Re: What are those attachments you have on your email?
Hi, David Adamson: > On Fri, Nov 25, 2016 at 9:33 AM, Stephan Beckwrote: > Stephan so this is a result of you using a mail client that requires > the signature file and If I used a similar mail client it could > automatically verify this email message was signed by the holder of > Stephan's private key? If you used a PGP/MIME compliant email client (may it be Claws or Thunderbird with the Enigmail plugin) you'd see the signature file as an attachment to the email, and by importing (or retrieving and importing it, if not yet present in the keyring) the sender's public key using the appropriate commands of this email client or the respective plugin like Enigmail, "you" could verify the signature, i.e. verify that the signed message was effectively signed with the private (signing) key of the holder of the respective public key. (The corresponding plugin such as Enigmail verifies the signature automatically when you select the message) If you used a non PGP/MIME email client (without any plugin of this kind) or a webmail interface (not capable of handling such messages) you would not be able to directly process the attachment for verifying purposes. But you could open the message's header ("View Source" command) copy and paste the signature including the --- BEGIN/END --- parts (see below) into a text file, save it with .asc file extension and verify it by means of gpg (or the dedicated gpgv package). gpg2 --verify signature.asc signed_message_text.txt. If it is a public key, you can copy and paste it (including the --- BEGIN/END --- parts) into a text file, save it with the .asc file extension and import it directly into your keyring using the gpg2 --import command -BEGIN PGP SIGNATURE--- [SIGNATURE] -END PGP SIGNATURE- or (in case of a public key) -BEGIN PGP PUBLIC KEY BLOCK- [PUBLIC KEY in armored format] -END PGP PUBLIC KEY BLOCK--- > > However is it the case as Juan put it that since I'm using another > type of mail service, in my case gmail web based interface, that this > signature will not be applicable? I actually don't know gmail well, so I cannot tell you (but you can) whether gmail has any type of PGP/MIME handling webmail-based apps. If not, the PGP/MIME signature attachment cannot be "processed" directly. But you could save the attachment as .asc file (seemingly you did that), save the message as a text file and put both (first the signature file) on gpg's command line (see above) to verify the signature (key will be retrieved by gpg if it's not yet present.) Cheers Stephan 0x4218732B.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What are those attachments you have on your email?
On Fri, Nov 25, 2016 at 9:33 AM, Stephan Beckwrote: > Sorry, David, for arriving a bit late to the party..., I had to answer > Peter who had addressed several list mails in reply to mine yesterday > and it took me a while. > Yes, as Brian says, the verify command expects an .asc signature file > and a message or a file signed with it as input. By > using/fetching/retrieving the signer's key gpg verifies that this > message/file really was signed by the one who claims to be the signer. > > Cheers > > Stephan > Stephan so this is a result of you using a mail client that requires the signature file and If I used a similar mail client it could automatically verify this email message was signed by the holder of Stephan's private key? However is it the case as Juan put it that since I'm using another type of mail service, in my case gmail web based interface, that this signature will not be applicable? Juan said: "Otherwise, it looks like a normal message (or empty if PGP/MIME encrypted) with a signature.asc file (sometimes called differently) as an attachment." Brian, Thanks for the resource. I'll have to get used to reading/understanding this type of material/subject matter. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What are those attachments you have on your email?
On Fri, Nov 25, 2016 at 08:12:35AM -0500, David Adamson wrote: > On Fri, Nov 25, 2016 at 5:28 AM, Stephan Beckwrote: > I was thinking of ways to get my key out to people without using the > keyservers and instead attaching my public key to my email seemed like a good > idea. I noticed you have two, one called 0x4218732B.asc and another > called signature.asc. Am I correct in assuming your first one is your > public key? The second one I'm not sure what it is for. I thought > maybe you were signing your public key so I ran the following but got > a BAD signature message so I thought maybe it's for something else - A signature.asc file is usually for the message itself. See RFC 3156. https://tools.ietf.org/html/rfc3156 for more details. It's called PGP/MIME and it allows you to encrypt, sign, or both for messages containing attachments. -- Brian Minton brian at minton dot name http://brian.minton.name Live long, and prosper longer! OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20 2206 0424 DC19 B678 A1A9 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What are those attachments you have on your email?
Sorry, David, for arriving a bit late to the party..., I had to answer Peter who had addressed several list mails in reply to mine yesterday and it took me a while. Yes, as Brian says, the verify command expects an .asc signature file and a message or a file signed with it as input. By using/fetching/retrieving the signer's key gpg verifies that this message/file really was signed by the one who claims to be the signer. Cheers Stephan David Adamson: > On Fri, Nov 25, 2016 at 5:28 AM, Stephan Beckwrote: >> Hi David, >> >> I kindly invite you to post your PM on-list. It might be of interest for >> other people as well. >> >> Thanks and regards >> >> Stephan >> > > Certainly that sounds like a good idea. > > Stephan, > > Thanks again for your help. I am playing around with generating my > keys, importing others and encrypting and decrypting. > > I was thinking of ways to get my key out to people without using the > keyservers and instead attaching my public key to my email seemed like a good > idea. I noticed you have two, one called 0x4218732B.asc and another > called signature.asc. Am I correct in assuming your first one is your > public key? The second one I'm not sure what it is for. I thought > maybe you were signing your public key so I ran the following but got > a BAD signature message so I thought maybe it's for something else - > > david@system:~/Downloads$ gpg2 --verify signature.asc 0x4218732B.asc > gpg: Signature made Wed 23 Nov 2016 11:41:22 AM EST > gpg:using RSA key 5E77973C5ED0E692 > gpg: Can't check signature: No public key > david@system:~/Downloads$ gpg2 --import 0x4218732B.asc > gpg: key 1CA0EF5E4218732B: public key "Stephan Beck > " imported > gpg: Total number processed: 1 > gpg: imported: 1 > david@system:~/Downloads$ gpg2 --verify signature.asc 0x4218732B.asc > gpg: Signature made Wed 23 Nov 2016 11:41:22 AM EST > gpg:using RSA key 5E77973C5ED0E692 > gpg: BAD signature from "Stephan Beck " [unknown] > > Thanks! > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What are those attachments you have on your email?
On 2016-11-25 at 14:12, David Adamson wrote: > I noticed you have two, one called 0x4218732B.asc and another > called signature.asc. Am I correct in assuming your first one is your > public key? The second one I'm not sure what it is for. I thought > maybe you were signing your public key so I ran the following but got > a BAD signature message so I thought maybe it's for something else The first one is indeed the public key, the second one most likely is the signature for the email using PGP/MIME. If you have PGP-supported email client (like Claws) or the email client have a PGP pluging (like Thunderbird+Enigmail) it should be able to verify it. Otherwise, it looks like a normal message (or empty if PGP/MIME encrypted) with a signature.asc file (sometimes called differently) as an attachment. -- Juan Miguel Navarro MartÃnez GPG Keyfingerprint: 5A91 90D4 CF27 9D52 D62A BC58 88E2 947F 9BC6 B3CF signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users