Re: PGP Signing and Encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marck, Only encrypted signed messages will result in a decrypted version. Ah, so it does. I was keying CTRL-SHIFT-D for signed messages, instead of CTRL-SHIFT-C. If it were decrypted in-line then you really would lose that opportunity since the original message would be replaced with the decrypted version. By in-line what I was really trying to say is on-the-fly - TB! should always store the message as it was received. So if I received a signed message and want it displayed in the viewer TB! would do it's best to check the signature automatically. Similarly with encrypted messages, if I have a cached passphrase in PGP then there is nothing to stop TB! decrypting the message for me when I open it in the viewer. There should, of course, always be a way to view the message as it was originally transmitted if you are interested in that. For me it's the manual intervention on every message that is signed or encrypted that makes it feel less integrated. BTW, if unattended security is of concern to you then you should seriously consider using SecureBat! It's not a major concern for me, just an example of why I'm not so keen on the decrypted copies of messages. If TB! was decrypting as it went the PGP passphrase caching would alleviate this problem to some degree. Thanks for your response, I will give that example Read filter a try. Regards, Graeme. - -- Graeme J Hosking [EMAIL PROTECTED] http://www.hosking-online.com/ -BEGIN PGP SIGNATURE- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: KeyID: 0xCA4E46C2 iQA/AwUBPhQizWG9Y2LKTkbCEQIKPwCg+U7/k8df/Tbla6CcLyVjwEoulcMAoKzs /mHBcxXsjXJ0Qw9cVIJh2J4h =WFf9 -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
PGP Signing and Encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm just starting to get my head around using PGP with The Bat! but I'm not entirely sure I have this set up correctly. I've installed PGP 6.5.8ckt and The Bat! seems to work with it reasonably. However, every time I ask for a signature to be verified, or a message to be decrypted, I get a duplicate of the message with (PGP Decrypted) appended to the subject. Is it really supposed to do that? It seems to me to be slightly less than elegant, but given that I'm new to PGP I'm willing to accept there might be a good reason for doing this (I just can't see it :-). I was expecting messages to be verified or decrypted in-line, so to speak, making use of the PGP passphrase caching. Making decrypted copies of a message that anyone passing my workstation can read when I'm not around seems to go against the objective of increasing privacy, IMO. Which is why I'm wondering if I've missed anything? Graeme. - -- Graeme J Hosking [EMAIL PROTECTED] http://www.hosking-online.com/ -BEGIN PGP SIGNATURE- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: KeyID: 0xCA4E46C2 iQA/AwUBPhOYgGG9Y2LKTkbCEQINygCg33JdwV9533GZKbfQFCxuHwXq9dEAoI9s tql1TwVLsj18VPwhyK5zrGg0 =Uw/B -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: PGP Signing and Encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Graeme, @2-Jan-2003, 01:40 Graeme J Hosking [GJH] in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said: GJH However, every time I ask for a signature to be verified, or a GJH message to be decrypted, I get a duplicate of the message with GJH (PGP Decrypted) appended to the subject. Is it really GJH supposed to do that? Yes - for decryption. Only encrypted signed messages will result in a decrypted version. Signature verification will result in the appearance of the PGP Log window containing the results of the verification. With the later ckt builds (09 beta 3 for instance) the result of the verification process is loaded into the clipboard ready to be pasted back into a response. GJH It seems to me to be slightly less than elegant, but given that GJH I'm new to PGP I'm willing to accept there might be a good GJH reason for doing this (I just can't see it :-). The reason is that the decryption is intended to be temporary - for viewing purposes only. I employ Read message filters to delete decrypted messages automatically after reading. I also employ special macros to enforce encryption and to remove the Decrypted from the subject when replying. GJH I was expecting messages to be verified or decrypted in-line, GJH so to speak, making use of the PGP passphrase caching. Making GJH decrypted copies of a message that anyone passing my GJH workstation can read when I'm not around seems to go against GJH the objective of increasing privacy, IMO. Which is why I'm GJH wondering if I've missed anything? Only deleting the decrypted version once read. If it were decrypted in-line then you really would lose that opportunity since the original message would be replaced with the decrypted version. S/MIME messages are actually handled more as you describe. BTW, if unattended security is of concern to you then you should seriously consider using SecureBat! - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.62 Christmas Edition on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1rc1-nr1 (Windows 2000) iD8DBQE+E5p5OeQkq5KdzaARAqffAKCkOlMlQhBCiJ1ackrFpvFB8HqW4gCgouiW op2CiE+9rvdh7Z6ljwPScFQ= =XQjN -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: PGP Signing and Encryption
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hi Marck, MDP The reason is that the decryption is intended to be temporary - for MDP viewing purposes only. I employ Read message filters to delete MDP decrypted messages automatically after reading. I also employ MDP special macros to enforce encryption and to remove the Decrypted MDP from the subject when replying. would you consider sharing some of those macros with the newbies - meaning myself ;) - on the list who've yet to really play with this kind of functionailty? cheers, Toby --- Life is poetry - write it in your own words. --- Toby Tremayne Technical Team Lead Code Poet and Zen Master of the Heavy Sleep Toll Solutions 154 Moray St Sth Melbourne VIC 3205 +61 3 9697 2317 0416 048 090 ICQ: 13107913 -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPhOeiUYhrxxXvPlFAQGCxgQArjKH+cwwIJue0wcCLfloGUkm+xjB5Kqv qF87O4zuPOgDYsZ0vtDZ0komAtD3SR008QE0+t+iOPxINhiHlf900pSqJ1N0zb4y ExcsgJg/Lyw9wWTDwCX69F+AfVcyKroi7UID/I8LVrlCiUI3ILTPVL63Ln5DpKtm XOldewl8gxs= =h5we -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: PGP Signing and Encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Toby, @2-Jan-2003, 13:06 +1100 (02:06 UK time) Toby Tremayne [TT] in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said: MDP ... I also employ special macros to enforce encryption and to MDP remove the Decrypted from the subject when replying. TT would you consider sharing some of those macros with the newbies TT - meaning myself ;) - on the list who've yet to really play with TT this kind of functionailty? Sure. Here's my QSUBJ Quick Template: %SUBJECT=Re: %SETPATTREGEXP='(?i)\A(?::?\s*)%- (?:(?:\s*(?:fwd|re|aw|fw|antwort|wg|forw)%- (?:\[\d*\])?:\s*)|(?:\s*\[.*\]\s*))*%- (.*?)(?:(?:\s*\((?:was|war):?.*\)\s*)|%- (?:\((?:PGP|S/MIME) Decrypted\)))*\z'%- %REGEXPMATCH='%OSUBJ' I use this in all my templates since it does the whole tidy up thing for all possible manglement of a subject line. It's an extrapolation of the standard one in the library I think. And here's a typical Read message filter to rid me of a decrypted copy. BeginFilter Name: Remove decrypted copy Active: 1 Source: \Inbox Target: \Inbox CopyFolder: none MainSet: 20\(PGP Decrypted\) Actions: faDelMsg,faoRegExp EndFilter Anyone who doesn't know how to use one of these - just highlight the above text including the BeginFilter and EndFilter lines and press Ctrl-C (or Right Click / choose Copy from the menu). Now open up the Sorting office and click on the Read messages folder. Now press Ctrl-V to paste the filter in. That'll do it. - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.62 Christmas Edition on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1rc1-nr1 (Windows 2000) iD8DBQE+E5/8OeQkq5KdzaARAulhAJ0d5lNAjRC1Q0KDzZp1LLz7MoL2mACfVm8b BpRykJiEwV0kdawlvear8IY= =jjz0 -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: PGP Signing and Encryption
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hi Marck, ta muchly - I'll enjoy playing with these! Thursday, January 2, 2003, 1:12:08 PM, you wrote: -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPhOke0YhrxxXvPlFAQH/rQP+N83Y5QXrEM4790xagUzDv/shoSPNpdow 675WYKoktPuJau1p9wHpFpon1t5/p+ICPqyB7N8O8a2A3Qeu+8cTrTfPymGSnmmK 6GRxNjjF6bJInP4Wb7TJkWaZK1WHltJIuG/4Kf31zaKEvneHBgbTb3FG3tvkoF24 nLcGnnPs850= =BlUR -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
