\n\n* [2006.12.11 01:35 +1000] Steve Youngs wrote:\n                           ^^^^^^^^^^^^\n> * Sebastian Freundt <hroptatyr@sxemacs.org> writes:\n>\n>   > Hm, now that I've seen all the goals, it would have been wise to\n>   > put 22.1.7 in steve@sxemacs.org--2008, would it not? :)\n>\n> Well, the thought did cross my mind, but then I realised that I'd miss\n> all those annual events that involve beer consumption.  You know,\n> birthdays, anniversaries, Octoberfest, any day ending in a `y'. :-)\n\n\nregards,\n-- \nLeo <sdl.web AT gmail.com>                         (GPG Key: 9283AA3F)\n")) t)
  mml-pgpmime-encrypt-buffer((part (sign . "pgpmime") (encrypt . "pgpmime") (tag-location . 1286) (contents . "\nHi Steve,\n\n* [2006.12.11 01:35 +1000] Steve Youngs wrote:\n                           ^^^^^^^^^^^^\n> * Sebastian Freundt <hroptatyr@sxemacs.org> writes:\n>\n>   > Hm, now that I've seen all the goals, it would have been wise to\n>   > put 22.1.7 in steve@sxemacs.org--2008, would it not? :)\n>\n> Well, the thought did cross my mind, but then I realised that I'd miss\n> all those annual events that involve beer consumption.  You know,\n> birthdays, anniversaries, Octoberfest, any day ending in a `y'. :-)\n\n\nregards,\n-- \nLeo <sdl.web AT gmail.com>                         (GPG Key: 9283AA3F)\n")) t)
  mml-generate-mime-1((part (sign . "pgpmime") (encrypt . "pgpmime") (tag-location . 1286) (contents . "\nHi Steve,\n\n* [2006.12.11 01:35 +1000] Steve Youngs wrote:\n                           ^^^^^^^^^^^^\n> * Sebastian Freundt <hroptatyr@sxemacs.org> writes:\n>\n>   > Hm, now that I've seen all the goals, it would have been wise to\n>   > put 22.1.7 in steve@sxemacs.org--2008, would it not? :)\n>\n> Well, the thought did cross my mind, but then I realised that I'd miss\n> all those annual events that involve beer consumption.  You know,\n> birthdays, anniversaries, Octoberfest, any day ending in a `y'. :-)\n\n\nregards,\n-- \nLeo <sdl.web AT gmail.com>                         (GPG Key: 9283AA3F)\n")))
  mml-generate-mime()
  message-encode-message-body()
  mml-to-mime()
  mml-preview(nil)
  call-interactively(mml-preview)

[-- Attachment #3: Type: text/plain, Size: 76 bytes --]


-- 
Leo <sdl.web AT gmail.com>                         (GPG Key: 9283AA3F)

[-- Attachment #4: Type: text/plain, Size: 161 bytes --]

_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
http://lists.gnu.org/mailman/listinfo/info-gnus-english

Re: A few questions on signing/encrypting emails

[Daiki Ueno]

Sorry for late response.  I missed this article.

>>>>> In <m2y7pdyt9l.fsf@sl392.st-edmunds.cam.ac.uk> 
>>>>>	Leo <sdl.web@gmail.com> wrote:
> I have few questions:

>         o When signing an email, my private key will be used, right?
>           And I could encrypt an email with just the recipient's pub
>           key. But when I send an encrypted email, I will also be
>           prompted to input passphrase. Does this mean signing is
>           automatically done?

Yes.

(message)Signing and encryption

   By default, when encrypting a message, Gnus will use the
"signencrypt" mode, which means the message is both signed and
encrypted.

>         o What is the simplest way to handle multiple personal keys? I
>           created two keys. One for work and one for anything
>           else. But when I signed an email, only the one indicated by
>           pgg-default-user-id is used.

That's one of the major limitations of PGG.  Even you could set
multiple personal keys by a new variable, you will see that you cannot
supply your passphrase multiple times without gpg-agent.

However, No Gnus (the development version of Gnus) supports that case.
You can set mml2015-signers.

>         o When I try to encrypt an email to a recipient whose pub key
>           is not in my pub-key-ring, I will get an error
>           (wrong-type-argument epg-key-p nil) (full backtrace
>           attached). How to set up gnus to import the pubkey from
>           key-server?

Try adding the following lines to ~/.gnupg/options

auto-key-locate keyserver
keyserver <keyserver>

Anyway, the error message is confusing.  I've changed it more
intuitive.  http://cvs.m17n.org/viewcvs/root/epg/pgg-epg.el?r1=1.28&r2=1.29

Regards,
-- 
Daiki Ueno

Re: A few questions on signing/encrypting emails

[Leo]

* Daiki Ueno (2007-01-05 15:01 +0900) said:
  ^^^^^^^^^^
> Sorry for late response.  I missed this article.

[lots of useful stuff]

No problem and thanks for the help ;)

-- 
Leo <sdl.web AT gmail.com>                         (GPG Key: 9283AA3F)

Re: A few questions on signing/encrypting emails

[Leo]

Hi Daiki,

I have upgraded to NoGnus to use easypg and other new features. But it
seems the document on using Gnus with EasyPG is scarce. I'd appreciate
if you can give me some help.

* Daiki Ueno (2007-01-05 15:01 +0900) said:
  ^^^^^^^^^^
>>         o What is the simplest way to handle multiple personal keys? I
>>           created two keys. One for work and one for anything
>>           else. But when I signed an email, only the one indicated by
>>           pgg-default-user-id is used.
>
> That's one of the major limitations of PGG.  Even you could set
> multiple personal keys by a new variable, you will see that you
> cannot supply your passphrase multiple times without gpg-agent.
>
> However, No Gnus (the development version of Gnus) supports that
> case.  You can set mml2015-signers.

When I set mml2015-signers, I was prompted for passphrase for each id
in the list. It looks like the email is being signed by all keys. Is
this supposed to happen? Can I choose which key to use?

regards,
-- 
Leo <sdl.web AT gmail.com>                         (GPG Key: 9283AA3F)

Re: A few questions on signing/encrypting emails

[Daiki Ueno]

>>>>> In <m2lkkapz0s.fsf@sl392.st-edmunds.cam.ac.uk> 
>>>>>	Leo <sdl.web@gmail.com> wrote:
> When I set mml2015-signers, I was prompted for passphrase for each id
> in the list. It looks like the email is being signed by all keys. Is
> this supposed to happen? Can I choose which key to use?

Yes, that's intended.  However, if mml2015-verbose is set, Gnus will
prompt you to choose secret keys from the menu.

Regards,
-- 
Daiki Ueno

Re: A few questions on signing/encrypting emails

[Leo]

Hi Daiki,

* Daiki Ueno (2007-01-11 10:01 +0900) said:
>>>>>>	Leo <sdl.web@gmail.com> wrote:
>> When I set mml2015-signers, I was prompted for passphrase for each id
>> in the list. It looks like the email is being signed by all keys. Is
>> this supposed to happen? Can I choose which key to use?
>
> Yes, that's intended.  However, if mml2015-verbose is set, Gnus will
> prompt you to choose secret keys from the menu.
>
> Regards,

Thank you. As I set mml2015-verbose to true, all keys will be selected
(marked) by default. How can I make only keys that matches the 'From'
header be selected by default?

When I was using pgg, I used to use a hook to message-send-hook to
change the pgg-default-user-id according to the 'From' header.

If the value of mml2015-use is epg, which function will be called to
sign an email? I suspect mml2015-epg-sign but when I edebug it, it
didn't go into the function much i.e I was asked for the passphrase at
the beginning of the function and then the point jump to the end of
that function immediately. Any ideas?

Again, thank you for your help.

regards,
-- 
Leo <sdl.web AT gmail.com>                         (GPG Key: 9283AA3F)

Re: A few questions on signing/encrypting emails

[Daiki Ueno]

>>>>> In <m2ac0qpa1s.fsf@sl392.st-edmunds.cam.ac.uk> 
>>>>>	Leo <sdl.web@gmail.com> wrote:
> >> When I set mml2015-signers, I was prompted for passphrase for each id
> >> in the list. It looks like the email is being signed by all keys. Is
> >> this supposed to happen? Can I choose which key to use?

> Thank you. As I set mml2015-verbose to true, all keys will be selected
> (marked) by default. How can I make only keys that matches the 'From'
> header be selected by default?

Can you show me the actual settings of mml2015-signers?  My guess is
that, you have multiple keys with the same user-id which is in
mml2015-signers?  In that case, you need to set key-id's instead of the
user-id.

(setq user-id-to-key-id-alist
      '(("sdl.web@gmail.com" "9283AA3F")))

(add-hook 'message-send-hook
	  (lambda ()
	    (let ((entry (assoc (cadr (mail-extract-address-components
				       (message-field-value "from")))
				user-id-to-key-id-alist)))
	      (if entry
		  (setq mml2015-signers (cdr entry))))))
-- 
Daiki Ueno

Re: A few questions on signing/encrypting emails

[Leo]

* Daiki Ueno (2007-01-11 12:53 +0900) said:
>>>>>>	Leo <sdl.web@gmail.com> wrote:
>> >> When I set mml2015-signers, I was prompted for passphrase for each id
>> >> in the list. It looks like the email is being signed by all keys. Is
>> >> this supposed to happen? Can I choose which key to use?
>
>> Thank you. As I set mml2015-verbose to true, all keys will be selected
>> (marked) by default. How can I make only keys that matches the 'From'
>> header be selected by default?
>
> Can you show me the actual settings of mml2015-signers?  My guess is
> that, you have multiple keys with the same user-id which is in
> mml2015-signers?  In that case, you need to set key-id's instead of
> the user-id.

I have two keys with two different uids. I set mml2015-signers to
("sdl.web@gmail.com" "sdl.work@gmail.com").

>
> (setq user-id-to-key-id-alist
>       '(("sdl.web@gmail.com" "9283AA3F")))
>
> (add-hook 'message-send-hook
> 	  (lambda ()
> 	    (let ((entry (assoc (cadr (mail-extract-address-components
> 				       (message-field-value "from")))
> 				user-id-to-key-id-alist)))
> 	      (if entry
> 		  (setq mml2015-signers (cdr entry))))))

Nice. 

-- 
Leo <sdl.web AT gmail.com>                         (GPG Key: 9283AA3F)