Re: Thunderbird / Enigmail / Autocrypt

2020-11-23 Thread Werner Koch via Gnupg-users 
On Mon, 23 Nov 2020 18:03, gnupgpacker said:

> After further investigation about html mailing with Claws Mail: 
> 'Dillo HTML viewer' project has been updated Jun-2015, not available for
> Windows.

Mature software does not always need updates.  Nevertheless the plugin
code was recently updated to get rid of conditionals to build with gtk2.
Right, it is not availabale for Windows but ...

> 'litehtml' is available for Windows, but latest update is Oct-2015.

The latest update is just 6 weeks old.  The plugin is part of the
standard claws installer for Windows.  Right, the Windows installer is
often behind the source release (right now by a year).  But again, this
is a project by volunteers.

FWIW, for years we distributed Claws as part of Gpg4win but at some
point decided that it is better to let the Claws devs do the installer
so that we can concentrate on things we are can do best.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Ban HTML mails? Really?(was: Re: Thunderbird / Enigmail / Autocrypt)

2020-11-23 Thread Matthias Apitz 
El día martes, noviembre 24, 2020 a las 12:16:12a. m. +, Philihp Busby via 
Gnupg-users escribió:

> As a personal policy, I do not respond to emails if they are only in HTML. It 
> provides an excellent signal on when an email is actually worth the 
> distraction. Even password-reset/verify-your-email emails will have text-only 
> components. Mailchimp marketing emails, on the other hand, often skip over 
> the plaintext version (text-only emails don't convert in their metrics, i 
> imagine the images don't load and they don't know you read it).
> 
> This battle has only been lost when you give up.
> 

There are some other two battles to win: Don't top post and, second,
break your text lines around coulmn 72 :-)

matthias
-- 
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Без книги нет знания, без знания нет коммунизма (Влaдимир Ильич Ленин)
Without books no knowledge - without knowledge no communism (Vladimir Ilyich 
Lenin)
Sin libros no hay saber - sin saber no hay comunismo. (Vladimir Ilich Lenin)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-23 Thread raf via Gnupg-users 
On Mon, Nov 23, 2020 at 01:23:39PM +0100, Werner Koch via Gnupg-users 
 wrote:

> On Mon, 23 Nov 2020 07:22, cqcallaw said:
> 
> > At my job, I frequently send out summary charts and graphs surrounded by 
> > text.
> > Attachments simply do not work; my audience cannot spend the mental energy 
> > to
> 
> Proper MUAs display inline images without problems.  I recall that even
> exmh did this ~25 years ago.  It is just that the marketing department
> can't enforce the corporate identity on text mails - or are too lazy to
> create rules which work with plain text (and maybe inline images).
> 
> And well, I like HTML mails: my main address is free of spam thanks to a
> simple procmail rule ;-)
> 
> Shalom-Salam,
> 
>Werner

Apologies in advance. I know this is all off-topic for
a gnupg mailing list, but for those who really hate
html email, and are able to function without it,
there's a potentially useful mail filter I wrote that
converts everything to text that can be converted, and
deletes everything else.

  http://raf.org/textmail
  https://github.com/raforg/textmail

It makes it look like everyone is sending you plain text. :-)

For everyone else, I recommend lots of phishing training
to mitigate the biggest risks of html email.

At least until gmail/outlook/etc. implement, by default,
the equivalent of Thunderbird's brilliant Torpedo
anti-phishing addon.

cheers,
raf


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Ban HTML mails? Really?(was: Re: Thunderbird / Enigmail / Autocrypt)

2020-11-23 Thread Philihp Busby via Gnupg-users 
As a personal policy, I do not respond to emails if they are only in HTML. It 
provides an excellent signal on when an email is actually worth the 
distraction. Even password-reset/verify-your-email emails will have text-only 
components. Mailchimp marketing emails, on the other hand, often skip over the 
plaintext version (text-only emails don't convert in their metrics, i imagine 
the images don't load and they don't know you read it).

This battle has only been lost when you give up.

On 2020-11-23T11:39:39+0100 Mansfeld Elektronik 
 wrote 2.0K bytes:

> I'm sorry, but all this stuff becomes slightly off-topic
> 
> Am 23.11.2020 07:08, schrieb Matthias Apitz:
> > El día lunes, noviembre 23, 2020 a las 03:03:54a. m. +0100, Johan
> > Wevers escribió:
> > 
> > > On 22-11-2020 12:38, Juergen Bruckner via Gnupg-users wrote:
> > > 
> > > > I don't understand why HTML in e-Mails is so important for some people.
> > > 
> > > I agree on a personal level, but if you use your email also to
> > > communicate with business users (usually using Outlook) it would be
> > > nice
> > > to get their mails in a human readable format. Which requires,
> > > unfortunately, usually html.
> > 
> > Since ages human read mails in ASCII or UTF-8 text. Why you think this
> > is not a "human readable format"?
> > 
> > HTML as e-mail (read carefully: as email, not as attachment) should be
> > forbidden because most MUA automatically fetch additional remote content
> > which violates privacy and can fetch bad content into your system.
> > You're warned.
> > 
> > matthias
> 
> 
> should should... Sorry?
> In a perfect world we can choose our communication partners. In a
> semi-perfect world we can at least try to missionate against HTML mails, but
> maybe with not much success. In the real world we have very often no choice.
> This battle is lost. The only choice is to harden the MUAs. Everything else
> is IMHO a quite academic disussion.
> 
> Regards
> another Matthias
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Thunderbird / Enigmail / Autocrypt

2020-11-23 Thread gnupgpacker 
Thanks Werner.

After further investigation about html mailing with Claws Mail: 
'Dillo HTML viewer' project has been updated Jun-2015, not available for
Windows.
'litehtml' is available for Windows, but latest update is Oct-2015.

In our environment ~ 70% of contacts are using M$ Outlook and its
standard html mail functions, so discussion about sense of purpose are
mindless even a change of security awareness take place around there...
But you are right, html mail is definitely an annoyance and security
risk, but wide spreaded compatibility to several communication partners
and its needs is necessary!

Best regards, Chris

> -Original Message-
> From: Werner Koch 
> Sent: Monday, November 23, 2020 1:30 PM
> ...
> Just load one of the HTML viewer plugins.  Note that most plugins are
> an integral part of Claws and thus don't run into problems like 
> Enigmail with Thunderbird.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-23 Thread Johan Wevers 
On 23-11-2020 7:08, Matthias Apitz wrote:

> Since ages human read mails in ASCII or UTF-8 text. Why you think this
> is not a "human readable format"?

Sure, hand crafted html in a text reader is human readable. But the html
that is vomited by Outlook is not (unless you are a very experienced web
developer).

> HTML as e-mail (read carefully: as email, not as attachment) should be
> forbidden because most MUA automatically fetch additional remote content
> which violates privacy and can fetch bad content into your system.

Fortunately Thunderbird does not do that by default. But you can select
trusted domains for which it does if you like.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-23 Thread Mark H. Wood via Gnupg-users 
On Mon, Nov 23, 2020 at 07:08:12AM +0100, Matthias Apitz wrote:
> El día lunes, noviembre 23, 2020 a las 03:03:54a. m. +0100, Johan Wevers 
> escribió:
> 
> > On 22-11-2020 12:38, Juergen Bruckner via Gnupg-users wrote:
> > 
> > > I don't understand why HTML in e-Mails is so important for some people.
> > 
> > I agree on a personal level, but if you use your email also to
> > communicate with business users (usually using Outlook) it would be nice
> > to get their mails in a human readable format. Which requires,
> > unfortunately, usually html.
> 
> Since ages human read mails in ASCII or UTF-8 text. Why you think this
> is not a "human readable format"?
> 
> HTML as e-mail (read carefully: as email, not as attachment) should be
> forbidden because most MUA automatically fetch additional remote content
> which violates privacy and can fetch bad content into your system.
> You're warned.

I consider that Mutt gives me the best of both, when I configure it:

  auto_view text/html

and in .mailcap:

  text/html; \
lynx -dump -force_html %s; \
copiousoutput

The text is flattened.  The result is sometimes ugly, but readable.

Attachments (such as images, or things purporting to be images) are
presented separately, and I can open them if I choose.  (Or I can copy
them out and inspect them in other ways, if I'm suspicious.  Examining
the un-rendered structure and content of some malicious messages can
be briefly entertaining.)

I would be mildly surprised to learn that my co-workers, outside of my
immediate workgroup, are even aware that I don't see their emails
rendered the way they do.  And nobody has ever told me, "your message
looks funny," except an occasional comment that someone couldn't open
the "attachment" (meaning the PGP/MIME signature).  Those stopped when
I got a corporate X.509 certificate and configured Mutt to use S/MIME
for internal mail.

Other console MUAs probably can do similar things when configured to
do so.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-23 Thread Werner Koch via Gnupg-users 
On Sun, 22 Nov 2020 10:02, gnupgpacker said:
> Claws Mail is an useful alternative, but please keep aware it does not
> support html mail, text only!
> https://www.claws-mail.org/manual/de/claws-mail-manual.html#AEN955 

Just load one of the HTML viewer plugins.  Note that most plugins are an
integral part of Claws and thus don't run into problems like Enigmail
with Thunderbird.

Right, the first-use setup is not as easy as with Thunderbird.  That is
the difference between a multi-million dollar per year project and a
voluntary thingy.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-23 Thread Werner Koch via Gnupg-users 
On Mon, 23 Nov 2020 07:22, cqcallaw said:

> At my job, I frequently send out summary charts and graphs surrounded by text.
> Attachments simply do not work; my audience cannot spend the mental energy to

Proper MUAs display inline images without problems.  I recall that even
exmh did this ~25 years ago.  It is just that the marketing department
can't enforce the corporate identity on text mails - or are too lazy to
create rules which work with plain text (and maybe inline images).

And well, I like HTML mails: my main address is free of spam thanks to a
simple procmail rule ;-)


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Ban HTML mails? Really?(was: Re: Thunderbird / Enigmail / Autocrypt)

2020-11-23 Thread Mansfeld Elektronik 

I'm sorry, but all this stuff becomes slightly off-topic

Am 23.11.2020 07:08, schrieb Matthias Apitz:

El día lunes, noviembre 23, 2020 a las 03:03:54a. m. +0100, Johan
Wevers escribió:


On 22-11-2020 12:38, Juergen Bruckner via Gnupg-users wrote:

> I don't understand why HTML in e-Mails is so important for some people.

I agree on a personal level, but if you use your email also to
communicate with business users (usually using Outlook) it would be 
nice

to get their mails in a human readable format. Which requires,
unfortunately, usually html.


Since ages human read mails in ASCII or UTF-8 text. Why you think this
is not a "human readable format"?

HTML as e-mail (read carefully: as email, not as attachment) should be
forbidden because most MUA automatically fetch additional remote 
content

which violates privacy and can fetch bad content into your system.
You're warned.

matthias



should should... Sorry?
In a perfect world we can choose our communication partners. In a 
semi-perfect world we can at least try to missionate against HTML mails, 
but maybe with not much success. In the real world we have very often no 
choice.
This battle is lost. The only choice is to harden the MUAs. Everything 
else is IMHO a quite academic disussion.


Regards
another Matthias

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-23 Thread Matthias Apitz 
El día lunes, noviembre 23, 2020 a las 07:22:19a. m. +, cqcallaw escribió:

> > Since ages human read mails in ASCII or UTF-8 text. Why you think this
> > is not a "human readable format"?
> >
> > HTML as e-mail (read carefully: as email, not as attachment) should be
> > forbidden because most MUA automatically fetch additional remote content
> > which violates privacy and can fetch bad content into your system.
> > You're warned.
> >
> > matthias
> >
> 
> At my job, I frequently send out summary charts and graphs surrounded by text.
> Attachments simply do not work; my audience cannot spend the mental energy to
> context-switch between text and attachments, and my reports become unusable.
> 
> I also provide hyperlinks in my reports. Sharing hyperlinks in plaintext 
> emails
> is possible, but verbose and unfriendly to the viewer.
> 
> In such circumstances, plaintext email is not human readable; I must use HTML.

Below you find a good example of such HTML SPAM going directly to an
external web server to fetch an "IMG" which could contain malisious code.
Is this what you really want to send to your boss or colleagues?

matthias




Unbenanntes Dokument



FFP2 Maske 1,89 bzw. 1,99 Euro. Die beliebteste und
meist getragene Atemmaske der Welt.

Sehr geehrte Damen und Herren,
Folgende Angebote sind sofort lieferbar, einzeln verschweisst:
https://scontent-frx5-1.xx.fbcdn.net/v/t1.0-9/126513141_2743524842569455_973641306125964327_o.jpg?_nc_cat=100ccb=2_nc_sid=730e14_nc_ohc=NfVk0yNJgskAX9WQt3q_nc_ht=scontent-frx5-1.xxoh=2064e0f7143521537359d540ebc4a7c4oe=5FDF8DE4;
width="650" height="650" />
CE-Zertifiziert durch Institut der europischen
Union. Schutzklasse FFP2! (KN95) Guter Schutz vor
SARSCoV2 - Covid19CoronaViren.
Lieferung an Firmen, Behrden, Arztpraxen, Apotheken, Kliniken
usw.:
Abnahmemengen: 10er weise oder 100er weise.
FFP2 Atemschutzmasken: (Auch nach AT, CH, NL, LU) 10
St. 19,90 Euro zzgl. 16 Proz. MwSt.
Angebot fr Firmen, Kliniken, Arztpraxen: 100 St.
189,- Euro zzgl. 16 Proz. MwSt.
(Grere Mengen auch sofort lieferbar.)
Bestellen Sie ganz einfach und zeitsparend, in dem Sie uns auf dieses
Schreiben einfach antworten.
(Lieferung auf Rechnung. Keine Vorkasse oder hnliches.)
cesch...@gmx.de
Versandkostenfreie Lieferung!
6 Wochen Rckgaberecht bei Nichtgefallen! Ihnen enstehen keine
Kosten.

Mit freundlichen Gren,
Michaela Kress CE-Schutz Vertrieb Hannover



Bitte antworten Sie uns direkt per Email.
EU-Kunden knnen gern die Umsatzsteuernummer (VAT) angeben.







___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-22 Thread cqcallaw via Gnupg-users 
‐‐‐ Original Message ‐‐‐
On Sunday, November 22, 2020 10:08 PM, Matthias Apitz  wrote:

> El día lunes, noviembre 23, 2020 a las 03:03:54a. m. +0100, Johan Wevers 
> escribió:
>
> > On 22-11-2020 12:38, Juergen Bruckner via Gnupg-users wrote:
> >
> > > I don't understand why HTML in e-Mails is so important for some people.
> >
> > I agree on a personal level, but if you use your email also to
> > communicate with business users (usually using Outlook) it would be nice
> > to get their mails in a human readable format. Which requires,
> > unfortunately, usually html.
>
> Since ages human read mails in ASCII or UTF-8 text. Why you think this
> is not a "human readable format"?
>
> HTML as e-mail (read carefully: as email, not as attachment) should be
> forbidden because most MUA automatically fetch additional remote content
> which violates privacy and can fetch bad content into your system.
> You're warned.
>
> matthias
>

At my job, I frequently send out summary charts and graphs surrounded by text.
Attachments simply do not work; my audience cannot spend the mental energy to
context-switch between text and attachments, and my reports become unusable.

I also provide hyperlinks in my reports. Sharing hyperlinks in plaintext emails
is possible, but verbose and unfriendly to the viewer.

In such circumstances, plaintext email is not human readable; I must use HTML.

Thanks,
-Caleb


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-22 Thread Daniel Bossert via Gnupg-users 
On Mon, 23 Nov 2020 07:22:19 +
cqcallaw via Gnupg-users  wrote:

> ‐‐‐ Original Message ‐‐‐
> On Sunday, November 22, 2020 10:08 PM, Matthias Apitz  
> wrote:
> 
> > El día lunes, noviembre 23, 2020 a las 03:03:54a. m. +0100, Johan Wevers 
> > escribió:
> >
> > > On 22-11-2020 12:38, Juergen Bruckner via Gnupg-users wrote:
> > >
> > > > I don't understand why HTML in e-Mails is so important for some people.
> > >
> > > I agree on a personal level, but if you use your email also to
> > > communicate with business users (usually using Outlook) it would be nice
> > > to get their mails in a human readable format. Which requires,
> > > unfortunately, usually html.
> >
> > Since ages human read mails in ASCII or UTF-8 text. Why you think this
> > is not a "human readable format"?
> >
> > HTML as e-mail (read carefully: as email, not as attachment) should be
> > forbidden because most MUA automatically fetch additional remote content
> > which violates privacy and can fetch bad content into your system.
> > You're warned.
> >
> > matthias
> >
> 
> At my job, I frequently send out summary charts and graphs surrounded by text.
> Attachments simply do not work; my audience cannot spend the mental energy to
> context-switch between text and attachments, and my reports become unusable.
> 
> I also provide hyperlinks in my reports. Sharing hyperlinks in plaintext 
> emails
> is possible, but verbose and unfriendly to the viewer.
> 
> In such circumstances, plaintext email is not human readable; I must use HTML.
> 
> Thanks,
> -Caleb

Probably HTML within an organization should be allowed but not when leaving 
such one?

> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
PGP: 81A8 1EC7 179C BE5F 02A8 2C01 3FF1 07B6 FC68 F10A


pgpcfsgR5zxQc.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-22 Thread Daniel Bossert via Gnupg-users 
I don't know if this is the right place here, but as we are discussing about 
sylpheed and claws-mail as well:
I have the following issue with Sylpheed:

I searched in Sylpheed for an email of April 20, 2020 for an insurance. I could 
easily find it in Thunderbird, but Sylpheed couldn't find it. I didn't see the 
mail in the inbox list of Sylpheed. Could it be Sylpheed doesn't catch all 
mail? How can I force it to sync everything it finds on the server?

I know it's not pgp related, but you guys know these two MUA, so therefore I 
ask.

Regards
Daniel

-- 
PGP: 81A8 1EC7 179C BE5F 02A8 2C01 3FF1 07B6 FC68 F10A


pgppyDP2LBG92.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-22 Thread Matthias Apitz 
El día lunes, noviembre 23, 2020 a las 03:03:54a. m. +0100, Johan Wevers 
escribió:

> On 22-11-2020 12:38, Juergen Bruckner via Gnupg-users wrote:
> 
> > I don't understand why HTML in e-Mails is so important for some people.
> 
> I agree on a personal level, but if you use your email also to
> communicate with business users (usually using Outlook) it would be nice
> to get their mails in a human readable format. Which requires,
> unfortunately, usually html.

Since ages human read mails in ASCII or UTF-8 text. Why you think this
is not a "human readable format"?

HTML as e-mail (read carefully: as email, not as attachment) should be
forbidden because most MUA automatically fetch additional remote content
which violates privacy and can fetch bad content into your system.
You're warned.

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Без книги нет знания, без знания нет коммунизма (Влaдимир Ильич Ленин)
Without books no knowledge - without knowledge no communism (Vladimir Ilyich 
Lenin)
Sin libros no hay saber - sin saber no hay comunismo. (Vladimir Ilich Lenin)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-22 Thread Johan Wevers 
On 22-11-2020 12:38, Juergen Bruckner via Gnupg-users wrote:

> I don't understand why HTML in e-Mails is so important for some people.

I agree on a personal level, but if you use your email also to
communicate with business users (usually using Outlook) it would be nice
to get their mails in a human readable format. Which requires,
unfortunately, usually html.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-22 Thread Jerry 
On Sun, 22 Nov 2020 16:17:37 +, Brad Rogers stated:
>True, but when my bank (just one example) tells me about their 'caring
>about security' and then spewing HTML left, right, and centre, whilst
>simultaneously disavowing themselves of blame should a virus be
>transported by their message, they can, quite frankly, go take a
>running jump.

So, off the top of your head, how many viruses, parasites and
other assorted malignancies has your bank infected you with?

-- 
Jerry


pgpKnU1yQ4Xrl.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-22 Thread Brad Rogers 
On Sun, 22 Nov 2020 16:06:41 +
Andrew Gallagher  wrote:

Hello Andrew,

>It is not always feasible to scold your correspondents about their use
>of HTML mail, 

True, but when my bank (just one example) tells me about their 'caring
about security' and then spewing HTML left, right, and centre, whilst
simultaneously disavowing themselves of blame should a virus be
transported by their message, they can, quite frankly, go take a running
jump.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
Tell the dinosaurs they just won't survive
The History Of The World (Part 1) - The Damned


pgp5qe6S9IBOC.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-22 Thread Andrew Gallagher 


> On 22 Nov 2020, at 11:40, Juergen Bruckner via Gnupg-users 
>  wrote:
> 
> HTML in e-Mails is a very big security risk in my eyes.

Not just yours, but unfortunately for many people it is a risk that they must 
absorb, because e.g. their job may depend upon it. It is not always feasible to 
scold your correspondents about their use of HTML mail, just as it is not 
always feasible to complain about their use of Microsoft Word. People need 
tools that work in the real world; not everyone can afford the luxury of 
righteous evangelism. 

A
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-22 Thread ael via Gnupg-users 
On Sun, Nov 22, 2020 at 12:38:52PM +0100, Juergen Bruckner via Gnupg-users 
wrote:
> 
> I don't understand why HTML in e-Mails is so important for some people.
> 
> For example, I configured my Mailserver to sort out HTML-Mails as Spam as
> long the sender is not on a whitelist.
> HTML in e-Mails is a very big security risk in my eyes.
 +1

 ael


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-22 Thread Juergen Bruckner via Gnupg-users 


Hi Chris,

Am 22.11.20 um 10:02 schrieb gnupgpacker:

Claws Mail is an useful alternative, but please keep aware it does not
support html mail, text only!
https://www.claws-mail.org/manual/de/claws-mail-manual.html#AEN955

Best regards, Chris



I don't understand why HTML in e-Mails is so important for some people.

For example, I configured my Mailserver to sort out HTML-Mails as Spam 
as long the sender is not on a whitelist.

HTML in e-Mails is a very big security risk in my eyes.

regards
Juergen

--
/¯\   No  |
\ /  HTML |Juergen Bruckner
 Xin  |juergen@bruckner.email
/ \  Mail |



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Thunderbird / Enigmail / Autocrypt

2020-11-22 Thread gnupgpacker 
Claws Mail is an useful alternative, but please keep aware it does not
support html mail, text only!
https://www.claws-mail.org/manual/de/claws-mail-manual.html#AEN955 

Best regards, Chris


> Date: Sat, 21 Nov 2020 19:02:33 +0100
> From: Werner Koch 
> To: Daniel Bossert via Gnupg-users 
> Subject: Re: Thunderbird / Enigmail / Autocrypt
> Message-ID: <87sg92lhae@wheatstone.g10code.de>
> Content-Type: text/plain; charset="us-ascii"
> ...
> Checkout Claws-mail which was forked from Sylpheed many years ago.
> The
> OpenPGP and S/MIME integration of both was initially done by me but
> many
> others improved it at lot.  Claws is like Thunderbird cross-platform.
> The current TB OpenPGP support is pretty basic after they removed
> Enigmail.
> Salam-Shalom,
>Werner


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-21 Thread Daniel Bossert via Gnupg-users 
Hello Werner

I would like to use claws-mail, but it looked quite old-school when I last used 
it.
There was no auto-configure of mail setup (find mail-server by itself).

But I will install it again and check it out.

Thank you
Daniel


On Sat, 21 Nov 2020 19:02:33 +0100
Werner Koch  wrote:

> On Fri, 20 Nov 2020 10:23, Daniel Bossert said:
> 
> > How secure is it to use Thundebrird with Autocrypt? I use Sylpheed at
> > the moment, but it is not that comfortable to use as Thunderbird.
> 
> Checkout Claws-mail which was forked from Sylpheed many years ago.  The
> OpenPGP and S/MIME integration of both was initially done by me but many
> others improved it at lot.  Claws is like Thunderbird cross-platform.
> 
> The current TB OpenPGP support is pretty basic after they removed
> Enigmail.
> 
> 
> Salam-Shalom,
> 
>Werner
> 
> -- 
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


-- 
PGP: 81A8 1EC7 179C BE5F 02A8 2C01 3FF1 07B6 FC68 F10A


pgpthvA1m02zo.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-21 Thread Werner Koch via Gnupg-users 
On Fri, 20 Nov 2020 10:23, Daniel Bossert said:

> How secure is it to use Thundebrird with Autocrypt? I use Sylpheed at
> the moment, but it is not that comfortable to use as Thunderbird.

Checkout Claws-mail which was forked from Sylpheed many years ago.  The
OpenPGP and S/MIME integration of both was initially done by me but many
others improved it at lot.  Claws is like Thunderbird cross-platform.

The current TB OpenPGP support is pretty basic after they removed
Enigmail.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thunderbird / Enigmail / Autocrypt

2020-11-21 Thread Patrick Brunschwig 
If you think about using the current stable version of Thunderbird
(version 78), then there is no Enigmail and no Autocrypt. OpenPGP has
been implemented directly in Thunderbird, but there is currently no
Autocrypt support in Thunderbird.

-Patrick

Daniel Bossert via Gnupg-users wrote on 20.11.2020 10:23:
> Hello all
> 
> How secure is it to use Thundebrird with Autocrypt? I use Sylpheed at the 
> moment, but it is not that comfortable to use as Thunderbird.
> Also, when I send an email, the signature will be shown instead like with 
> thunderbid just an info that the mail is signed
> 
> Do you have some inputs?
> 
> Regards
> Daniel
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Thunderbird / Enigmail / Autocrypt

2020-11-20 Thread Daniel Bossert via Gnupg-users 
Hello all

How secure is it to use Thundebrird with Autocrypt? I use Sylpheed at the 
moment, but it is not that comfortable to use as Thunderbird.
Also, when I send an email, the signature will be shown instead like with 
thunderbid just an info that the mail is signed

Do you have some inputs?

Regards
Daniel

-- 
PGP: 81A8 1EC7 179C BE5F 02A8 2C01 3FF1 07B6 FC68 F10A


pgp7C8_y4U6MF.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Enigmail] Future OpenPGP Support in Thunderbird

2019-10-09 Thread Dmitry Alexandrov via Gnupg-users 
"Hernâni Marques (p≡p foundation)"  wrote:
> On 08.10.19 18:37, Dmitry Alexandrov wrote:
>
>> Pity, but I hope it will be better that way.  In particular I hope, that 
>> Mozilla will not follow your example and won’t entice users to proprietary 
>> isolated keyserver [0] instead of distributed SKS network thus splitting the 
>> keybase.  And won’t promote standards [1] that suspiciously resemble 
>> embrace-extend-and-extinguish tactics employed against PGP either.
>> 
>> [0] https://keys.openpgp.org 
>> [1] https://pep.security
>
> pEp is not against PGP it's just PGP-supporting as much as it makes sense for 
> interop reasons

Well, I’m glad to hear that, but it’s really a pity, that supporting Autocrypt 
does not make sense for you.

> and goes beyond email already today; and it's designed from the very 
> beginning on to support other crypto[formats] as well (agnosticism on 
> messaging & crypto[format])

A double pity in light of your decision to not only support but actually 
_prefer_ other cryptoformats over PGP whenever possible for the sake of 
‘forward secrecy’ [1] — that’s when Autocrypt is exactly the extension to PGP 
that can provide forward secrecy, if needed.

[1]
| How does p≡p select the most secure way of sending an email or a message?
|
| When a p≡p user is communicating with another p≡p user:
|
| 1. if online communication available: OTR through GNUnet.
|
| 2. if online communication not available:
|
| a. if anonymizing platform available, OpenPGP through anonymizing platform 
(i.e. Qabel),
|
| b. if anonymizing platform not available, fallback to OpenPGP.
|
| When a p≡p user is communicating with a non-p≡p user then depending on the 
capabilities of the non-p≡p user:
|
| 1. if anonymizing and forward secrecy is possible, use that (i.e. OTR over 
GNUnet).
|
| 2. if anonymizing but no forward secrecy is possible, use that (i.e. OpenPGP 
over Qabel).
|
| 3. if forward secrecy is possible, use that (i.e. OTR).
|
| 4. if hard cryptography but no forward secrecy is possible, use that (i.e. 
OpenPGP)
|
| 5. if only weak cryptography is possible, use that (i.e. S/MIME with 
commercial CAs)
|
| 6. send unencrypted.
— https://www.pep.security/en/faq/


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Enigmail] Future OpenPGP Support in Thunderbird

2019-10-09 Thread p≡p foundation 
On 08.10.19 18:37, Dmitry Alexandrov wrote:

> Pity, but I hope it will be better that way.  In particular I hope, that 
> Mozilla will not follow your example and won’t entice users to proprietary 
> isolated keyserver [0] instead of distributed SKS network thus splitting the 
> keybase.  And won’t promote standards [1] that suspiciously resemble 
> embrace-extend-and-extinguish tactics employed against PGP either.
> 
> [0] https://keys.openpgp.org
> [1] https://pep.security
pEp is not against PGP, it's just PGP-supporting as much as it makes
sense for interop reasons and goes beyond email already today; and it's
designed from the very beginning on to support other crypto as well
(agnosticism on messaging & crypto).

-- 
p≡p foundation: https://pep.foundation/


0xCB5738652768F7E9.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-08-01 Thread David 
Andrew Gallagher:
> On 31/07/2019 13:36, David wrote:
>> Enigmail always defaults to the first set of keys one created
> 
> Enigmail will default to the first set of keys in your keyring that
> matches the selection criteria. Do you have more than one ID on each
> key? Do you have more than one key for each ID? This could be causing
> some confusion.
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

Andrew,

I have one key pair associated with one email address

Those keys do not have other ids attached to them.

Each key pair is only for a single (not multiple) email account.

Regards
David


-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread Patrick Brunschwig 
On 31.07.2019 14:26, David wrote:
> Consider the fact that for 30 times Enigmail refused to accept the
> passphrase for da...@gbenet.com
> 
> I decided to send an encrypted email to Erich. When selecting his
> private key there was no automatic tick in postmaster. But a tick in
> Erich's public key
> 
> On sending I thought I was going to be asked for david's passphrase yet
> again - but no - the email passed very quickly.
> 
> This begs the following questions:
> 
> (1) Why is postmaster always selcected as the default public key?
> (2) Why is it on failing 30 times to accept david's passphrase why does
> enigmail mysteriously remember it when it rejected 30 times?
> 
> Answers on a postcard please

I start to believe that your expectation of what should happen differs
from what actually happens.

The way things work in Enigmail are as follows: you select a *sender
account* in the Thunderbird message composition window. Based on that
sender account configuration (and nothing else), Enigmail decides which
key to use for *signing* your message. Remember, the passphrase is
needed for signing, not for encryption -  it does not matter if
Postmaster or Erich are in the recipients list.

If you get a dialog to choose the key(s) _after_ you hit the send
button, then those are the keys to which the message is *encrypted* to.
But again, you don't need a passphrase for any of these keys. Thus, if
you tell me that you expected to have to tick Postmaster in the dialog,
then that won't let you choose the key for signing.

HTH
-Patrick

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread Ralph Seichter 
* da...@gbenet.com:

> People say "Oh your settings are wrong" But the FAIL to give the RIGHT
> SETTINGS!! And then go waffling on

People don't fail you. Your entitlement issues do. Falsely stating
software X cannot do Y when you are not using it right, expecting
answers on a silver platter, and offering insults to people is simply
not the way to behave on a public mailing list when you want free
support (from people who don't owe you any assistance whatsoever)
and answers beyond "PEBKAC, so you figure it out".

> I want specific instructions - not moaning and groaning my settings
> are wrong and I don't know what I'm doing

Oh, you /want/ that, do you? As Clark Gable once said: "Frankly, my
dear, I don't give a damn". :-)

-Ralph

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread Andrew Gallagher 
On 31/07/2019 13:36, David wrote:
> Enigmail always defaults to the first set of keys one created

Enigmail will default to the first set of keys in your keyring that
matches the selection criteria. Do you have more than one ID on each
key? Do you have more than one key for each ID? This could be causing
some confusion.

-- 
Andrew Gallagher



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread David 
Patrick Brunschwig:
> On 31.07.2019 13:46, David wrote:
>> Hello Erich,
>>
>> I did what you said - associated each email address with  it's own key.
>> I then shut down Thunderbird re-started and carried out the following test:
>>
>> Test One:
>>
>> I sent an encrypted and signed email to site-admin from postmaster. I
>> received the email - it took 6 attempts to decrypt it.
>>
>> I then decided to reply - so I sent an encrypted and signed email to
>> postmaster - I was unable to  sign as site-admin - after 9 attempts of
>> entering the passphrase - each time rejected by Enigmail. I was unable
>> to send a signed and encrypted email to postmaster.
> 
> I'm sorry, but there's a misunderstanding. Enigmail does /not/ query
> your passphrase. Enigmail calls GnuPG, and GnuPG asks for your
> passphrase if needed. If the passphrase is rejected that's not related
> to Enigmail.
> 
> -Patrick
> 

So we go and ask Werner :)

hahahaha!!!

David -

-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread David 
Patrick Brunschwig:
> On 31.07.2019 08:56, David wrote:
>> Patrick Brunschwig:
>>> On 31.07.2019 00:36, David wrote:
>>>> Andrew Gallagher:
>>>>>
>>>>>> On 30 Jul 2019, at 18:47, David  wrote:
>>>>>>
>>>>>> Hello Stefan,
>>>>>>
>>>>>> I have three email accounts with their own keys - Enigmail does not
>>>>>> support this - you have to have one key and that's it.
>>>>>
>>>>> That is simply not true. I used enigmail with multiple keys for years 
>>>>> without any issues. If you’re having issues configuring it, perhaps ask 
>>>>> on the enigmail list.
>>>>>
>>>>> A
>>>>>
>>>>
>>>> I have done so - but have got no advice on the correct settings in
>>>> Thunderbird or Enigmail.
>>>
>>> That's not true. I have asked you for more details on the Enigmail
>>> mailing list. But instead of responding, you came here to ask the same
>>> questions.
>>>
>>> As Enigmail uses GnuPG for any crypto-operations, I don't think that the
>>> problem is in Enigmail, but in your setup. Feel free to answer my
>>> questions on the Enigmail mailing list, and I'll continue to try to find
>>> out what goes wrong.
>>>
>>> -Patrick
>>>
>>
>> Hello Patrick,
>>
>> I did not approach this list for answers - I just asked if anyone knew
>> of an alternative. I then got drawn in to what was the problem.
>>
>> People say "Oh your settings are wrong" But the FAIL to give the RIGHT
>> SETTINGS!! And then go waffling on
>>
>> I have turned back the clock some 20 years - so have no settings to
>> support further keys.
>>
>> Having said that - I would appreciate exactly what settings will work to
>> enable me to sign with other emails and the public key associated with
>> it and to be able to encrypt and sign with differing emails and keys.
>>
>> I want specific instructions - not moaning and groaning my settings are
>> wrong and I don't know what I'm doing - that approach does not lead to a
>> solution.
> 
> Here are the instructions:
> 
> 1. Open the Thunderbird Account Settings (menu Tools > Account Settings)
> 2. switch to the tab "OpenPGP Security"
> 3. make sure that "Enable OpenPGP support" is checked
> 4. click on the button "Select key"
> 5. select the key that matches the email address of the account
> 
> Repeat Steps 2-5 for each and every of your accounts/email addresses.
> 
> If you follow(ed) these instructions, then everything else /should/ go
> automatically and you /should/ not have any issues. If you do have
> issues, then there are no simple instructions - we have to dig to find
> out what's wrong.
> 
> The questions I asked on the Enigmail mailing list are the 1st step into
> trying to find out why things don't work as expected, as I assumed that
> -- as a long-term user -- you already did configure Enigmail correctly.
> 
> -Patrick
> 

Patrick,

When I first created my keys that is exactly what I did. It all failed.

Enigmail always defaults to the first set of keys one created - for
example site-addmin wants to an encrypted and signed mail to skipper -
when you go to select the public key of skipper - postmaster is always
selected.

Also - why is it that enigmail and reuse a passphrase 30- times - then
suddenly remember to use it??

Enigmaill does not always read it's own settings. Even when you flush
the cache and reboot your laptop or desktop. It always defaults to the
first key you created for signing and encryption when using local keys
ie da...@gbenet.com site-add...@gbenet.com skip...@gbenet.com


be Happy - but there's something amiss somewhere in the code - what that
something is I have no idea.

David

-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread Patrick Brunschwig 
On 31.07.2019 13:46, David wrote:
> Hello Erich,
> 
> I did what you said - associated each email address with  it's own key.
> I then shut down Thunderbird re-started and carried out the following test:
> 
> Test One:
> 
> I sent an encrypted and signed email to site-admin from postmaster. I
> received the email - it took 6 attempts to decrypt it.
> 
> I then decided to reply - so I sent an encrypted and signed email to
> postmaster - I was unable to  sign as site-admin - after 9 attempts of
> entering the passphrase - each time rejected by Enigmail. I was unable
> to send a signed and encrypted email to postmaster.

I'm sorry, but there's a misunderstanding. Enigmail does /not/ query
your passphrase. Enigmail calls GnuPG, and GnuPG asks for your
passphrase if needed. If the passphrase is rejected that's not related
to Enigmail.

-Patrick

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread David 
David:
> Erich Eckner via Gnupg-users:
>> Hi David,
>>
>> here is, how I had thunderbird + enigmail running for several years with
>> two keys and without problems (I have switched away from thunderbird
>> since one year ago, because it got too heavy and slow for my taste):
>>
>> For each sending address, I have an identity
>> "Edit" -> "Account Settings" -> "Manage Identities ..."
>> and for each I set up the correct pgp key to use
>> "Edit ..." (in the Identities-window) -> "OpenPGP Security" -> "Use
>> email address of this identity to identify OpenPGP key" (where the
>> address matches) and "Use specific OpenPGP key ID" (where the address
>> does not match).
>>
>> Sry, If this does not help and you mentioned it already, but the
>> previous mails contained too much emotion to completely be read by me.
>>
>> Anyways, since you originally asked for an alternative: I am currently
>> using alpine + topal - which get's the multiple-keys part well, too, but
>> has deficits regarding MIME/multipart encryption.
>>
>> regards,
>> Erich Eckner
>> Friedrich-Schiller-Universität Jena
>> Institut für Optik und Quantenelektronik
>> Helmholtzweg 4
>> 07743 Jena
>>
>> Tel. +49 3641 9-47238
>>
>>
>> On Wed, 31 Jul 2019, David wrote:
>>
>>> Robert J. Hansen:
>>>>> That's why I am considering other solutions. I have been with
>>>>> Thunderbird and Enigmail for over 20 years with one key pair -
>>>>
>>>> This is simply not possible, as Enigmail didn't exist until 2001.  (It
>>>> took until about 2003 before it became really usable.)
>>>>
>>>>
>>>> ___
>>>> Gnupg-users mailing list
>>>> Gnupg-users@gnupg.org
>>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>>>
>>
>>> Ok two years out - thank you for the correction
>>
>>> David
>>
>>
>>> -- 
>>> People Should Not Be Afraid Of Their Government - Their Government
>>> Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
>>> Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
>>> https://gbenet.com
>>
>>
>>
>> ___
>> Gnupg-users mailing list
>> Gnupg-users@gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>
> 
> Hello Erich,
> 
> I did what you said - associated each email address with  it's own key.
> I then shut down Thunderbird re-started and carried out the following test:
> 
> Test One:
> 
> I sent an encrypted and signed email to site-admin from postmaster. I
> received the email - it took 6 attempts to decrypt it.
> 
> I then decided to reply - so I sent an encrypted and signed email to
> postmaster - I was unable to  sign as site-admin - after 9 attempts of
> entering the passphrase - each time rejected by Enigmail. I was unable
> to send a signed and encrypted email to postmaster.
> 
> Test Two:
> 
> I sent an encrypted and signed email to david - when selecting the right
> public key there was always a tick in postmaster which I removed and
> selected the right key to encrypt too. BUT Enigmail REFUSED to accept my
> passphrase after 9 attempts.
> 
> Test Three:
> 
> I decided to send a signed and encrypted email to postmaster from David.
> With the following results: For some strange reason Enigmail encrypted
> to postmaster and signed:
> 
> Decrypted message Good signature from David  Key ID:
> 0x3299975EAD1E968848D19945459E3AE3EA13E1A3 / Signed on: 31/07/19, 12:18
> Key fingerprint: 3299 975E AD1E 9688 48D1 9945 459E 3AE3 EA13 E1A3 Used
> Algorithms: RSA and SHA256 Note: The message is encrypted for the
> following User ID's / Keys: 0xD21B4405FDDA1EF2 (postmaster (There's
> always light at the end of the tunnel) ),
> 0xCF833B99EBD6222A (David  
> I just copied and pasted the passphrase into the check box - I did the
> same with da...@gbenet.com and entered it in by hand 6 times.
> 
> Test Four:
> 
> I decided to send a signed and encrypted email from skipper to David
> with the following results: The message was signed Enigmail accepted the
> passphrase. The message was decrypted - even though Enigmail asked me
> for david's passphrase. When I clicked on show info about the signer no
> results came  back. I do not know if da...@gbenet.com or
> postms...@gbenet.com actually decrypted the email :) Hahhhaha

Re: Enigmail

2019-07-31 Thread Patrick Brunschwig 
On 31.07.2019 08:56, David wrote:
> Patrick Brunschwig:
>> On 31.07.2019 00:36, David wrote:
>>> Andrew Gallagher:
>>>>
>>>>> On 30 Jul 2019, at 18:47, David  wrote:
>>>>>
>>>>> Hello Stefan,
>>>>>
>>>>> I have three email accounts with their own keys - Enigmail does not
>>>>> support this - you have to have one key and that's it.
>>>>
>>>> That is simply not true. I used enigmail with multiple keys for years 
>>>> without any issues. If you’re having issues configuring it, perhaps ask on 
>>>> the enigmail list.
>>>>
>>>> A
>>>>
>>>
>>> I have done so - but have got no advice on the correct settings in
>>> Thunderbird or Enigmail.
>>
>> That's not true. I have asked you for more details on the Enigmail
>> mailing list. But instead of responding, you came here to ask the same
>> questions.
>>
>> As Enigmail uses GnuPG for any crypto-operations, I don't think that the
>> problem is in Enigmail, but in your setup. Feel free to answer my
>> questions on the Enigmail mailing list, and I'll continue to try to find
>> out what goes wrong.
>>
>> -Patrick
>>
> 
> Hello Patrick,
> 
> I did not approach this list for answers - I just asked if anyone knew
> of an alternative. I then got drawn in to what was the problem.
> 
> People say "Oh your settings are wrong" But the FAIL to give the RIGHT
> SETTINGS!! And then go waffling on
> 
> I have turned back the clock some 20 years - so have no settings to
> support further keys.
> 
> Having said that - I would appreciate exactly what settings will work to
> enable me to sign with other emails and the public key associated with
> it and to be able to encrypt and sign with differing emails and keys.
> 
> I want specific instructions - not moaning and groaning my settings are
> wrong and I don't know what I'm doing - that approach does not lead to a
> solution.

Here are the instructions:

1. Open the Thunderbird Account Settings (menu Tools > Account Settings)
2. switch to the tab "OpenPGP Security"
3. make sure that "Enable OpenPGP support" is checked
4. click on the button "Select key"
5. select the key that matches the email address of the account

Repeat Steps 2-5 for each and every of your accounts/email addresses.

If you follow(ed) these instructions, then everything else /should/ go
automatically and you /should/ not have any issues. If you do have
issues, then there are no simple instructions - we have to dig to find
out what's wrong.

The questions I asked on the Enigmail mailing list are the 1st step into
trying to find out why things don't work as expected, as I assumed that
-- as a long-term user -- you already did configure Enigmail correctly.

-Patrick

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread David 
Erich Eckner via Gnupg-users:
> Hi David,
> 
> here is, how I had thunderbird + enigmail running for several years with
> two keys and without problems (I have switched away from thunderbird
> since one year ago, because it got too heavy and slow for my taste):
> 
> For each sending address, I have an identity
> "Edit" -> "Account Settings" -> "Manage Identities ..."
> and for each I set up the correct pgp key to use
> "Edit ..." (in the Identities-window) -> "OpenPGP Security" -> "Use
> email address of this identity to identify OpenPGP key" (where the
> address matches) and "Use specific OpenPGP key ID" (where the address
> does not match).
> 
> Sry, If this does not help and you mentioned it already, but the
> previous mails contained too much emotion to completely be read by me.
> 
> Anyways, since you originally asked for an alternative: I am currently
> using alpine + topal - which get's the multiple-keys part well, too, but
> has deficits regarding MIME/multipart encryption.
> 
> regards,
> Erich Eckner
> Friedrich-Schiller-Universität Jena
> Institut für Optik und Quantenelektronik
> Helmholtzweg 4
> 07743 Jena
> 
> Tel. +49 3641 9-47238
> 
> 
> On Wed, 31 Jul 2019, David wrote:
> 
>> Robert J. Hansen:
>>>> That's why I am considering other solutions. I have been with
>>>> Thunderbird and Enigmail for over 20 years with one key pair -
>>>
>>> This is simply not possible, as Enigmail didn't exist until 2001.  (It
>>> took until about 2003 before it became really usable.)
>>>
>>>
>>> ___
>>> Gnupg-users mailing list
>>> Gnupg-users@gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>>
> 
>> Ok two years out - thank you for the correction
> 
>> David
> 
> 
>> -- 
>> People Should Not Be Afraid Of Their Government - Their Government
>> Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
>> Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
>> https://gbenet.com
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

Hello Erich,

I did what you said - associated each email address with  it's own key.
I then shut down Thunderbird re-started and carried out the following test:

Test One:

I sent an encrypted and signed email to site-admin from postmaster. I
received the email - it took 6 attempts to decrypt it.

I then decided to reply - so I sent an encrypted and signed email to
postmaster - I was unable to  sign as site-admin - after 9 attempts of
entering the passphrase - each time rejected by Enigmail. I was unable
to send a signed and encrypted email to postmaster.

Test Two:

I sent an encrypted and signed email to david - when selecting the right
public key there was always a tick in postmaster which I removed and
selected the right key to encrypt too. BUT Enigmail REFUSED to accept my
passphrase after 9 attempts.

Test Three:

I decided to send a signed and encrypted email to postmaster from David.
With the following results: For some strange reason Enigmail encrypted
to postmaster and signed:

Decrypted message Good signature from David  Key ID:
0x3299975EAD1E968848D19945459E3AE3EA13E1A3 / Signed on: 31/07/19, 12:18
Key fingerprint: 3299 975E AD1E 9688 48D1 9945 459E 3AE3 EA13 E1A3 Used
Algorithms: RSA and SHA256 Note: The message is encrypted for the
following User ID's / Keys: 0xD21B4405FDDA1EF2 (postmaster (There's
always light at the end of the tunnel) ),
0xCF833B99EBD6222A (David https://gbenet.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread Erich Eckner via Gnupg-users 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi David,

here is, how I had thunderbird + enigmail running for several years with 
two keys and without problems (I have switched away from thunderbird since 
one year ago, because it got too heavy and slow for my taste):


For each sending address, I have an identity
"Edit" -> "Account Settings" -> "Manage Identities ..."
and for each I set up the correct pgp key to use
"Edit ..." (in the Identities-window) -> "OpenPGP Security" -> "Use email 
address of this identity to identify OpenPGP key" (where the address 
matches) and "Use specific OpenPGP key ID" (where the address does not 
match).


Sry, If this does not help and you mentioned it already, but the previous 
mails contained too much emotion to completely be read by me.


Anyways, since you originally asked for an alternative: I am currently 
using alpine + topal - which get's the multiple-keys part well, too, but 
has deficits regarding MIME/multipart encryption.


regards,
Erich Eckner
Friedrich-Schiller-Universität Jena
Institut für Optik und Quantenelektronik
Helmholtzweg 4
07743 Jena

Tel. +49 3641 9-47238


On Wed, 31 Jul 2019, David wrote:


Robert J. Hansen:

That's why I am considering other solutions. I have been with
Thunderbird and Enigmail for over 20 years with one key pair -


This is simply not possible, as Enigmail didn't exist until 2001.  (It
took until about 2003 before it became really usable.)


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



Ok two years out - thank you for the correction

David


--
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com



-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl1BQvYACgkQCu7JB1Xa
e1q52BAAlXkDN78Rm0OOcajjf099eEN3D/yLgkjv9kdd6GnoAaZwGvOGvRaZXd4A
b2TXNebVKrTqVbEeSC6R3eHEN0F7jotEiyIrcIMKhBK7S4KfKtrVX2F5bnJoW/zw
PJKwlXwZor9KskrSu39AWdPREpEFfOiCHoegI5r3Yr00XlUUxeEy0xAnUI3Y6SMB
YzemIQj8P4rDfM8XHX/YUuYM/vL4yC/J/W3sCT4VRldfuZgnX2W4W3OklQi7O32J
lYRXEzwiY3M5l89Aqso08+SqrpRwr7yrHCweHElVHqOh2wM0BWnCXdn/itYkvvRH
6Ys3fMSnxjw8SDb5xG3pP2RYiE2XUxuH310YwMpa05iykktaqjrvS2JBlMpTdgI8
J+AaWM1ewBbidHeJH4CJgUfwXy/kqqzrhTgCDhnfa2Gtbj6Io4AlwtubE+av2l9M
5B736PIr7pP0hBZwhggHNNsa/vb0bhckDXRk2dSUbK2eJPElcpL4gsf98/LlEg1S
HYUhg/4y5puWVl9/QMCvk4Vxyp6ld7XlfcrvaRrKeIjlmh9aAVp2Cqk9hG49tMqy
FVCYVBUmUNg5599IGzaqTFfROzQQh5h+u3veQnTNM+CG8VT05Fjj6HVE3p8s+O5c
wl1dJ9+3hadokD2VadD44HCBEIxKFKjuXieQmNya8I6VQud3wR8=
=3/C1
-END PGP SIGNATURE-___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread David 
Robert J. Hansen:
>> That's why I am considering other solutions. I have been with
>> Thunderbird and Enigmail for over 20 years with one key pair -
> 
> This is simply not possible, as Enigmail didn't exist until 2001.  (It
> took until about 2003 before it became really usable.)
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

Ok two years out - thank you for the correction

David


-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread David 
Patrick Brunschwig:
> On 31.07.2019 00:36, David wrote:
>> Andrew Gallagher:
>>>
>>>> On 30 Jul 2019, at 18:47, David  wrote:
>>>>
>>>> Hello Stefan,
>>>>
>>>> I have three email accounts with their own keys - Enigmail does not
>>>> support this - you have to have one key and that's it.
>>>
>>> That is simply not true. I used enigmail with multiple keys for years 
>>> without any issues. If you’re having issues configuring it, perhaps ask on 
>>> the enigmail list.
>>>
>>> A
>>>
>>
>> I have done so - but have got no advice on the correct settings in
>> Thunderbird or Enigmail.
> 
> That's not true. I have asked you for more details on the Enigmail
> mailing list. But instead of responding, you came here to ask the same
> questions.
> 
> As Enigmail uses GnuPG for any crypto-operations, I don't think that the
> problem is in Enigmail, but in your setup. Feel free to answer my
> questions on the Enigmail mailing list, and I'll continue to try to find
> out what goes wrong.
> 
> -Patrick
> 

Hello Patrick,

I did not approach this list for answers - I just asked if anyone knew
of an alternative. I then got drawn in to what was the problem.

People say "Oh your settings are wrong" But the FAIL to give the RIGHT
SETTINGS!! And then go waffling on

I have turned back the clock some 20 years - so have no settings to
support further keys.

Having said that - I would appreciate exactly what settings will work to
enable me to sign with other emails and the public key associated with
it and to be able to encrypt and sign with differing emails and keys.

I want specific instructions - not moaning and groaning my settings are
wrong and I don't know what I'm doing - that approach does not lead to a
solution.

Regards,

David


-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-31 Thread Patrick Brunschwig 
On 31.07.2019 00:36, David wrote:
> Andrew Gallagher:
>>
>>> On 30 Jul 2019, at 18:47, David  wrote:
>>>
>>> Hello Stefan,
>>>
>>> I have three email accounts with their own keys - Enigmail does not
>>> support this - you have to have one key and that's it.
>>
>> That is simply not true. I used enigmail with multiple keys for years 
>> without any issues. If you’re having issues configuring it, perhaps ask on 
>> the enigmail list.
>>
>> A
>>
> 
> I have done so - but have got no advice on the correct settings in
> Thunderbird or Enigmail.

That's not true. I have asked you for more details on the Enigmail
mailing list. But instead of responding, you came here to ask the same
questions.

As Enigmail uses GnuPG for any crypto-operations, I don't think that the
problem is in Enigmail, but in your setup. Feel free to answer my
questions on the Enigmail mailing list, and I'll continue to try to find
out what goes wrong.

-Patrick

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread David 
Ralph Seichter:
> * da...@gbenet.com:
> 
>> Enigmail will only work with ONE Key.
>> It does not recognise any other key than the first key that was
>> created.
> 
> I use multiple keys with Enigmail and Thunderbird, and I have done so
> for years.
> 
>> You don't think perhaps can not think - your not too smart as to offer
>> any solution.
> 
> Right, try insulting people, that will surely get you far. :-) I owe you
> exactly nothing. If you cannot figure it out yourself, try the Enigmail
> mailing list.
> 
> -Ralph
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
I have approached the Enigmail list (if you care to read all the emails)
but have had no instructions or help in resolving matters - clearly some
people wish to make conversations rather than offering practical help -
this failure was what prompted me to look into other solutions.

David

-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread David 
Andrew Gallagher:
> 
>> On 30 Jul 2019, at 18:47, David  wrote:
>>
>> Hello Stefan,
>>
>> I have three email accounts with their own keys - Enigmail does not
>> support this - you have to have one key and that's it.
> 
> That is simply not true. I used enigmail with multiple keys for years without 
> any issues. If you’re having issues configuring it, perhaps ask on the 
> enigmail list.
> 
> A
> 

I have done so - but have got no advice on the correct settings in
Thunderbird or Enigmail.

That's why I am considering other solutions. I have been with
Thunderbird and Enigmail for over 20 years with one key pair -
postmas...@gbenet.com

Regards,

David


-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread Ralph Seichter 
* da...@gbenet.com:

> Enigmail will only work with ONE Key.
> It does not recognise any other key than the first key that was
> created.

I use multiple keys with Enigmail and Thunderbird, and I have done so
for years.

> You don't think perhaps can not think - your not too smart as to offer
> any solution.

Right, try insulting people, that will surely get you far. :-) I owe you
exactly nothing. If you cannot figure it out yourself, try the Enigmail
mailing list.

-Ralph

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread David 
Stefan Claas via Gnupg-users:
> David wrote:
> 
> Hi David,
> 
>> I have three email accounts with their own keys - Enigmail does not
>> support this - you have to have one key and that's it.
> 
> Ah, o.k. I never tried it, but it should be possible, with different
> accounts and keys (hopefully).
>  
>> Am downloading and installing claws mail now so hope it will import all
>> my Thunderbird and Enigmail settings :)
> 
> Claws-Mail is a different beast and I think this will not work.
> 
> Regards
> Stefan
> 

Hi Stefan,

It's all installed - with a main mail box. Am going to see if I can
create four email accounts - hopefully not all as sub-accounts of the
first one I created - I notice you can not change the name of this mail
box :) I've yet to figure out how to use my keys. A learninng curve is
in order but late at night 11.45pm!!

Regards

David



-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread David 
Ralph Seichter:
> * da...@gbenet.com:
> 
>> I have three email accounts with their own keys - Enigmail does not
>> support this - you have to have one key and that's it.
> 
> Nonsense! One can not only configure one PGP key per account (of which
> there can be many), one can even configure one key per identity. Each
> TB account can have multiplie identities; one of Thunderbird's killer
> features as far as I am concerned.
> 
> Why you would lambast Enigmail for a non-problem, caused by you not
> configuring things properly, is beyond me.
> 
> -Ralph
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

Ralf,

I have had one key pair for over 20 years - for postmas...@gbenet.com
I decided to create another key pair last week for my website -
site-ad...@gbenet.com

I set the settings to choose a key by email account select the key
manually. I then sent a encrypted and signed test message from
postmas...@gbenet.com to site-ad...@gbenet.com

The email arrived and I could read it - I had no need to decrypt it
because it was signed and encrypted to postmas...@gbenet.com

I then decided to reply - it selected postmasters key but refused to
sign the email - I entered the passphrase three times  all by hand the
same result.

Puzzled by this - I decided to take the checkbox out of picking the
right key for the email accounts of postmas...@gbenet.com and
site-ad...@gbenet.com

I decided to send just an encrypted email to postmas...@gbenet.com from
site-ad...@gbenet.com "I can't find the key" even though I had selected
the  key - h.. I tried then to just send a signed reeply
to postma...@gbenet.com not encrypted - the dialogue box popped up to
enter the passphrase for site-ad...@gbenet.com - again it refused to
accept the passphrase for site-ad...@gbenet.com

Oh and I created a new key pair for da...@gbenet.com which are
completely useless. I  tried with all three keys - the only key to work
is my postmas...@gbenet.com which I've used in Thunderbird and Enigmail
for over 20 years.

And after each of these config changes in Enigmail and Thunderbird I
shut down Thunderbird deleted all the caches and rebooted my laptop.

The results were all consistent:
Enigmail will only work with ONE Key.
It does not recognise any other key than the first key that was created.

I'd like to use my da...@gbenet.com key here - some ages ago complained
I was using postmas...@gbenet.com's key to sign emails. I thought it
woulld be a good idea to have a key for this email account. BUT I can
not use it - I can not sign emails.

You moan - but offer no solutions. I can think of only one possible
solution that will work delete site-admin's key pair - delete david's
key pair and go back to what Thunderbird and Enigmail are happy with one
key pair from postmas...@gbenet.com

To be frank your comments are just like a bad fart - then they go away.
You don't think perhaps can not think - your not too smart as to offer
any solution.

Regards

David





-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread Ralph Seichter 
* da...@gbenet.com:

> I have three email accounts with their own keys - Enigmail does not
> support this - you have to have one key and that's it.

Nonsense! One can not only configure one PGP key per account (of which
there can be many), one can even configure one key per identity. Each
TB account can have multiplie identities; one of Thunderbird's killer
features as far as I am concerned.

Why you would lambast Enigmail for a non-problem, caused by you not
configuring things properly, is beyond me.

-Ralph

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread Andrew Gallagher 

> On 30 Jul 2019, at 18:47, David  wrote:
> 
> Hello Stefan,
> 
> I have three email accounts with their own keys - Enigmail does not
> support this - you have to have one key and that's it.

That is simply not true. I used enigmail with multiple keys for years without 
any issues. If you’re having issues configuring it, perhaps ask on the enigmail 
list.

A

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread Stefan Claas via Gnupg-users 
David wrote:

Hi David,

> I have three email accounts with their own keys - Enigmail does not
> support this - you have to have one key and that's it.

Ah, o.k. I never tried it, but it should be possible, with different
accounts and keys (hopefully).
 
> Am downloading and installing claws mail now so hope it will import all
> my Thunderbird and Enigmail settings :)

Claws-Mail is a different beast and I think this will not work.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread David 
Stefan Claas via Gnupg-users:
> David wrote:
> 
>> Stefan Claas via Gnupg-users:
>>> David wrote:
>>>
>>>> Hello Everyone,
>>>>
>>>> I am looking for an alternative to Enigmail - which fails to work.
>>>> Any ideas as to a suitable replacement??
>>>
>>> You may check out another MUA, like Claws-Mail, which I used with
>>> GPG plug-ins in the past. It worked fine!
>>>
>>> Regards
>>> Stefan
>>>
>> Hello Stefan - is it an add-on? Works on Linux? And does it support
>> multiple keys which Enigmail does not?
>>
>> I will go check :)
> 
> Claws-Mail is a MUA/NUA like Thunderbird. It includes GPG plug-ins.
> 
> Regarding multiple key, I don't know what you mean, sorry.
> 
> When I send messages (online) in the past with Claws-Mail I only
> send to single individuals.
> 
> If you mean multiple keys for yourself, I never checked this,
> but assume then you may need also individual accounts in
> Claws-Mail for multiple keys.
> 
> Regards
> Stefan
> 

Hello Stefan,

I have three email accounts with their own keys - Enigmail does not
support this - you have to have one key and that's it.

Am downloading and installing claws mail now so hope it will import all
my Thunderbird and Enigmail settings :)

David


-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread Stefan Claas via Gnupg-users 
David wrote:

> Stefan Claas via Gnupg-users:
> > David wrote:
> > 
> >> Hello Everyone,
> >>
> >> I am looking for an alternative to Enigmail - which fails to work.
> >> Any ideas as to a suitable replacement??
> > 
> > You may check out another MUA, like Claws-Mail, which I used with
> > GPG plug-ins in the past. It worked fine!
> > 
> > Regards
> > Stefan
> > 
> Hello Stefan - is it an add-on? Works on Linux? And does it support
> multiple keys which Enigmail does not?
> 
> I will go check :)

Claws-Mail is a MUA/NUA like Thunderbird. It includes GPG plug-ins.

Regarding multiple key, I don't know what you mean, sorry.

When I send messages (online) in the past with Claws-Mail I only
send to single individuals.

If you mean multiple keys for yourself, I never checked this,
but assume then you may need also individual accounts in
Claws-Mail for multiple keys.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread David 
Stefan Claas via Gnupg-users:
> David wrote:
> 
>> Hello Everyone,
>>
>> I am looking for an alternative to Enigmail - which fails to work.
>> Any ideas as to a suitable replacement??
> 
> You may check out another MUA, like Claws-Mail, which I used with
> GPG plug-ins in the past. It worked fine!
> 
> Regards
> Stefan
> 
Hello Stefan - is it an add-on? Works on Linux? And does it support
multiple keys which Enigmail does not?

I will go check :)

David


-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail

2019-07-30 Thread Stefan Claas via Gnupg-users 
David wrote:

> Hello Everyone,
> 
> I am looking for an alternative to Enigmail - which fails to work.
> Any ideas as to a suitable replacement??

You may check out another MUA, like Claws-Mail, which I used with
GPG plug-ins in the past. It worked fine!

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Enigmail

2019-07-30 Thread David 
Hello Everyone,

I am looking for an alternative to Enigmail - which fails to work.
Any ideas as to a suitable replacement??

Regards

David
-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! The "Captain's B(L)og"
https://gbenet.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Need help with GPG + Thunderbird + Enigmail on a RaspberryPi

2018-11-18 Thread Stefan Claas 
On Sun, 18 Nov 2018 17:54:26 +0100, Juergen BRUCKNER wrote:

Hi Juergen,

> the ex- and import of the keys at commandline in terminal works fine.
> 
> But I wanted to make screenshots of the process for a presentation i
> would use for a training of "newbies" and there i under no
> circumstances want to work in terminal or commandline interface.
> 
> And i could reproduce this error/failure on another Raspi too.

oh, o.k. i thought that it is only for personal usage.

Well, in that case hopefully the Enigmail team can give you an answer!

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas


pgpZClS_tdfJv.pgp
Description: Digitale Signatur von OpenPGP
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Need help with GPG + Thunderbird + Enigmail on a RaspberryPi

2018-11-18 Thread Juergen BRUCKNER 
Hi Stefan,

the ex- and import of the keys at commandline in terminal works fine.

But I wanted to make screenshots of the process for a presentation i
would use for a training of "newbies" and there i under no circumstances
want to work in terminal or commandline interface.

And i could reproduce this error/failure on another Raspi too.

regards
Juergen

Am 18.11.18 um 15:34 schrieb Stefan Claas:
> On Sun, 18 Nov 2018 14:52:14 +0100, Juergen Bruckner wrote:
>> Hello Groups,
>>
>> I do this as crossposting on gnupg and enigmail - lists.
>>
>> Raspian: November 2018 (Kernel 4.4)
>> Thunderbird: 52.9.1 - 32bit
>> Enigmail 2.0.8 (20180804-1515)
>> all installed from the Raspbian-sources
>>
>> At the moment I try to etablish a "Backup-Mail-Client" on a
>> RaspberryPi with Thunderbird, GnuPG and Enigmail.
>> So far so good - I brought all to run, except problems with the import
>> of GPG keys.
>> When I try to import a key I just exported a minute before from my
>> desktop pc there is only the public key imported. And YES I double
>> checked to export the secret key.
>> I did export and try to import via Enigmail.
>>
>> Can anyone figure out where i make a mistake or where there is an
>> error?
> 
> Hi Juergen,
> 
> while i no longer use Enigmail, i would try to export your secret key
> with gpg --export-secret-key Juergen and then see if it imports
> properly on the other side.
> 
> Regards
> Stefan
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

-- 
Juergen M. Bruckner
juer...@bruckner.tk



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Need help with GPG + Thunderbird + Enigmail on a RaspberryPi

2018-11-18 Thread Stefan Claas 
On Sun, 18 Nov 2018 14:52:14 +0100, Juergen Bruckner wrote:
> Hello Groups,
> 
> I do this as crossposting on gnupg and enigmail - lists.
> 
> Raspian: November 2018 (Kernel 4.4)
> Thunderbird: 52.9.1 - 32bit
> Enigmail 2.0.8 (20180804-1515)
> all installed from the Raspbian-sources
> 
> At the moment I try to etablish a "Backup-Mail-Client" on a
> RaspberryPi with Thunderbird, GnuPG and Enigmail.
> So far so good - I brought all to run, except problems with the import
> of GPG keys.
> When I try to import a key I just exported a minute before from my
> desktop pc there is only the public key imported. And YES I double
> checked to export the secret key.
> I did export and try to import via Enigmail.
> 
> Can anyone figure out where i make a mistake or where there is an
> error?

Hi Juergen,

while i no longer use Enigmail, i would try to export your secret key
with gpg --export-secret-key Juergen and then see if it imports
properly on the other side.

Regards
Stefan


-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas


pgpfVnzlJcPa6.pgp
Description: Digitale Signatur von OpenPGP
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Need help with GPG + Thunderbird + Enigmail on a RaspberryPi

2018-11-18 Thread Juergen Bruckner 
Hello Groups,

I do this as crossposting on gnupg and enigmail - lists.

Raspian: November 2018 (Kernel 4.4)
Thunderbird: 52.9.1 - 32bit
Enigmail 2.0.8 (20180804-1515)
all installed from the Raspbian-sources

At the moment I try to etablish a "Backup-Mail-Client" on a RaspberryPi
with Thunderbird, GnuPG and Enigmail.
So far so good - I brought all to run, except problems with the import
of GPG keys.
When I try to import a key I just exported a minute before from my
desktop pc there is only the public key imported. And YES I double
checked to export the secret key.
I did export and try to import via Enigmail.

Can anyone figure out where i make a mistake or where there is an error?

best regards
Juergen

-- 
Juergen M. Bruckner
juer...@bruckner.tk



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: enigmail with pgp 2.2.4

2018-03-05 Thread Dmitry Gudkov 
thank you for being patient with super noobs like me
hope you will find some time to build those packages
in the meantime I'll keep on learning GnuPG
by the way distro-packaged 2.1.11 in /usr/bin/gpg2 and freshly compiled
2.2.4 in /usr/local/bin/gpg live peacefully together on my ubuntu 16.04
machine to date
however I don't get to do much with it so far except for encrypt/decrypt
correspondence and files, edit/export/import keys to other machines,
backup, etc.

regards,
Dmitry

On 05/03/2018 14:53, Peter Lebbing wrote:
> On 25/02/18 15:45, Dmitry Gudkov wrote:> i thought you forgot about me)
> 
> It's all a matter of free time and willingness. If I have 5 minutes and
> see a question I can quickly answer, I might do that. But if an answer
> takes a lot of time, it will have to wait.
> 
>> I have a confession to make, too. Not only I'm not a developer, but I'm
>> a fresh convert from os to linux).
> 
> Ah, welcome :-). Using software that was not provided by or specifically
> for your distribution is an advanced topic, so it's not surprising you
> might feel uncertain what to do at times.
> 
>> Correct me if I'm wrong but the best conclusion I could make for your
>> letter is that unless I locally build a Debian package myself (the
>> epitome of thoroughness!), I can't be 100% sure everything works as it
>> should.
> 
> Well, building Debian packages is the best way to integrate into the
> Ubuntu ecosystem. But that doesn't mean it's the only good solution.
> Installing stuff into /usr/local is a time-honored Unix tradition. Many
> distributions will respect those traditions. I'm merely indicating that
> I'm not sure I'm giving 100% correct advice. But if I'm right, it should
> just work fine.
> 
>> I guess it must
>> be boring for you to dedicate more of your time on this, but I can't
>> help but asking to provide one for me in hope that there are some more
>> inexperienced GNU/Linux users on this mailing list who might be very
>> much interested in building the epitome of thoroughness themselves but
>> just too shy to ask for guidance)
> 
> It's not boring, it's time-consuming, that's the problem. I will not
> build packages for Ubuntu 16.04. As a matter of fact, I think interest
> in 16.04 will drop a bit in one and a half month :-). But if I can find
> the time for it, I might have a look at building those equivs-packages
> so you can use your local installation in /usr/local instead of the
> packaged version.
> 
> But I haven't found that time yet.
> 
> I did notice an old post on gnupg-devel that was replied to just now,
> where Phil Pennock says he's packaging GnuPG 2.2 for Ubuntu 16.04:
> 
> 
> But he's explicitly staying out of the way of the 2.1.11 offered by
> Ubuntu. That makes it more difficult to use for the end user. It seems
> wise when the system has 2.0 installed. But I think there's something to
> be said for going a bit further in the case of 16.04 and install a
> recent 2.2 for usage by the whole system. The system already has a 2.1+
> version, so anything that depends on gpg2 being 2.0 will already be
> broken; you can't break it any further anyway. And 2.1.11 has known bugs
> and deficiencies, and the fixes have not been backported by Ubuntu. It
> seems nothing but a win to replace it with 2.2.
> 
> Peter.
> 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: enigmail with pgp 2.2.4

2018-03-05 Thread Peter Lebbing 
On 25/02/18 15:45, Dmitry Gudkov wrote:> i thought you forgot about me)

It's all a matter of free time and willingness. If I have 5 minutes and
see a question I can quickly answer, I might do that. But if an answer
takes a lot of time, it will have to wait.

> I have a confession to make, too. Not only I'm not a developer, but I'm
> a fresh convert from os to linux).

Ah, welcome :-). Using software that was not provided by or specifically
for your distribution is an advanced topic, so it's not surprising you
might feel uncertain what to do at times.

> Correct me if I'm wrong but the best conclusion I could make for your
> letter is that unless I locally build a Debian package myself (the
> epitome of thoroughness!), I can't be 100% sure everything works as it
> should.

Well, building Debian packages is the best way to integrate into the
Ubuntu ecosystem. But that doesn't mean it's the only good solution.
Installing stuff into /usr/local is a time-honored Unix tradition. Many
distributions will respect those traditions. I'm merely indicating that
I'm not sure I'm giving 100% correct advice. But if I'm right, it should
just work fine.

> I guess it must
> be boring for you to dedicate more of your time on this, but I can't
> help but asking to provide one for me in hope that there are some more
> inexperienced GNU/Linux users on this mailing list who might be very
> much interested in building the epitome of thoroughness themselves but
> just too shy to ask for guidance)

It's not boring, it's time-consuming, that's the problem. I will not
build packages for Ubuntu 16.04. As a matter of fact, I think interest
in 16.04 will drop a bit in one and a half month :-). But if I can find
the time for it, I might have a look at building those equivs-packages
so you can use your local installation in /usr/local instead of the
packaged version.

But I haven't found that time yet.

I did notice an old post on gnupg-devel that was replied to just now,
where Phil Pennock says he's packaging GnuPG 2.2 for Ubuntu 16.04:
<https://lists.gnupg.org/pipermail/gnupg-devel/2017-October/033211.html>

But he's explicitly staying out of the way of the 2.1.11 offered by
Ubuntu. That makes it more difficult to use for the end user. It seems
wise when the system has 2.0 installed. But I think there's something to
be said for going a bit further in the case of 16.04 and install a
recent 2.2 for usage by the whole system. The system already has a 2.1+
version, so anything that depends on gpg2 being 2.0 will already be
broken; you can't break it any further anyway. And 2.1.11 has known bugs
and deficiencies, and the fixes have not been backported by Ubuntu. It
seems nothing but a win to replace it with 2.2.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: enigmail with pgp 2.2.4

2018-02-25 Thread Dmitry Gudkov 
/usr/local with
> your local compile, and do something like:
>
> You see:
> /usr/local/bin/gpg2
>
> You inquire:
> dpkg -S /usr/bin/gpg2
>
> And dpkg tells you it is part of package gnupg2, so you need to build an
> equivs for that. Etcetera.
>
> Install the "equivs" package. Read its manual, and create packages named
> "gnupg2" etcetera. Replace all real Ubuntu packages by these dummy
> equivs package.
>
> What did I just propose doing?
>
> I don't like the situation where there is a full real GnuPG in /usr and
> another one in /usr/local. The one in /usr might interfere with what you
> intend with the one in /usr/local. But you can't just deinstall the
> Ubuntu packages, because stuff depends on it. It would force
> deinstallation of all packages depending upon gnupg2, gpg-agent etcetera.
>
> With equivs, you can build an empty package. It doesn't install anything
> in /usr, so there will no longer be a /usr/bin/gpg2 at all. But any
> package that depends on "gnupg2" will see the empty equivs package named
> "gnupg2" and be happy that it is installed.
>
> I have done this myself with other packages, but never with GnuPG.
>
>> it worked just fine in terminal and after configuring Enigmail with the
>> new gpg location works there as well
> You could just see if it gives you any issues. I'm slightly worried
> about silent issues, though, where you think everything is working fine
> but it is failing in some subtle but nefarious way. I'm also slightly
> worried about the 2.1.11 Ubuntu 16.04 users have installed, which hasn't
> seen any maintenance since Ubuntu 16.04 was released two years ago.
>
>> do you think i still have a problem?
> It is your decision how thorough you wish to be. IMO, a true locally
> built Debian package is the epitome of thoroughness ;-).
>
> HTH,
>
> Peter.
>




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: enigmail with pgp 2.2.4

2018-02-25 Thread Peter Lebbing 
On 22/02/18 21:50, Dmitry Gudkov wrote:
> my bad, I should have started a new thread, well noted
> 
> on the other hand that's probably why I suddenly had all the big gnupg
> minds helping me)

Hehe, I think this is all just pure chance, it depends who has the time
to read and respond. I don't think it's related to threading. What does
make a difference, possibly a large one, by the way, is when the
question is accompanied by much useful contextual information. If I'm
reading a mail here and can already get a long way towards the solution
by all the information in a question, I'm more inclined to respond then
when my response would still be asking a lot of questions back. But this
is just some general musing on my part. And it is also unrelated to your
specific mail, it's a general observation.

And by the way, my knowledge of GnuPG is not exceptional, I'm not a
developer, just an enthousiast who has made it a hobby to try and help
people here on the list :-).

> seriously now ...

Yes, let's :-).

> it was a fresh ubuntu 16.04 install
> 
> it came with gnupg 1.4.20 and 2.1.11
> 
> i compiled gnupg 2.2.4

Ah! I see. I didn't know or had forgotten that Ubuntu 16.04 forked
Debian at a time when the gnupg2 package was a 2.1. AFAICT, looking at
.deb files, /usr/bin/gpg is GnuPG 1.4 from the gnupg package and
/usr/bin/gpg2 is 2.1 from the gnupg2 package in Ubuntu, which
corresponds to what you say.

Now let's list problems and solutions:

- Programs invoking "gpg" (or explicitly /usr/bin/gpg) expect it to be a
1.4 installation.

This should be fixed by having your locally installed GnuPG 2.2.5
provide a "gpg2" binary, not a "gpg" binary:

./configure --enable-gpg-is-gpg2

(include whatever other configure options you want, but also include
that one).

Since it requires recompilation, let's pick the latest and greatest
2.2.5 :-).

Since in Ubuntu 16.04, anything invoking "gpg2" or "/usr/bin/gpg2" is
either working with a 2.1 version or is not working as shipped by the
distribution, you won't create more breakage (anything working with 2.1
should work with 2.2).

- You have a GnuPG 2.1.11 in /usr/bin/gpg2 and a 2.2.4 in
/usr/local/bin/gpg2. A similar situation occurs with any locally
compiled libraries and stuff.

The best solution would be to create Debian packages yourself, based on
the Ubuntu packaging but utilising the latest GnuPG 2.2 instead of the
2.1.11 of Ubuntu that was last updated 2 years ago (on 8 April 2016, to
be precise) and contains known bugs.

That is some work, but doable. It requires looking at how Ubuntu
packaged it, and create something equal but using a vanilla 2.2.5
instead of a 2.1.11 with backported fixes. Well, with a 2.1.11 that had
backported fixes 2 years ago. I think it's unfortunate they stopped
backporting fixes once they released 16.04.

I'm not 100% sure about other good solutions. I think it's not a good
idea to have 2.1.11 in /usr and 2.2.5 in /usr/local. But if it works for
you, you could see if it keeps working for you. I'll come back to this.

Another solution is installing the stuff in /usr/local like you did, but
with some additional actions:

Make sure everything has /usr/local/bin in its PATH and ld.so is looking
for libraries in /usr/local/lib. On Debian, I think this is already in
place.

And then replace the gnupg2 package, the gpg-agent package and all the
others for which you just installed a /usr/local package by an equivs
package. Just have a look at each file you installed in /usr/local with
your local compile, and do something like:

You see:
/usr/local/bin/gpg2

You inquire:
dpkg -S /usr/bin/gpg2

And dpkg tells you it is part of package gnupg2, so you need to build an
equivs for that. Etcetera.

Install the "equivs" package. Read its manual, and create packages named
"gnupg2" etcetera. Replace all real Ubuntu packages by these dummy
equivs package.

What did I just propose doing?

I don't like the situation where there is a full real GnuPG in /usr and
another one in /usr/local. The one in /usr might interfere with what you
intend with the one in /usr/local. But you can't just deinstall the
Ubuntu packages, because stuff depends on it. It would force
deinstallation of all packages depending upon gnupg2, gpg-agent etcetera.

With equivs, you can build an empty package. It doesn't install anything
in /usr, so there will no longer be a /usr/bin/gpg2 at all. But any
package that depends on "gnupg2" will see the empty equivs package named
"gnupg2" and be happy that it is installed.

I have done this myself with other packages, but never with GnuPG.

> it worked just fine in terminal and after configuring Enigmail with the
> new gpg location works there as well

You could just see if it gives you any issues. I'm slightly worried
about silent issues, though, where you think everything is working fine
but it is failing in some subtle but

Re: enigmail with pgp 2.2.4

2018-02-22 Thread Dmitry Gudkov 
Hi Peter,

thank for your attention to this smallest problem of mine which I
wouldn't even hope to have your attention for to begin with)

my bad, I should have started a new thread, well noted

on the other hand that's probably why I suddenly had all the big gnupg
minds helping me)

what a rewarding side effect of unwittingly breaking the housekeeping rules)

seriously now ...

it was a fresh ubuntu 16.04 install

it came with gnupg 1.4.20 and 2.1.11

i compiled gnupg 2.2.4

it worked just fine in terminal and after configuring Enigmail with the
new gpg location works there as well

do you think i still have a problem?


thank you

Dmitry



On 22.02.2018 23:17, Peter Lebbing wrote:
> On 22/02/18 18:10, Dmitry Gudkov wrote:
>> problem solved by configuring Enigmail to use the new gnupg location in
>> /usr/local/bin/gpg (in the "Preferences" dialog, "Basic" tab, override
>> the default setting /usr/bin/gpg2)
> While my mind was idly mulling this over, I suddenly wondered if what
> you are doing is even supposed to work at all. I think perhaps you just
> haven't discovered the dire consequences of it yet.
>
> GnuPG 1.4 and 2.0 are co-installable, and will happily work installed on
> the same system.
>
> GnuPG 1.4 and 2.1+ are in the basis co-installable, but still can
> present you with issues like keyrings going out of sync or requiring
> careful crafting of configuration files, off the top of my head.
>
> But 2.0 and 2.1+ are definitely not co-installable. You can't have them
> both on the same system. Right now you put GnuPG 2.2 and its
> dependencies in /usr/local, but GnuPG 2.0 and its dependencies are still
> in /usr. Their dependencies might start to mingle.
>
> The only way in which this might work is if I misinterpreted "not
> co-installable", and 2.0 in /usr and 2.1+ in /usr/local is not actually
> an instance of "co-installation". But I don't think that's the case. It
> might also work by pure chance and break horribly on the next update.
>
> A solution, where GnuPG 2.1+ is statically linked against its
> dependencies, was discussed here:
> <https://lists.gnupg.org/pipermail/gnupg-users/2018-February/059969.html>
>
> Werner introduced the partial static linking in the just released 2.2.5.
>
>
> Oh, and by the way, a little housekeeping information... You started
> your thread on the mailing list by replying to a completely unrelated
> thread (wotmate: simple grapher for your keyring). Could you please
> start a new thread the next time? Just address a message to
> <gnupg-users@gnupg.org> instead of replying to an existing message.
> Those of us with a threading view of the mailing list now see it as
> somehow being a part of the "wotmate: simple grapher for your keyring"
> thread, but they bare no relation whatsoever.
>
> HTH,
>
> Peter.
>




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: enigmail with pgp 2.2.4

2018-02-22 Thread Peter Lebbing 
On 22/02/18 21:17, Peter Lebbing wrote:
> The only way in which this might work is if I misinterpreted "not
> co-installable", and 2.0 in /usr and 2.1+ in /usr/local is not actually
> an instance of "co-installation". But I don't think that's the case. It
> might also work by pure chance and break horribly on the next update.

I think I might be a bit dense, as this cropped up in the other thread
as well yet I again forgot to account for it.

See
<https://lists.gnupg.org/pipermail/gnupg-users/2018-February/059981.html>

Other programs on your system might pick up your /usr/local/bin/gpg and
start using it as if it were /usr/bin/gpg at version 1.4. This will
expose wrong assumptions in those programs, causing them to malfunction.
The thing about the partially statically linked version mentioned in

> <https://lists.gnupg.org/pipermail/gnupg-users/2018-February/059969.html>

is that it is in /opt, where your system will not use it unless very
explicitly configured to do so. In fact, I wouldn't even add it to your
own $PATH, because some other program you invoke might use it as well.

I notice that often when someone asks "I do this and it goes wrong, what
am I doing wrong", I will think "oh, this and that is what is going
wrong, do it like this" instead of "Wait, should you even be doing
that?" :-).

I don't think there is a fool-proof way to install GnuPG 2.1+ on a Linux
distribution that ships 1.4 and/or 2.0. It will always require being
cautious and knowing exactly what is using what. Luckily, if we as
end-users have a bit more patience, I think in the end all our
distributions will have done the hard work of fixing all of this for
you. I count myself lucky to be running Debian stable. For once, that
means I'm running a newer version than others! :-D

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: enigmail with pgp 2.2.4

2018-02-22 Thread Peter Lebbing 
On 22/02/18 18:10, Dmitry Gudkov wrote:
> problem solved by configuring Enigmail to use the new gnupg location in
> /usr/local/bin/gpg (in the "Preferences" dialog, "Basic" tab, override
> the default setting /usr/bin/gpg2)

While my mind was idly mulling this over, I suddenly wondered if what
you are doing is even supposed to work at all. I think perhaps you just
haven't discovered the dire consequences of it yet.

GnuPG 1.4 and 2.0 are co-installable, and will happily work installed on
the same system.

GnuPG 1.4 and 2.1+ are in the basis co-installable, but still can
present you with issues like keyrings going out of sync or requiring
careful crafting of configuration files, off the top of my head.

But 2.0 and 2.1+ are definitely not co-installable. You can't have them
both on the same system. Right now you put GnuPG 2.2 and its
dependencies in /usr/local, but GnuPG 2.0 and its dependencies are still
in /usr. Their dependencies might start to mingle.

The only way in which this might work is if I misinterpreted "not
co-installable", and 2.0 in /usr and 2.1+ in /usr/local is not actually
an instance of "co-installation". But I don't think that's the case. It
might also work by pure chance and break horribly on the next update.

A solution, where GnuPG 2.1+ is statically linked against its
dependencies, was discussed here:
<https://lists.gnupg.org/pipermail/gnupg-users/2018-February/059969.html>

Werner introduced the partial static linking in the just released 2.2.5.


Oh, and by the way, a little housekeeping information... You started
your thread on the mailing list by replying to a completely unrelated
thread (wotmate: simple grapher for your keyring). Could you please
start a new thread the next time? Just address a message to
<gnupg-users@gnupg.org> instead of replying to an existing message.
Those of us with a threading view of the mailing list now see it as
somehow being a part of the "wotmate: simple grapher for your keyring"
thread, but they bare no relation whatsoever.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: enigmail with pgp 2.2.4

2018-02-22 Thread Dmitry Gudkov 
dear all,

thank you for your time and help

problem solved by configuring Enigmail to use the new gnupg location in
/usr/local/bin/gpg (in the "Preferences" dialog, "Basic" tab, override
the default setting /usr/bin/gpg2)

 Dmitry

On 22.02.2018 19:14, Damien Goutte-Gattat wrote:
> Hi,
>
> On 02/22/2018 02:21 PM, Dmitry Gudkov wrote:
>> sudo make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local
>> [...]
>> *and all works fine in terminal*
>>
>> however after installing Enigmail I get this error
>
> You installed GnuPG 2.2.4 in /usr/local, but you still have an older
> version in /usr.
>
> Everything works fine in the terminal because your shell finds the
> newer /usr/local/bin/gpg, but Enigmail is still using /usr/bin/gpg2
> (as you can see in the error message, which includes the exact command
> used to invoke gpg).
>
> You must configure Enigmail to use /usr/local/bin/gpg (in the
> "Preferences" dialog, "Basic" tab, override the default setting).
>




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: enigmail with pgp 2.2.4

2018-02-22 Thread Damien Goutte-Gattat 

Hi,

On 02/22/2018 02:21 PM, Dmitry Gudkov wrote:

sudo make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local
[...]
*and all works fine in terminal*

however after installing Enigmail I get this error


You installed GnuPG 2.2.4 in /usr/local, but you still have an older 
version in /usr.


Everything works fine in the terminal because your shell finds the newer 
/usr/local/bin/gpg, but Enigmail is still using /usr/bin/gpg2 (as you 
can see in the error message, which includes the exact command used to 
invoke gpg).


You must configure Enigmail to use /usr/local/bin/gpg (in the 
"Preferences" dialog, "Basic" tab, override the default setting).




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: enigmail with pgp 2.2.4

2018-02-22 Thread Peter Lebbing 
On 22/02/18 15:21, Dmitry Gudkov wrote:
> sudo make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local

That would mean that GnuPG is in /usr/local/bin/gpg

Yet:

On 22/02/18 11:04, Dmitry Gudkov wrote:
> Error - key extraction command failed
> /usr/bin/gpg2 --charset utf-8 --display-charset utf-8 --use-agent --batch
> --no-tty --status-fd 2 -a --export 0xFB417E72

So probably /usr/bin/gpg2 is the distribution-provided older version, hence your
issues.

You should probably configure all your GnuPG-using software to use
/usr/local/bin/gpg. Also, it might make sense to explicitly configure all those
tools to use a non-default GNUPGHOME. That way, should one of your tools
accidentally pick /usr/bin/gpg2, it will hopefully also pick the default
homedir, and not interfere with all your correctly-configured tools. This is
just an idea that occured to me and is completely untested. Then again, mixing
these versions with identical homedirs is tested and has failed the test, so I'm
hoping for a net improvement ;-).

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: enigmail with pgp 2.2.4

2018-02-22 Thread Dmitry Gudkov 
Hi Werner,

yes, i am.

*I just manually compiled it on the fresh install of ubuntu 16.04 per
the below script:*

cd ~/Downloads
version=gnupg-2.2.4
wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2
wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2.sig
tar xf $version.tar.bz2
cd $version
sudo apt-get update
sudo apt-get install -y libldap2-dev
sudo apt-get install -y gtk+-2
sudo apt-get install -y rng-tools
sudo apt-get install -y libbz2-dev
sudo apt-get install -y zlib1g-dev
sudo apt-get install -y libgmp-dev
sudo apt-get install -y nettle-dev
sudo apt-get install -y libgnutls28-dev
sudo apt-get install -y libsqlite3-dev
sudo apt-get install -y adns-tools
sudo apt-get install -y libreadline-dev
sudo apt-get install -y qtbase5-dev
sudo apt-get install -y pinentry-gtk2
sudo apt-get install -y pcscd scdaemon
sudo make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local
speedo_pkg_gnupg_configure='--enable-g13 --enable-wks-tools' native
sudo ldconfig

# use nano to create a configuration file: nano ~/.gnupg/gpg-agent.conf
# add the line: pinentry-program /usr/bin/pinentry-gtk-2
# chmod 600 ~/.gnupg/gpg-agent.conf

*the result is the following:*

bereska@bereska-VPCZ21AGX:~/.gnupg$ gpg --version
gpg (GnuPG) 2.2.4
libgcrypt 1.8.2
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/bereska/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

*then I imported my existing keys for the other machine*

*and all works fine in terminal*

however after installing Enigmail I get this error when I try to attach
my public key to the message

thank you for your time to this matter

Dmitry




On 22.02.2018 16:19, Werner Koch wrote:
> Hi!
>
> On Thu, 22 Feb 2018 11:04, bere...@hotmail.com said:
>
>> gpg: skipped packet of type 12 in keybox
> Are you sure this if gpg 2.2.4 ?  The error looks more like this is a
> gpg version < 2.1.20.
>
> Type 12 are ring trust packets which are used internally by gpg.  The
> code which shows this error is 
>
>   /* Filter allowed packets.  */
>   switch (pkt->pkttype)
> {
> case PKT_PUBLIC_KEY:
> case PKT_PUBLIC_SUBKEY:
> case PKT_SECRET_KEY:
> case PKT_SECRET_SUBKEY:
> case PKT_USER_ID:
> case PKT_ATTRIBUTE:
> case PKT_SIGNATURE:
> ===>case PKT_RING_TRUST:
>   break; /* Allowed per RFC.  */
>
> default:
>   /* Note that can't allow ring trust packets here and some of
>  the other GPG specific packets don't make sense either.  */
>   log_error ("skipped packet of type %d in keybox\n",
>  (int)pkt->pkttype);
>   free_packet(pkt, );
>   init_packet(pkt);
>   continue;
> }
>
> Thus a ring trust packet can't show this error.  Note that the comment
> in the default case is misleading.
>
>
> Shalom-Salam,
>
>Werner
>



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: enigmail with pgp 2.2.4

2018-02-22 Thread Werner Koch 
Hi!

On Thu, 22 Feb 2018 11:04, bere...@hotmail.com said:

> gpg: skipped packet of type 12 in keybox

Are you sure this if gpg 2.2.4 ?  The error looks more like this is a
gpg version < 2.1.20.

Type 12 are ring trust packets which are used internally by gpg.  The
code which shows this error is 

  /* Filter allowed packets.  */
  switch (pkt->pkttype)
{
case PKT_PUBLIC_KEY:
case PKT_PUBLIC_SUBKEY:
case PKT_SECRET_KEY:
case PKT_SECRET_SUBKEY:
case PKT_USER_ID:
case PKT_ATTRIBUTE:
case PKT_SIGNATURE:
===>case PKT_RING_TRUST:
  break; /* Allowed per RFC.  */

default:
  /* Note that can't allow ring trust packets here and some of
 the other GPG specific packets don't make sense either.  */
  log_error ("skipped packet of type %d in keybox\n",
 (int)pkt->pkttype);
  free_packet(pkt, );
  init_packet(pkt);
  continue;
}

Thus a ring trust packet can't show this error.  Note that the comment
in the default case is misleading.


Shalom-Salam,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpqL4ETYbFSz.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

enigmail with pgp 2.2.4

2018-02-22 Thread Dmitry Gudkov 
dear all,

when trying to use enigmail with latest gpg 2.2.4 I get the following error:

Error - key extraction command failed
/usr/bin/gpg2 --charset utf-8 --display-charset utf-8 --use-agent
--batch --no-tty --status-fd 2 -a --export 0xFB417E72
gpg: skipped packet of type 12 in keybox
gpg: skipped packet of type 12 in keybox
gpg: skipped packet of type 12 in keybox
gpg: skipped packet of type 12 in keybox

any help is appreciated

thank you


On 22.02.2018 07:33, Fraser Tweedale wrote:
> u wot m8
>
> https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fknowyourmeme.com%2Fmemes%2Fu-wot-m8=02%7C01%7C%7C6e6006dedf1d43931dcb08d579babd99%7C84df9e7fe9f640afb435%7C1%7C0%7C636548765303114275=%2FHaCzuQYPCD3rYFtY4Yf7%2FQYf9zVDwMnvecHLMQjS20%3D=0
>
> Nice tool; thanks for sharing!
>
> Cheers,
> Fraser
>
> On Wed, Feb 21, 2018 at 09:59:01AM -0500, Konstantin Ryabitsev wrote:
>> Hi, all:
>>
>> I've been maintaining the kernel.org web of trust for the past 5+ years,
>> and I wrote a number of tools to help me visualize trust paths between
>> fully trusted keys and those belonging to newer developers.
>>
>> I finally got a chance to clean up the code, and I hope it's useful to
>> others:
>>
>> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmricon%2Fwotmate=02%7C01%7C%7C6e6006dedf1d43931dcb08d579babd99%7C84df9e7fe9f640afb435%7C1%7C0%7C636548765303114275=tWao8vfy5bJfoB40KWD3js4pJnprbIANN4mtimfuEz4%3D=0
>>
>> If you think this is very similar to the PGP Pathfinder tool on
>> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpgp.cs.uu.nl=02%7C01%7C%7C6e6006dedf1d43931dcb08d579babd99%7C84df9e7fe9f640afb435%7C1%7C0%7C636548765303114275=S1AnXI5SbhU9HJOr2g4bgfSM8XY%2BazoDX2DkY7gnCRo%3D=0,
>>  then you are right, but there is an important
>> distinction. Wotmate does not require that a key is in the "strong set"
>> before you can track paths to it, and you also don't have to wait for
>> days before new signatures are reflected in the wotsap file.
>>
>> Example usage (assuming you have Linus Torvalds' key in your keyring):
>>
>> ./make-sqlitedb.py
>> ./graph-paths.py torvalds
>> eog graph.png
>>
>> Best,
>> -- 
>> Konstantin Ryabitsev
>> Director, IT Infrastructure Security
>> The Linux Foundation
>>
>
>
>
>> ___
>> Gnupg-users mailing list
>> Gnupg-users@gnupg.org
>> https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.gnupg.org%2Fmailman%2Flistinfo%2Fgnupg-users=02%7C01%7C%7C6e6006dedf1d43931dcb08d579babd99%7C84df9e7fe9f640afb435%7C1%7C0%7C636548765303114275=DrCK2mXWv4ME77UQava0%2BKM%2BEPVKm1KUUMx1WmwFtwI%3D=0
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.gnupg.org%2Fmailman%2Flistinfo%2Fgnupg-users=02%7C01%7C%7C6e6006dedf1d43931dcb08d579babd99%7C84df9e7fe9f640afb435%7C1%7C0%7C636548765303114275=DrCK2mXWv4ME77UQava0%2BKM%2BEPVKm1KUUMx1WmwFtwI%3D=0



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

devuan jessie gpg 2.2.x thunderbird/apparmor/enigmail rules

2017-10-31 Thread Fulano Diego Perez 

any suggestions to complete apparmor rules to enable all functionality
for a /usr/local gpg install with thunderbird/gpg/enigmail ?

currently appended rules below to the default thunderbird profile allow
mostly all functionality except i cannot enable the commented out rules
otherwise enigmail does not detect gnupg and fails to start

as soon i comment out, enigmail fails...

i think my previous email with problems with dirmngr could be related
and if those are debugged, could help here

below allows most thunderbird/enigmail functionality except importing
keyserver keys

/etc/apparmor.d/local/usr.bin.thunderbird:

/usr/local/bin/gpg   Cx -> gpg,
/usr/local/bin/gpg-error Cx -> gpg,
#/usr/local/bin/dirmngr   Cx -> gpg,
/usr/local/bin/gpg-agent Cx -> gpg,
/usr/local/bin/gpgconf   Cx -> gpg,
/usr/local/bin/gpg-connect-agent Cx -> gpg,

#/proc/**/fd/ r,
owner @{HOME}/.gnupg/tofu.db rwk,
#owner @{HOME}/.gnupg/tofu.db-journal rwk,
/usr/local/bin/gpg mr,
/usr/local/bin/gpg-error mr,
#/usr/local/bin/dirmngr mr,
/usr/local/bin/gpg-agent mr,
/usr/local/bin/gpgconf mr,
/usr/local/bin/gpg-connect-agent mr,
/usr/lib/gnupg/gpgkeys_* ix,

/usr/local/lib/** mr,

this profile still logs below possible problems:

[51155.130813] audit: type=1400 audit(1509507779.968:128572837):
apparmor="DENIED" operation="mknod" profile="thunderbird//gpg"
name="/home/user/.gnupg/tofu.db-journal" pid=20072 comm="gpg"
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
[51155.139191] audit: type=1400 audit(1509507779.976:128572838):
apparmor="DENIED" operation="mknod" profile="thunderbird//gpg"
name="/home/user/.gnupg/tofu.db-journal" pid=20072 comm="gpg"
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
[51161.198110] audit: type=1400 audit(1509507786.040:128572839):
apparmor="DENIED" operation="open" profile="thunderbird//gpg"
name="/proc/20077/fd/" pid=20077 comm="gpg" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
[51161.198390] audit: type=1400 audit(1509507786.040:128572840):
apparmor="DENIED" operation="exec" profile="thunderbird//gpg"
name="/usr/local/bin/dirmngr" pid=20077 comm="gpg" requested_mask="x"
denied_mask="x" fsuid=1000 ouid=0
[51177.540706] audit: type=1400 audit(1509507802.392:128572841):
apparmor="DENIED" operation="open" profile="thunderbird//gpg"
name="/proc/20080/fd/" pid=20080 comm="gpg" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
[51177.541002] audit: type=1400 audit(1509507802.392:128572842):
apparmor="DENIED" operation="exec" profile="thunderbird//gpg"
name="/usr/local/bin/dirmngr" pid=20080 comm="gpg" requested_mask="x"
denied_mask="x" fsuid=1000 ouid=0






___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-26 Thread Andreas Heinlein 
Am 26.07.2017 um 14:05 schrieb dekkz...@gmail.com:
> On 07/26, Andreas Heinlein wrote:
>> Am 26.07.2017 um 11:27 schrieb MFPA:
>>> Do "most normal users" make use of an OpenPGP smartcard? Those that do
>>> might be able to use the same keypair on their mobile phone by means
>>> of an NFC-enabled smartcard.
>> Surely not. I guess most "normal users" don't even know that such a
>> thing exists.
>>
>> Besides that, AFAIK the NFC-functionality on several SmartCards is not
>> for use with OpenPGP, it's just there for additional purposes with other
>> applications.
>>
>> Bye,
>> Andreas
>>
>
> When you say not for use with OpenPGP, do you mean most "smartcards"
> marked as SLE4442 compatible won't work with GnuPG?

Actually the one OpenPGP smartcard I know of is sold by FLOSS-Shop
(ex-kernel-concepts):
https://www.floss-shop.de/de/security-privacy/smartcards/4/openpgp-smart-card-v2.1-mifare-desfire?c=41

This one has an NFC chip but which is not for use with OpenPGP.

There may be other smartcards out there which can also be used with
GnuPG but they're usually not called "OpenPGP card".

Andreas




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-26 Thread dekkzz78 

On 07/26, Andreas Heinlein wrote:

Am 26.07.2017 um 11:27 schrieb MFPA:

Do "most normal users" make use of an OpenPGP smartcard? Those that do
might be able to use the same keypair on their mobile phone by means
of an NFC-enabled smartcard.

Surely not. I guess most "normal users" don't even know that such a
thing exists.

Besides that, AFAIK the NFC-functionality on several SmartCards is not
for use with OpenPGP, it's just there for additional purposes with other
applications.

Bye,
Andreas



When you say not for use with OpenPGP, do you mean most "smartcards" marked as SLE4442 compatible won't work with 
GnuPG?


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-26 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Wednesday 26 July 2017 at 12:27:20 PM, in
, Andreas Heinlein
wrote:-



> Besides that, AFAIK the NFC-functionality on several
> SmartCards is not
> for use with OpenPGP, it's just there for additional
> purposes with other
> applications.

At least on some, NFC works with OpenPGP. For example, see
.


- --
Best regards

MFPA  

No matter what a man's past may have been, his future is spotless.
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWXiKAl8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5HqlAQCmFewc0eqa/TU4CxS9vmYtu+YM4xog3tRdWRJ5HjuyegD/XIl17phzyFt+
hPIQRw4Golp3ysr6EnDFamMudTVlTAKJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWXiKEF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8LeDCACAd6ycOQY0aLE0ip+2WWNAnScX
5/0jE439gGT2QghAEunYrpQnTnV66f1Nej7jokGU1+1YR2cxAckcBThmBOuZL4/s
pLI1VqY3ky8TKKvoQf3JcyoMZ9RV63B6Ws0yLu7ER6U0thHwuMsPbTPhl2f7NQx3
quArOYYzCAgWR6aVGyyPGje0OcrBY4PyGSNn2dYAPWsVBRnwhySS7Tz2sqXyPA90
16mfCm3KmRh65bOwhP0VyUDaWXG0kOeZYy55oWiRgFQxkOL1UTOmtKGQstShrl8W
TWlupHWJi5LFisHC5Rt8h8tvG+H8USn64smk/7nxOIQnwzAZXaHWj30hr7PB
=dnYV
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-26 Thread Andreas Heinlein 
Am 26.07.2017 um 11:27 schrieb MFPA:
> Do "most normal users" make use of an OpenPGP smartcard? Those that do
> might be able to use the same keypair on their mobile phone by means
> of an NFC-enabled smartcard.
Surely not. I guess most "normal users" don't even know that such a
thing exists.

Besides that, AFAIK the NFC-functionality on several SmartCards is not
for use with OpenPGP, it's just there for additional purposes with other
applications.

Bye,
Andreas



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-26 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Tuesday 25 July 2017 at 9:49:15 PM, in
, Andreas Heinlein
wrote:-


> I still would not recommend that to non-technical
> people. While the
> users on this list probably know what a 'decent'
> passphrase is, most
> normal users don't. They tend to choose passwords
> which are too short,
> contain dictionary words - or they are written down
> right under the
> keyboard... Having a second line of defense, i.e.
> keeping the private
> key secure, is usually a good idea. That's the whole
> point of the
> OpenPGP smartcard, after all.

Do "most normal users" make use of an OpenPGP smartcard? Those that do
might be able to use the same keypair on their mobile phone by means
of an NFC-enabled smartcard.

- --
Best regards

MFPA  

Ultimate consistency lies in being consistently inconsistent
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWXhgfl8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5AsfAP9hhucd8ifzPhIsSZiFSHJmsuOw1CBYE6bAcKFXSi8kIQD+IH+kDNLW6WTU
9TLUlqINxgJe+UE0/XaAxaD/t6Xc7A2JAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWXhgj18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8NLQB/9Z66y179mYiHkgNXX2oW6cdFgo
VoaPcImpg+nKzMITS6XXynRxUoc2mWBD3SI1bV5EyEuDk47qd+PmKyGXf6dPUoog
IF9psxhLmPyVIELKZduZn0rAdE7a3kvup4OJJdTPmLdh5iNbdWwoufaCvU3gxipF
730imQUUgAaVYTXxLvB4DFzUcHXmML8ci9VJdbaRxEyRwmzBNTyiL02gMtlvmuch
pxdkJal7qCnUf1RYwHlUHNxNlIek/9pDgxs1PP/HzwrpvAFoxMUMZJPA95Ld6f6Z
ekKmsYxOJBwLKKCO+OQnPk7nrtxPO9e9sqIbMEHURE8FfXTNDvEeotoocvOt
=Az0j
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-25 Thread mark M 
But these are all paid apps are there any open source or free apps to do PGP on 
iOS


From: Gnupg-users <gnupg-users-boun...@gnupg.org> on behalf of Lukas Pitschl | 
GPGTools <luk...@gpgtools.org>
Sent: Tuesday, July 25, 2017 12:42:47 PM
To: E.Keen
Cc: gnupg-users@gnupg.org
Subject: Re: How to use a the same generated keypair on enigmail/thunderbird 
and iOS Mail

Since its release, Canary Mail is probably your best option, since it support 
OpenPGP out-of-the-box.
If you rather prefer to keep using iOS Mail, you’ll have to resort to the much 
less than user friendly options oPenGP and iPGMail (as others have mentioned). 
They work, but the user experience is really not pleasant if you receive a lot 
of encrypted messages. Also I don’t think they support verification of PGP/MIME 
messages (due to restrictions imposed by iOS).

Best,

Lukas
GPGTools

> Am 14.07.2017 um 20:48 schrieb E.Keen <contact@ekeen.press>:
>
>
>
> Dear community,
>
> I am very passionate about cyber security and working against mass
> surveillance. I therefore try to stay informed about security
> measurements and encryption.
>
> Nevertheless, I do have a problem which I cannot solve by myself.
>
> I generated a keypair using enigmail on thunderbird for this email address.
> Now, I'd like to use the same address with the same encryption keys on
> an iOS device.
> However, I don't know how to transfer the private key securely without
> anyone else being able to obtain it.
> Someone informed me that there might be a possibility to type in the
> private key manually.
>
> I 'd appreciate any help or further information you might give me.
>
> Thank you very much.
>
> Kind Regards,
>
> E.Keen
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-25 Thread Lukas Pitschl | GPGTools 
Since its release, Canary Mail is probably your best option, since it support 
OpenPGP out-of-the-box.
If you rather prefer to keep using iOS Mail, you’ll have to resort to the much 
less than user friendly options oPenGP and iPGMail (as others have mentioned). 
They work, but the user experience is really not pleasant if you receive a lot 
of encrypted messages. Also I don’t think they support verification of PGP/MIME 
messages (due to restrictions imposed by iOS). 

Best,

Lukas
GPGTools

> Am 14.07.2017 um 20:48 schrieb E.Keen <contact@ekeen.press>:
> 
> 
> 
> Dear community,
> 
> I am very passionate about cyber security and working against mass
> surveillance. I therefore try to stay informed about security
> measurements and encryption.
> 
> Nevertheless, I do have a problem which I cannot solve by myself.
> 
> I generated a keypair using enigmail on thunderbird for this email address.
> Now, I'd like to use the same address with the same encryption keys on
> an iOS device.
> However, I don't know how to transfer the private key securely without
> anyone else being able to obtain it.
> Someone informed me that there might be a possibility to type in the
> private key manually.
> 
> I 'd appreciate any help or further information you might give me.
> 
> Thank you very much.
> 
> Kind Regards,
> 
> E.Keen
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-25 Thread Andreas Heinlein 
Am 25.07.2017 um 20:34 schrieb Robert J. Hansen:
>> I would think you could transfer the private key file to the moblle
>> device by bluetooth, or by using a USB cable, or by email. So long as
>> the private key is protected by a decent passphrase, anybody else
>> getting a copy of the file should be of no consequence.
> This is correct.
>
> I've often volunteered to publish my private key in the _New York
> Times_, if someone will just pay for the listing.  With a strong
> passphrase, private keys are pretty darn safe against casual snooping.

I still would not recommend that to non-technical people. While the
users on this list probably know what a 'decent' passphrase is, most
normal users don't. They tend to choose passwords which are too short,
contain dictionary words - or they are written down right under the
keyboard... Having a second line of defense, i.e. keeping the private
key secure, is usually a good idea. That's the whole point of the
OpenPGP smartcard, after all.

Andreas



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-25 Thread Robert J. Hansen 
> I would think you could transfer the private key file to the moblle
> device by bluetooth, or by using a USB cable, or by email. So long as
> the private key is protected by a decent passphrase, anybody else
> getting a copy of the file should be of no consequence.

This is correct.

I've often volunteered to publish my private key in the _New York
Times_, if someone will just pay for the listing.  With a strong
passphrase, private keys are pretty darn safe against casual snooping.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-25 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Friday 14 July 2017 at 7:48:59 PM, in
, E.Keen wrote:-


> However, I don't know how to transfer the private key
> securely without
> anyone else being able to obtain it.

I would think you could transfer the private key file to the moblle
device by bluetooth, or by using a USB cable, or by email. So long as
the private key is protected by a decent passphrase, anybody else
getting a copy of the file should be of no consequence.

- --
Best regards

MFPA  

Amateurs built the ark. Professionals built the Titanic.
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWXeK2V8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5BPrAQCGoFfJn5IQnG5aaj0EFLPTNDF8jF4ADdVhbl5A7hIijAEA48UASqwS2rDC
MlYkdmU0O0nRASVVsTdkHFmTVDObqQiJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWXeK2V8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8PbJCACypL9BLEGvqxMEqv1FxxnM0JWU
xbZ4iDrn9Rt88siRvgq3QwNwdeAEYdFHMEHa4uaXdg0RrhVVKZMbUx3y938kNwfZ
ZbFwUsYHKYF60cnhxZ/m5qQzMRsUMIzRvc2CDeWd2OtXIs2lbNh01SZk6bu0zoXO
oSTdJ0LN1Thy2fCjyBrP/nrC73F7z68JG757jjmu4EFsf3d4xeoJjNpiWk1ei6QQ
nir2wp7TeCUeJKxPKCk6CyPNpqznZ+pB2da71uZzh/q2gE0jSsBmEfDaE2AnegeA
39osnm4fYjefT4aXqiefKhfIp9Y0Vhm6eFyvhfgp8IAUei0npeyWw7FibtLE
=dfyc
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-17 Thread Andrew Gallagher 
On 2017/07/16 18:24, Jürgen Polster wrote:
> The IOS apps for working with openpg encryption are iPGMail and
> oPenGP. Both interact with mail by cut and paste of content

In the case of iPGMail, it can also use the "mail attachment" OS hook to
automatically populate a draft email. You still need to press "send" a
second time, but you don't have to mess around with clipboards.

The disadvantage is that sending encrypted messages as attachments is
not standards compliant, and enigmail for one has great trouble dealing
with them at the other end. Unfortunately there's no way for an iOS app
to implement PGP/MIME properly, given Apple's strict restrictions on
email apps.

A



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-16 Thread Jürgen Polster 
As said by Fabian, IOS natively only supports S/ MIME keys. This works rather 
seamlessly. You nearly do not notice it. However to exchange or DELETE outdated 
S/MIME certificates of others is a real pain and made me stop working with it.

The IOS apps for working with openpg encryption are iPGMail and oPenGP. Both 
interact with mail by cut and paste of content and you can transfer your 
private keys and public keys by help of the iTunes App and a cable from your 
windows or Mac PC. It works but due to the cut and paste workflow use is rather 
inconvenient.

Kind regards
Juergen Polster

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-16 Thread Fabian A. Santiago 
July 16, 2017 11:41 AM, "E.Keen" <contact@ekeen.press> wrote:

> Dear community,
> 
> I am very passionate about cyber security and working against mass
> surveillance. I therefore try to stay informed about security
> measurements and encryption.
> 
> Nevertheless, I do have a problem which I cannot solve by myself.
> 
> I generated a keypair using enigmail on thunderbird for this email address.
> Now, I'd like to use the same address with the same encryption keys on
> an iOS device.
> However, I don't know how to transfer the private key securely without
> anyone else being able to obtain it.
> Someone informed me that there might be a possibility to type in the
> private key manually.
> 
> I 'd appreciate any help or further information you might give me.
> 
> Thank you very much.
> 
> Kind Regards,
> 
> E.Keen
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

people out there correct me if I'm wrong,

iOS natively won't make use of gpg keys, only s/mime. so you'd be relying on a 
3rd party app to handle encrypted email using the former. unless you also have 
an s/mime key pair to use, then iOS' mail app will use it. 

said 3rd party app may allow you to transfer the key(s) to your device by way 
of itunes. i forget the exact place (something to do with app syncing i think) 
but there would be a place you can copy the files you wish to have sync'd to 
your mobile device. then the app would pick it up from there. 

i've used one such app before in the distant past but forget its name and don't 
currently have an ios device on me to look around but you can probably find 
something in the app store. 

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

2017-07-16 Thread E.Keen 


Dear community,

I am very passionate about cyber security and working against mass
surveillance. I therefore try to stay informed about security
measurements and encryption.

Nevertheless, I do have a problem which I cannot solve by myself.

I generated a keypair using enigmail on thunderbird for this email address.
Now, I'd like to use the same address with the same encryption keys on
an iOS device.
However, I don't know how to transfer the private key securely without
anyone else being able to obtain it.
Someone informed me that there might be a possibility to type in the
private key manually.

I 'd appreciate any help or further information you might give me.

Thank you very much.

Kind Regards,

E.Keen


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a generated keypair on enigmail/thunderbird and iOS Mail?

2017-07-14 Thread Fabian A. Santiago 
On July 14, 2017 6:52:56 AM CDT, "E.Keen"  wrote:
>

Don't encrypt your message to the mailing list. 
-- 
Thanks.
Fabian S.

OpenPGP:

3c3fa072accb7ac5db0f723455502b0eeb9070fc

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

How to use a generated keypair on enigmail/thunderbird and iOS Mail?

2017-07-14 Thread E.Keen 


binPfBxCmaV17.bin
Description: PGP/MIME version identification


encrypted.asc
Description: OpenPGP encrypted message
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Enigmail signature status indications (was: TOFU)

2017-06-25 Thread Peter Lebbing 
On 25/06/17 13:11, MFPA wrote:
> But "good signature" _does_ mean when the signature was verified the
> message had not been altered since it was signed.

However, I don't think that this information is in any way relevant to a
user if the key that signed it was not valid. I'm afraid the current
formulation doesn't do enough to discourage people to attach value to a
signature by an invalid key. The word "good" is weakening the message of
the word "UNTRUSTED", IMO.

The gpg command line also uses the word "good". But it is much more
verbose about it being made by an invalid key:

> gpg: Good signature from "First Name Last Name " [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:  There is no indication that the signature belongs to the owner.

I am aware that changing the formulation doesn't make people use it
correctly; using it correctly is hard. But I think it would be much
better if it just said "UNTRUSTED signature". And if the signature is
not "good", it'll simply say "Error - signature verification failed".

> Or maybe that the original message data has been replaced with new
> message data that hashes to the same value.

Well, let's assume that this is not possible. When weak hashes are
disabled, this should not be possible. If we start to include this kind
of things in our assumptions, we should also add "or that somebody
managed to compute the private key for the key that signed this message".

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Question for app developers, like Enigmail etc. - Identicons

2017-06-13 Thread Stefan Claas 
On 13.06.17 14:16, Peter Lebbing wrote:
> On 13/06/17 09:43, Stefan Claas wrote:
>> Another thing i will do in the future, which i haven't read in popular
>> tutorials,
>> is that once checking the hash/sig of the provided package i will also hash
>> the binaries after unpacking and print them out on a piece of paper, so
>> that i
>> can frequently check the values.
> I use Open Source Tripwire for that. Its specification language is quite
> lacking in my opinion, but it's not so bad that I start looking around
> for a different solution. I've been using it for ages, and haven't
> noticed any significant development on it since I started using it. As
> far as I remember.
>
> Note that someone in a position to replace your binaries is also in a
> position to replace the sha256sum binary or whatever other binary you
> are using to generate the hashes, so your hashes can just lie to you. As
> can Tripwire.

During my lunch break i thought of that too. I think as a good start
i will next time (which popular tutorials also do not mention) install
the next version available on an USB stick, symlink to them and put
the USB stick in a safe place. Should an email arrive i will then insert
the USB stick to decrypt/verify the message.

Regarding hashes, maybe it's possible for the authors who are
providing packages that they not only include the hash or sig,
of the package but the hashes of the unpacked binaries too,
on their download page. Should one hash discrepancy show
up on my computer i could try another one and see if the hash
matches then.
>
> And so I come to my other comment, in reply to:
>
>>  So what i have learned from this whole
>> thread, also about my proposal for identicons, i should buy me
>> an offline computer, send Thunderbird/Enigmail to /dev/null
>> and transfer signed/encrypted messages from my online usage
>> computer with a USB stick to my offline computer and verify
>> decrypt the messages there. :-)
> Security is not an absolute. Quite the opposite: security is rather
> simple economics. How much are you willing to spend on your protection,
> and how much is an attacker willing to spend to compromise you? It's
> that simple. There are some unpleasant little factors such as that you
> need to do it right all the time, yet the attacker only needs to do it
> right once. But in the end, it all boils down to: who is willing to go
> that step further? As long as your secrets aren't very valuable, an
> attacker will not want to spend a lot on obtaining those secrets; they'd
> rather point their attention and money elsewhere.
>
> So Tripwire is something that raises the cost of the attack; it's
> defence in depth, not an absolute defence. And as the name suggests, if
> the attacker doesn't notice Tripwire, they might well set off an alarm.
> But if they notice it .
>
>
For me i see this way, for big Organizations i would not have a single
chance, but i assume that i am no target for them, because i am of no
interest to them.

On the other side, where money is involved etc. and people are good
in keeping their computers clean, and they rely on popular tutorials,
the "green bar problem" would still be there, imho.

Regards
Stefan





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Question for app developers, like Enigmail etc. - Identicons

2017-06-13 Thread Peter Lebbing 
On 13/06/17 09:43, Stefan Claas wrote:
> Another thing i will do in the future, which i haven't read in popular
> tutorials,
> is that once checking the hash/sig of the provided package i will also hash
> the binaries after unpacking and print them out on a piece of paper, so
> that i
> can frequently check the values.

I use Open Source Tripwire for that. Its specification language is quite
lacking in my opinion, but it's not so bad that I start looking around
for a different solution. I've been using it for ages, and haven't
noticed any significant development on it since I started using it. As
far as I remember.

Note that someone in a position to replace your binaries is also in a
position to replace the sha256sum binary or whatever other binary you
are using to generate the hashes, so your hashes can just lie to you. As
can Tripwire.

And so I come to my other comment, in reply to:

>  So what i have learned from this whole
> thread, also about my proposal for identicons, i should buy me
> an offline computer, send Thunderbird/Enigmail to /dev/null
> and transfer signed/encrypted messages from my online usage
> computer with a USB stick to my offline computer and verify
> decrypt the messages there. :-)

Security is not an absolute. Quite the opposite: security is rather
simple economics. How much are you willing to spend on your protection,
and how much is an attacker willing to spend to compromise you? It's
that simple. There are some unpleasant little factors such as that you
need to do it right all the time, yet the attacker only needs to do it
right once. But in the end, it all boils down to: who is willing to go
that step further? As long as your secrets aren't very valuable, an
attacker will not want to spend a lot on obtaining those secrets; they'd
rather point their attention and money elsewhere.

So Tripwire is something that raises the cost of the attack; it's
defence in depth, not an absolute defence. And as the name suggests, if
the attacker doesn't notice Tripwire, they might well set off an alarm.
But if they notice it .

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

2017-06-13 Thread Stefan Claas 

Am 12.06.2017 um 23:50 schrieb Duane Whitty:

Thanks for your input much appreciated!


I would also add one word about USB sticks:  It is very difficult to
know if they've been compromised and there are no tell-tale signs when
an attack is taking place.  I never put a USB in my computer that has
been used on a computer I don't own.
Best Regards,
Duane



Thanks for pointing this out!

I come to the conclusion after reading all the replies from this thread
that i will return to pure GnuPG usage, instead of using an email / Usenet
client with add-ons. I already found a script for PGP/MIME so that i can
decrypt/verify a message send to me when using GnuPG in command-line
mode.

Another thing i will do in the future, which i haven't read in popular 
tutorials,

is that once checking the hash/sig of the provided package i will also hash
the binaries after unpacking and print them out on a piece of paper, so 
that i

can frequently check the values.

Regards
Stefan







___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

2017-06-12 Thread Duane Whitty 


On 17-06-12 05:45 PM, Stefan Claas wrote:
> On 12.06.17 22:35, Robert J. Hansen wrote:
>>> Is there something like a Standard Operating Procedure for GnuPG
>>> available, which fulfills security experts demands, and which can
>>> easily be adapted by an average GnuPG user, regardless of platform 
>>> and client he/she uses?
>> No.  More to the point, there can't be.  Each user faces threats
>> specific to that user; each user is responsible for their own threat
>> modeling.
>>
>> But follow the steps I outlined before and you'll significantly improve
>> your online security.  You won't be perfect -- there is no such thing as
>> perfection.  You won't be a hardened target -- that takes a lot of work.
>>  But follow those steps and you'll have taken care of the easy ways that
>> your machine can be compromised.
>>
> 
> Thank you very much for your advise, much appreciated!
> 
> Regards
> Stefan
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
I'm not one of the many experts on the list you refer to so you'll have
to judge for yourself the usefulness of my procedures.  Comments from
more experienced users welcome as well, of course, and some very
experienced users have given you very good advice already.

Some of things I do include setting a password on the BIOS and HD and
turning my computer off when I'm not using it.  My reason for those
steps is that I am hoping it would introduce enough of a roadblock that
should someone gain physical access to my computer (a laptop) they would
need to take it with them in order to compromise it.

I also don't click on any links in emails. As well, I don't open any PDF
files I don't trust.

I believe also that it's important to consider what operating system you
use.  Some people believe that with certain OSs you are compromised the
minute you install said OS and are actually fulfilling the role of
Mallory against yourself.  This is to say that I believe Open Source is
beneficial not that it is the complete solution.

I would also add one word about USB sticks:  It is very difficult to
know if they've been compromised and there are no tell-tale signs when
an attack is taking place.  I never put a USB in my computer that has
been used on a computer I don't own.
Best Regards,
Duane

-- 
Duane Whitty
du...@nofroth.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

2017-06-12 Thread Stefan Claas 
On 12.06.17 22:35, Robert J. Hansen wrote:
>> Is there something like a Standard Operating Procedure for GnuPG
>> available, which fulfills security experts demands, and which can
>> easily be adapted by an average GnuPG user, regardless of platform 
>> and client he/she uses?
> No.  More to the point, there can't be.  Each user faces threats
> specific to that user; each user is responsible for their own threat
> modeling.
>
> But follow the steps I outlined before and you'll significantly improve
> your online security.  You won't be perfect -- there is no such thing as
> perfection.  You won't be a hardened target -- that takes a lot of work.
>  But follow those steps and you'll have taken care of the easy ways that
> your machine can be compromised.
>

Thank you very much for your advise, much appreciated!

Regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

2017-06-12 Thread Robert J. Hansen 
> Is there something like a Standard Operating Procedure for GnuPG
> available, which fulfills security experts demands, and which can
> easily be adapted by an average GnuPG user, regardless of platform 
> and client he/she uses?

No.  More to the point, there can't be.  Each user faces threats
specific to that user; each user is responsible for their own threat
modeling.

But follow the steps I outlined before and you'll significantly improve
your online security.  You won't be perfect -- there is no such thing as
perfection.  You won't be a hardened target -- that takes a lot of work.
 But follow those steps and you'll have taken care of the easy ways that
your machine can be compromised.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

2017-06-12 Thread Stefan Claas 
On 12.06.17 22:10, Robert J. Hansen wrote:
>> and transfer signed/encrypted messages from my online usage
>> computer with a USB stick to my offline computer and verify
>> decrypt the messages there. :-)
> If you think your online computer may be compromised, then you have no
> business sharing USB devices between it and your believed-safe computer.
>
O.k., i have for example no Tempest Attack, etc. shielded offline computer,
because i am only a little Mac user. Is there something like a Standard
Operating
Procedure for GnuPG available, which fulfills security experts demands,
and which
can easily be adapted by an average GnuPG user, regardless of platform
and client
he/she uses?

Regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

2017-06-12 Thread Robert J. Hansen 
> and transfer signed/encrypted messages from my online usage
> computer with a USB stick to my offline computer and verify
> decrypt the messages there. :-)

If you think your online computer may be compromised, then you have no
business sharing USB devices between it and your believed-safe computer.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

2017-06-12 Thread Stefan Claas 
On 12.06.17 21:15, Peter Lebbing wrote:

>> (Remember there are two types of companies. Those who know they got
>> hacked and those who don't know yet that they got hacked.)
>>
>>
I should put that as a signature in my email and Usenet client! :-)

Regards
Stefan



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

2017-06-12 Thread Stefan Claas 
On 12.06.17 21:21, Ludwig Hügelschäfer wrote:
> What you can do: Learn, learn by playing, learn by trying to
> understand what others write and by asking questions and become a
> reasonable critical user. That's the hard way, but you learn best.
> Second possibility would be to have a good experienced friend which
> guides you along the way. Third way would be to engage an expert which
> maintains your computer.
>
Thanks also for your valuable reply!

Please see also my reply to Peter.

Regards
Stefan




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

  1   2   3   4   >