Re: Forbes article: The Encryption Debate Is Over - Dead At The Hands Of Facebook
Can you please move this discussion elsewhere. The purpose of this list is: https://lists.gnupg.org/mailman/listinfo/gnupg-users About Gnupg-users GnuPG user help mailing list. The topic of this is list is help and discussion among users of GnuPG. This includes questions on how to script GnuPG, how to create or sign keys and general discussion on encryption and digital signatures as long as it somehow pertains to GnuPG. ^^^ Thanks. matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub May, 9: Спаси́бо освободители! Thank you very much, Russian liberators! signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Forbes article: The Encryption Debate Is Over - Dead At The Hands Of Facebook
In my personal opinion, Facebook has earned their reputation. Their stance towards privacy has always publicly been "Uhh, what? Privacy? Uh, yeah... we love privacy!" while they fill their platform with dark patterns and extract every last bit of usable data you give them into something they can monetize. They were selling the 2FA phone numbers people would supply for increased login security to advertisers for Pete's sake. Sometimes that giant space station that looks like a moon with that thing that looks suspiciously like a janky planet-busting laser slapped to the side of it really is something to worry about. I do agree you can say this about any platform, but I don't agree that they're all equally suspicious. Apple *could* be secretly building a data empire out of their users, but they way they've structured their business plans, the way they market, the way they continually design their devices with security and privacy not just in mind but as a top priority... it's doubtful that they're secretly the bad guys. Possible, sure, but if you're going to pick a closed source hardware/software platform, you could do waaay worse. -Ryan McGinnis https://bigstormpicture.com https://keybase.io/digicana Sent via ProtonMail ‐‐‐ Original Message ‐‐‐ On Wednesday, July 31, 2019 11:40 AM, Maksim Fomin via Gnupg-users wrote: > ‐‐‐ Original Message ‐‐‐ > On Wednesday, 31 July 2019 г., 17:36, Ryan McGinnis via Gnupg-users > wrote: > > > Kicking the can down to the endpoints -- but really, haven't you always had > > to trust your app / OS? Unless you coded or audited it yourself from top to > > bottom and built your own hardware (hah), there is always a level of trust > > required in the code/device. Trusting Facebook seems... unwise. But not > > everyone is churning out industrial grade evil like Facebook. > > > > https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/#55ac36aa5362 > > > > -Ryan McGinnis > > https://bigstormpicture.com > > PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD > > https://keybase.io/digicana > > Sent via ProtonMail > > Facebook receives disproportionally high criticism in recent years not > because of technical reasons but because of politics. The wave of attacks on > Facebook began after 2016 US election. Initially it was like "fake news in > facebook helped one candidate to win" and the idea was to allow journalists > of big media companies to mark information in facebook as "fake" and probably > delete. Later the attack has spread in all directions. Nowadays everyone > tries to punch Facebook in order to look smart. > > Regarding techincal reasons. The author argues that if devices are > compromised, then encrypted communication between them is too. But this is > not a surprise, it has always been. July 2019 in this aspect is not different > from January 2019, or 2017, or 2007. In addition, not only Facebook, but > other big tech firms (Microsoft, Apple, Twitter and so on) can download > unencrypted data from user device for analysis before encryption. As an > exercise, one can replace "Facebook" in that article with "Apple", the bias > will be more evident. publickey - ryan@digicana.com - 0x5C738727.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Forbes article: The Encryption Debate Is Over - Dead At The Hands Of Facebook
‐‐‐ Original Message ‐‐‐ On Wednesday, 31 July 2019 г., 17:36, Ryan McGinnis via Gnupg-users wrote: > Kicking the can down to the endpoints -- but really, haven't you always had > to trust your app / OS? Unless you coded or audited it yourself from top to > bottom and built your own hardware (hah), there is always a level of trust > required in the code/device. Trusting Facebook seems... unwise. But not > everyone is churning out industrial grade evil like Facebook. > > https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/#55ac36aa5362 > > -Ryan McGinnis > https://bigstormpicture.com > PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD > https://keybase.io/digicana > Sent via ProtonMail Facebook receives disproportionally high criticism in recent years not because of technical reasons but because of politics. The wave of attacks on Facebook began after 2016 US election. Initially it was like "fake news in facebook helped one candidate to win" and the idea was to allow journalists of big media companies to mark information in facebook as "fake" and probably delete. Later the attack has spread in all directions. Nowadays everyone tries to punch Facebook in order to look smart. Regarding techincal reasons. The author argues that if devices are compromised, then encrypted communication between them is too. But this is not a surprise, it has always been. July 2019 in this aspect is not different from January 2019, or 2017, or 2007. In addition, not only Facebook, but other big tech firms (Microsoft, Apple, Twitter and so on) can download unencrypted data from user device for analysis before encryption. As an exercise, one can replace "Facebook" in that article with "Apple", the bias will be more evident.___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
On 31.07.2019 14:26, David wrote: > Consider the fact that for 30 times Enigmail refused to accept the > passphrase for da...@gbenet.com > > I decided to send an encrypted email to Erich. When selecting his > private key there was no automatic tick in postmaster. But a tick in > Erich's public key > > On sending I thought I was going to be asked for david's passphrase yet > again - but no - the email passed very quickly. > > This begs the following questions: > > (1) Why is postmaster always selcected as the default public key? > (2) Why is it on failing 30 times to accept david's passphrase why does > enigmail mysteriously remember it when it rejected 30 times? > > Answers on a postcard please I start to believe that your expectation of what should happen differs from what actually happens. The way things work in Enigmail are as follows: you select a *sender account* in the Thunderbird message composition window. Based on that sender account configuration (and nothing else), Enigmail decides which key to use for *signing* your message. Remember, the passphrase is needed for signing, not for encryption - it does not matter if Postmaster or Erich are in the recipients list. If you get a dialog to choose the key(s) _after_ you hit the send button, then those are the keys to which the message is *encrypted* to. But again, you don't need a passphrase for any of these keys. Thus, if you tell me that you expected to have to tick Postmaster in the dialog, then that won't let you choose the key for signing. HTH -Patrick ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Forbes article: The Encryption Debate Is Over - Dead At The Hands Of Facebook
On 31/07/2019 15:36, Ryan McGinnis via Gnupg-users wrote: > haven't you always had to trust your app / OS? Unless you coded or > audited it yourself from top to bottom and built your own hardware > (hah), there is always a level of trust required in the code/device Facebook are being expected to act as both poacher and gamekeeper simultaneously. Cory Doctorow has an interesting viewpoint - we can either regulate the internet giants and expect them to act as an arm of the state, or we can break them up and expect them to act on behalf of the customer. But we can't reasonably expect both. There's a balance to be had between the needs of personal privacy and public security, and the best way to ensure it's done honestly is for different agents to take different sides and have it out in public. It's conflicts of interest and the inevitable closed-door decision making where the problems really start. -- Andrew Gallagher signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --lsign --add-me or the invisible WoT
Andrew Gallagher wrote: > On 31/07/2019 14:58, Stefan Claas via Gnupg-users wrote: > > an exportable 'blob' for the lsign > > command, which can be then exchanged and would not be compatible with > > key servers, in case someone would try to upload such a blob > > The keyservers (SKS at least) blacklist lsign packets already, so you're > not gaining anything here. > Correct. To make it a bit more clear ... I lsign Bob's key so third parties do not know (normally) that I did this. But how could my friend Alice trust Bob's key she has without my non-exportable lsign sig? What I tried to propose is an additional parameter, like --add-me which would write a 'blob' to a second file.db where I can export then Bob's blob (non-compatible to SKS etc.) with my --lsign sig, and give it to my friend Alice. Later If Alice knows Bob better or personally knows him she can --lsign --add-me Bob's key ('blob') too and give it to her friend Mary. Mary would have then a 'blob" from Bob containing my and Alice's lsigs, which are non-compatible to key servers, but would be IMHO equal to classic WoT sigs. So to speak it is meaned for little WoTs (for those who needs them) where participants don't have to fear that their sigs are published in the future on whatever key servers we have, to not reveal their social graphs. Regards Stefan -- box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Forbes article: The Encryption Debate Is Over - Dead At The Hands Of Facebook
Kicking the can down to the endpoints -- but really, haven't you always had to trust your app / OS? Unless you coded or audited it yourself from top to bottom and built your own hardware (hah), there is always a level of trust required in the code/device. Trusting Facebook seems... unwise. But not everyone is churning out industrial grade evil like Facebook. https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/#55ac36aa5362 -Ryan McGinnis https://bigstormpicture.com PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD https://keybase.io/digicana Sent via ProtonMail publickey - ryan@digicana.com - 0x5C738727.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --lsign --add-me or the invisible WoT
On 31/07/2019 14:58, Stefan Claas via Gnupg-users wrote: > an exportable 'blob' for the lsign > command, which can be then exchanged and would not be compatible with > key servers, in case someone would try to upload such a blob The keyservers (SKS at least) blacklist lsign packets already, so you're not gaining anything here. -- Andrew Gallagher signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --lsign --add-me or the invisible WoT
Werner Koch wrote: > On Sat, 20 Jul 2019 11:57, gnupg-users@gnupg.org said: > > > additional paramemter like --add-me for --lsign would make sense, for > >--quick-sign-key fpr [names] >--quick-lsign-key fpr [names] > > Directly sign a key from the passphrase without any > further user interaction. The fpr must be the verified > primary fingerprint of a key in the local keyring. If no > names are given, all useful user ids are signed; with > given [names] only useful user ids matching one of theses > names are signed. By default, or if a name is prefixed > with a '*', a case insensitive substring match is used. > If a name is prefixed with a '=' a case sensitive exact > match is done. > > The command --quick-lsign-key marks the signatures as > non-exportable. If such a non-exportable signature > already exists the --quick- sign-key turns it into a > exportable signature. > > This command uses reasonable defaults and thus does not > provide the full flexibility of the "sign" subcommand from > --edit-key. Its intended use is to help unattended key > signing by utilizing a list of verified fingerprints. Thank you, but what I mean is having an exportable 'blob' for the lsign command, which can be then exchanged and would not be compatible with key servers, in case someone would try to upload such a blob. This is what I mean with invisible WoT, so that users do not need to --sign a key, use lsign instead but still having WoT sigs, without revealing their WoT to other third parties. Hope this makes sense. Regards Stefan -- box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
* da...@gbenet.com: > People say "Oh your settings are wrong" But the FAIL to give the RIGHT > SETTINGS!! And then go waffling on People don't fail you. Your entitlement issues do. Falsely stating software X cannot do Y when you are not using it right, expecting answers on a silver platter, and offering insults to people is simply not the way to behave on a public mailing list when you want free support (from people who don't owe you any assistance whatsoever) and answers beyond "PEBKAC, so you figure it out". > I want specific instructions - not moaning and groaning my settings > are wrong and I don't know what I'm doing Oh, you /want/ that, do you? As Clark Gable once said: "Frankly, my dear, I don't give a damn". :-) -Ralph ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
On 31/07/2019 13:36, David wrote: > Enigmail always defaults to the first set of keys one created Enigmail will default to the first set of keys in your keyring that matches the selection criteria. Do you have more than one ID on each key? Do you have more than one key for each ID? This could be causing some confusion. -- Andrew Gallagher signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
Patrick Brunschwig: > On 31.07.2019 13:46, David wrote: >> Hello Erich, >> >> I did what you said - associated each email address with it's own key. >> I then shut down Thunderbird re-started and carried out the following test: >> >> Test One: >> >> I sent an encrypted and signed email to site-admin from postmaster. I >> received the email - it took 6 attempts to decrypt it. >> >> I then decided to reply - so I sent an encrypted and signed email to >> postmaster - I was unable to sign as site-admin - after 9 attempts of >> entering the passphrase - each time rejected by Enigmail. I was unable >> to send a signed and encrypted email to postmaster. > > I'm sorry, but there's a misunderstanding. Enigmail does /not/ query > your passphrase. Enigmail calls GnuPG, and GnuPG asks for your > passphrase if needed. If the passphrase is rejected that's not related > to Enigmail. > > -Patrick > So we go and ask Werner :) hahahaha!!! David - -- People Should Not Be Afraid Of Their Government - Their Government Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og" https://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
Patrick Brunschwig: > On 31.07.2019 08:56, David wrote: >> Patrick Brunschwig: >>> On 31.07.2019 00:36, David wrote: Andrew Gallagher: > >> On 30 Jul 2019, at 18:47, David wrote: >> >> Hello Stefan, >> >> I have three email accounts with their own keys - Enigmail does not >> support this - you have to have one key and that's it. > > That is simply not true. I used enigmail with multiple keys for years > without any issues. If you’re having issues configuring it, perhaps ask > on the enigmail list. > > A > I have done so - but have got no advice on the correct settings in Thunderbird or Enigmail. >>> >>> That's not true. I have asked you for more details on the Enigmail >>> mailing list. But instead of responding, you came here to ask the same >>> questions. >>> >>> As Enigmail uses GnuPG for any crypto-operations, I don't think that the >>> problem is in Enigmail, but in your setup. Feel free to answer my >>> questions on the Enigmail mailing list, and I'll continue to try to find >>> out what goes wrong. >>> >>> -Patrick >>> >> >> Hello Patrick, >> >> I did not approach this list for answers - I just asked if anyone knew >> of an alternative. I then got drawn in to what was the problem. >> >> People say "Oh your settings are wrong" But the FAIL to give the RIGHT >> SETTINGS!! And then go waffling on >> >> I have turned back the clock some 20 years - so have no settings to >> support further keys. >> >> Having said that - I would appreciate exactly what settings will work to >> enable me to sign with other emails and the public key associated with >> it and to be able to encrypt and sign with differing emails and keys. >> >> I want specific instructions - not moaning and groaning my settings are >> wrong and I don't know what I'm doing - that approach does not lead to a >> solution. > > Here are the instructions: > > 1. Open the Thunderbird Account Settings (menu Tools > Account Settings) > 2. switch to the tab "OpenPGP Security" > 3. make sure that "Enable OpenPGP support" is checked > 4. click on the button "Select key" > 5. select the key that matches the email address of the account > > Repeat Steps 2-5 for each and every of your accounts/email addresses. > > If you follow(ed) these instructions, then everything else /should/ go > automatically and you /should/ not have any issues. If you do have > issues, then there are no simple instructions - we have to dig to find > out what's wrong. > > The questions I asked on the Enigmail mailing list are the 1st step into > trying to find out why things don't work as expected, as I assumed that > -- as a long-term user -- you already did configure Enigmail correctly. > > -Patrick > Patrick, When I first created my keys that is exactly what I did. It all failed. Enigmail always defaults to the first set of keys one created - for example site-addmin wants to an encrypted and signed mail to skipper - when you go to select the public key of skipper - postmaster is always selected. Also - why is it that enigmail and reuse a passphrase 30- times - then suddenly remember to use it?? Enigmaill does not always read it's own settings. Even when you flush the cache and reboot your laptop or desktop. It always defaults to the first key you created for signing and encryption when using local keys ie da...@gbenet.com site-add...@gbenet.com skip...@gbenet.com be Happy - but there's something amiss somewhere in the code - what that something is I have no idea. David -- People Should Not Be Afraid Of Their Government - Their Government Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og" https://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
On 31.07.2019 13:46, David wrote: > Hello Erich, > > I did what you said - associated each email address with it's own key. > I then shut down Thunderbird re-started and carried out the following test: > > Test One: > > I sent an encrypted and signed email to site-admin from postmaster. I > received the email - it took 6 attempts to decrypt it. > > I then decided to reply - so I sent an encrypted and signed email to > postmaster - I was unable to sign as site-admin - after 9 attempts of > entering the passphrase - each time rejected by Enigmail. I was unable > to send a signed and encrypted email to postmaster. I'm sorry, but there's a misunderstanding. Enigmail does /not/ query your passphrase. Enigmail calls GnuPG, and GnuPG asks for your passphrase if needed. If the passphrase is rejected that's not related to Enigmail. -Patrick ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
David: > Erich Eckner via Gnupg-users: >> Hi David, >> >> here is, how I had thunderbird + enigmail running for several years with >> two keys and without problems (I have switched away from thunderbird >> since one year ago, because it got too heavy and slow for my taste): >> >> For each sending address, I have an identity >> "Edit" -> "Account Settings" -> "Manage Identities ..." >> and for each I set up the correct pgp key to use >> "Edit ..." (in the Identities-window) -> "OpenPGP Security" -> "Use >> email address of this identity to identify OpenPGP key" (where the >> address matches) and "Use specific OpenPGP key ID" (where the address >> does not match). >> >> Sry, If this does not help and you mentioned it already, but the >> previous mails contained too much emotion to completely be read by me. >> >> Anyways, since you originally asked for an alternative: I am currently >> using alpine + topal - which get's the multiple-keys part well, too, but >> has deficits regarding MIME/multipart encryption. >> >> regards, >> Erich Eckner >> Friedrich-Schiller-Universität Jena >> Institut für Optik und Quantenelektronik >> Helmholtzweg 4 >> 07743 Jena >> >> Tel. +49 3641 9-47238 >> >> >> On Wed, 31 Jul 2019, David wrote: >> >>> Robert J. Hansen: > That's why I am considering other solutions. I have been with > Thunderbird and Enigmail for over 20 years with one key pair - This is simply not possible, as Enigmail didn't exist until 2001. (It took until about 2003 before it became really usable.) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >>> Ok two years out - thank you for the correction >> >>> David >> >> >>> -- >>> People Should Not Be Afraid Of Their Government - Their Government >>> Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION >>> Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og" >>> https://gbenet.com >> >> >> >> ___ >> Gnupg-users mailing list >> Gnupg-users@gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> > > Hello Erich, > > I did what you said - associated each email address with it's own key. > I then shut down Thunderbird re-started and carried out the following test: > > Test One: > > I sent an encrypted and signed email to site-admin from postmaster. I > received the email - it took 6 attempts to decrypt it. > > I then decided to reply - so I sent an encrypted and signed email to > postmaster - I was unable to sign as site-admin - after 9 attempts of > entering the passphrase - each time rejected by Enigmail. I was unable > to send a signed and encrypted email to postmaster. > > Test Two: > > I sent an encrypted and signed email to david - when selecting the right > public key there was always a tick in postmaster which I removed and > selected the right key to encrypt too. BUT Enigmail REFUSED to accept my > passphrase after 9 attempts. > > Test Three: > > I decided to send a signed and encrypted email to postmaster from David. > With the following results: For some strange reason Enigmail encrypted > to postmaster and signed: > > Decrypted message Good signature from David Key ID: > 0x3299975EAD1E968848D19945459E3AE3EA13E1A3 / Signed on: 31/07/19, 12:18 > Key fingerprint: 3299 975E AD1E 9688 48D1 9945 459E 3AE3 EA13 E1A3 Used > Algorithms: RSA and SHA256 Note: The message is encrypted for the > following User ID's / Keys: 0xD21B4405FDDA1EF2 (postmaster (There's > always light at the end of the tunnel) ), > 0xCF833B99EBD6222A (David > I just copied and pasted the passphrase into the check box - I did the > same with da...@gbenet.com and entered it in by hand 6 times. > > Test Four: > > I decided to send a signed and encrypted email from skipper to David > with the following results: The message was signed Enigmail accepted the > passphrase. The message was decrypted - even though Enigmail asked me > for david's passphrase. When I clicked on show info about the signer no > results came back. I do not know if da...@gbenet.com or > postms...@gbenet.com actually decrypted the email :) Hahhhaha!!! > > When selecting a public key to encrypt too - postmas...@gbenet.com's key > is always selected. One hundred per cent of the time. > > Test Five > > I am going to attempt to sign and encrypt a "test" email to you: > I selected your key - no passphrase was asked for - the email was sent. > Who signed it - I have no idea. > > Enigmail fails to read it's own settings - and fails to accept valid > passphrases associated with valid keys. > > Enigmail always defaults to one PRIMARY KEY which is postmas...@gbent.com > > Coffee > > Regards > > David > > > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > An
Re: Enigmail
On 31.07.2019 08:56, David wrote: > Patrick Brunschwig: >> On 31.07.2019 00:36, David wrote: >>> Andrew Gallagher: > On 30 Jul 2019, at 18:47, David wrote: > > Hello Stefan, > > I have three email accounts with their own keys - Enigmail does not > support this - you have to have one key and that's it. That is simply not true. I used enigmail with multiple keys for years without any issues. If you’re having issues configuring it, perhaps ask on the enigmail list. A >>> >>> I have done so - but have got no advice on the correct settings in >>> Thunderbird or Enigmail. >> >> That's not true. I have asked you for more details on the Enigmail >> mailing list. But instead of responding, you came here to ask the same >> questions. >> >> As Enigmail uses GnuPG for any crypto-operations, I don't think that the >> problem is in Enigmail, but in your setup. Feel free to answer my >> questions on the Enigmail mailing list, and I'll continue to try to find >> out what goes wrong. >> >> -Patrick >> > > Hello Patrick, > > I did not approach this list for answers - I just asked if anyone knew > of an alternative. I then got drawn in to what was the problem. > > People say "Oh your settings are wrong" But the FAIL to give the RIGHT > SETTINGS!! And then go waffling on > > I have turned back the clock some 20 years - so have no settings to > support further keys. > > Having said that - I would appreciate exactly what settings will work to > enable me to sign with other emails and the public key associated with > it and to be able to encrypt and sign with differing emails and keys. > > I want specific instructions - not moaning and groaning my settings are > wrong and I don't know what I'm doing - that approach does not lead to a > solution. Here are the instructions: 1. Open the Thunderbird Account Settings (menu Tools > Account Settings) 2. switch to the tab "OpenPGP Security" 3. make sure that "Enable OpenPGP support" is checked 4. click on the button "Select key" 5. select the key that matches the email address of the account Repeat Steps 2-5 for each and every of your accounts/email addresses. If you follow(ed) these instructions, then everything else /should/ go automatically and you /should/ not have any issues. If you do have issues, then there are no simple instructions - we have to dig to find out what's wrong. The questions I asked on the Enigmail mailing list are the 1st step into trying to find out why things don't work as expected, as I assumed that -- as a long-term user -- you already did configure Enigmail correctly. -Patrick ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --lsign --add-me or the invisible WoT
On Sat, 20 Jul 2019 11:57, gnupg-users@gnupg.org said: > additional paramemter like --add-me for --lsign would make sense, for --quick-sign-key fpr [names] --quick-lsign-key fpr [names] Directly sign a key from the passphrase without any further user interaction. The fpr must be the verified primary fingerprint of a key in the local keyring. If no names are given, all useful user ids are signed; with given [names] only useful user ids matching one of theses names are signed. By default, or if a name is prefixed with a '*', a case insensitive substring match is used. If a name is prefixed with a '=' a case sensitive exact match is done. The command --quick-lsign-key marks the signatures as non-exportable. If such a non-exportable signature already exists the --quick- sign-key turns it into a exportable signature. This command uses reasonable defaults and thus does not provide the full flexibility of the "sign" subcommand from --edit-key. Its intended use is to help unattended key signing by utilizing a list of verified fingerprints. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
Erich Eckner via Gnupg-users: > Hi David, > > here is, how I had thunderbird + enigmail running for several years with > two keys and without problems (I have switched away from thunderbird > since one year ago, because it got too heavy and slow for my taste): > > For each sending address, I have an identity > "Edit" -> "Account Settings" -> "Manage Identities ..." > and for each I set up the correct pgp key to use > "Edit ..." (in the Identities-window) -> "OpenPGP Security" -> "Use > email address of this identity to identify OpenPGP key" (where the > address matches) and "Use specific OpenPGP key ID" (where the address > does not match). > > Sry, If this does not help and you mentioned it already, but the > previous mails contained too much emotion to completely be read by me. > > Anyways, since you originally asked for an alternative: I am currently > using alpine + topal - which get's the multiple-keys part well, too, but > has deficits regarding MIME/multipart encryption. > > regards, > Erich Eckner > Friedrich-Schiller-Universität Jena > Institut für Optik und Quantenelektronik > Helmholtzweg 4 > 07743 Jena > > Tel. +49 3641 9-47238 > > > On Wed, 31 Jul 2019, David wrote: > >> Robert J. Hansen: That's why I am considering other solutions. I have been with Thunderbird and Enigmail for over 20 years with one key pair - >>> >>> This is simply not possible, as Enigmail didn't exist until 2001. (It >>> took until about 2003 before it became really usable.) >>> >>> >>> ___ >>> Gnupg-users mailing list >>> Gnupg-users@gnupg.org >>> http://lists.gnupg.org/mailman/listinfo/gnupg-users >>> > >> Ok two years out - thank you for the correction > >> David > > >> -- >> People Should Not Be Afraid Of Their Government - Their Government >> Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION >> Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og" >> https://gbenet.com > > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Hello Erich, I did what you said - associated each email address with it's own key. I then shut down Thunderbird re-started and carried out the following test: Test One: I sent an encrypted and signed email to site-admin from postmaster. I received the email - it took 6 attempts to decrypt it. I then decided to reply - so I sent an encrypted and signed email to postmaster - I was unable to sign as site-admin - after 9 attempts of entering the passphrase - each time rejected by Enigmail. I was unable to send a signed and encrypted email to postmaster. Test Two: I sent an encrypted and signed email to david - when selecting the right public key there was always a tick in postmaster which I removed and selected the right key to encrypt too. BUT Enigmail REFUSED to accept my passphrase after 9 attempts. Test Three: I decided to send a signed and encrypted email to postmaster from David. With the following results: For some strange reason Enigmail encrypted to postmaster and signed: Decrypted message Good signature from David Key ID: 0x3299975EAD1E968848D19945459E3AE3EA13E1A3 / Signed on: 31/07/19, 12:18 Key fingerprint: 3299 975E AD1E 9688 48D1 9945 459E 3AE3 EA13 E1A3 Used Algorithms: RSA and SHA256 Note: The message is encrypted for the following User ID's / Keys: 0xD21B4405FDDA1EF2 (postmaster (There's always light at the end of the tunnel) ), 0xCF833B99EBD6222A (David https://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi David, here is, how I had thunderbird + enigmail running for several years with two keys and without problems (I have switched away from thunderbird since one year ago, because it got too heavy and slow for my taste): For each sending address, I have an identity "Edit" -> "Account Settings" -> "Manage Identities ..." and for each I set up the correct pgp key to use "Edit ..." (in the Identities-window) -> "OpenPGP Security" -> "Use email address of this identity to identify OpenPGP key" (where the address matches) and "Use specific OpenPGP key ID" (where the address does not match). Sry, If this does not help and you mentioned it already, but the previous mails contained too much emotion to completely be read by me. Anyways, since you originally asked for an alternative: I am currently using alpine + topal - which get's the multiple-keys part well, too, but has deficits regarding MIME/multipart encryption. regards, Erich Eckner Friedrich-Schiller-Universität Jena Institut für Optik und Quantenelektronik Helmholtzweg 4 07743 Jena Tel. +49 3641 9-47238 On Wed, 31 Jul 2019, David wrote: Robert J. Hansen: That's why I am considering other solutions. I have been with Thunderbird and Enigmail for over 20 years with one key pair - This is simply not possible, as Enigmail didn't exist until 2001. (It took until about 2003 before it became really usable.) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Ok two years out - thank you for the correction David -- People Should Not Be Afraid Of Their Government - Their Government Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og" https://gbenet.com -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl1BQvYACgkQCu7JB1Xa e1q52BAAlXkDN78Rm0OOcajjf099eEN3D/yLgkjv9kdd6GnoAaZwGvOGvRaZXd4A b2TXNebVKrTqVbEeSC6R3eHEN0F7jotEiyIrcIMKhBK7S4KfKtrVX2F5bnJoW/zw PJKwlXwZor9KskrSu39AWdPREpEFfOiCHoegI5r3Yr00XlUUxeEy0xAnUI3Y6SMB YzemIQj8P4rDfM8XHX/YUuYM/vL4yC/J/W3sCT4VRldfuZgnX2W4W3OklQi7O32J lYRXEzwiY3M5l89Aqso08+SqrpRwr7yrHCweHElVHqOh2wM0BWnCXdn/itYkvvRH 6Ys3fMSnxjw8SDb5xG3pP2RYiE2XUxuH310YwMpa05iykktaqjrvS2JBlMpTdgI8 J+AaWM1ewBbidHeJH4CJgUfwXy/kqqzrhTgCDhnfa2Gtbj6Io4AlwtubE+av2l9M 5B736PIr7pP0hBZwhggHNNsa/vb0bhckDXRk2dSUbK2eJPElcpL4gsf98/LlEg1S HYUhg/4y5puWVl9/QMCvk4Vxyp6ld7XlfcrvaRrKeIjlmh9aAVp2Cqk9hG49tMqy FVCYVBUmUNg5599IGzaqTFfROzQQh5h+u3veQnTNM+CG8VT05Fjj6HVE3p8s+O5c wl1dJ9+3hadokD2VadD44HCBEIxKFKjuXieQmNya8I6VQud3wR8= =3/C1 -END PGP SIGNATURE-___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
Robert J. Hansen: >> That's why I am considering other solutions. I have been with >> Thunderbird and Enigmail for over 20 years with one key pair - > > This is simply not possible, as Enigmail didn't exist until 2001. (It > took until about 2003 before it became really usable.) > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Ok two years out - thank you for the correction David -- People Should Not Be Afraid Of Their Government - Their Government Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og" https://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
Patrick Brunschwig: > On 31.07.2019 00:36, David wrote: >> Andrew Gallagher: >>> On 30 Jul 2019, at 18:47, David wrote: Hello Stefan, I have three email accounts with their own keys - Enigmail does not support this - you have to have one key and that's it. >>> >>> That is simply not true. I used enigmail with multiple keys for years >>> without any issues. If you’re having issues configuring it, perhaps ask on >>> the enigmail list. >>> >>> A >>> >> >> I have done so - but have got no advice on the correct settings in >> Thunderbird or Enigmail. > > That's not true. I have asked you for more details on the Enigmail > mailing list. But instead of responding, you came here to ask the same > questions. > > As Enigmail uses GnuPG for any crypto-operations, I don't think that the > problem is in Enigmail, but in your setup. Feel free to answer my > questions on the Enigmail mailing list, and I'll continue to try to find > out what goes wrong. > > -Patrick > Hello Patrick, I did not approach this list for answers - I just asked if anyone knew of an alternative. I then got drawn in to what was the problem. People say "Oh your settings are wrong" But the FAIL to give the RIGHT SETTINGS!! And then go waffling on I have turned back the clock some 20 years - so have no settings to support further keys. Having said that - I would appreciate exactly what settings will work to enable me to sign with other emails and the public key associated with it and to be able to encrypt and sign with differing emails and keys. I want specific instructions - not moaning and groaning my settings are wrong and I don't know what I'm doing - that approach does not lead to a solution. Regards, David -- People Should Not Be Afraid Of Their Government - Their Government Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og" https://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail
On 31.07.2019 00:36, David wrote: > Andrew Gallagher: >> >>> On 30 Jul 2019, at 18:47, David wrote: >>> >>> Hello Stefan, >>> >>> I have three email accounts with their own keys - Enigmail does not >>> support this - you have to have one key and that's it. >> >> That is simply not true. I used enigmail with multiple keys for years >> without any issues. If you’re having issues configuring it, perhaps ask on >> the enigmail list. >> >> A >> > > I have done so - but have got no advice on the correct settings in > Thunderbird or Enigmail. That's not true. I have asked you for more details on the Enigmail mailing list. But instead of responding, you came here to ask the same questions. As Enigmail uses GnuPG for any crypto-operations, I don't think that the problem is in Enigmail, but in your setup. Feel free to answer my questions on the Enigmail mailing list, and I'll continue to try to find out what goes wrong. -Patrick ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users