>
>> On 9 Oct 2019, at 04:47, Philipp Klaus Krause wrote:
>>
>> It would be really nice, if Thunderbird could add an option to use the
>> gpg key storage instead of its own, but so far the developers want to
>> always keep the Thunderbird key storage separately (thoug they are
>> considering
Working version:
Ubuntu-14.04
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Not working version:
Ubuntu-18.04
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
I put the same subkey on all 3 slots of a Nitrokey Pro maybe about a year
ago and have been encrypting/decrypting (sometimes signing, sometimes not)
for myself and
Am 11.10.19 um 20:15 schrieb Phillip Susi:
> Why the heck don't they just run gpg the way enigmail did?
>
They don't want users to require to install gpg first. And they don't
want to ship gpg with Windows installers, since it isn't MPL.
Philipp
signature.asc
Description: OpenPGP digital
On 09/10/2019 08:06, Tony Lane via Gnupg-users wrote:> It doesn't do
that? Why would they choose to tightly couple TB with
> OpenPGP? If I have to maintain two key databases, that's a dealbreaker
for me.
Dealing with GnuPG complexity is a deal breaker for ordinary users,
preventing adoption. You
On 11/10/2019 19:15, Phillip Susi wrote:
> Why the heck don't they just run gpg the way enigmail did?
They don't want to bundle GnuPG because of GnuPG licence:
https://wiki.mozilla.org/Thunderbird:OpenPGP:2020#OpenPGP_engine
Requiring user to set up GnuPG separately is out of question if
they
Andreas Boehlk writes:
> I do not agree with this one. IMHO the verification with a trusted GPG-Key is
> absolutely sufficiant and the checksum-proof is not needed at all.
True, since validating the signature means validating the secure hash of
the contents. That is, the checkum is reisistant
Philipp Klaus Krause writes:
> While having OpenPGP support directly in Thunderbird is probably a good
> thing, I found it convenient to just use the gpg kerys for Email
> encryption and signing (and conversely, being able to just use keys
> imported via Enigmail to encrypt files using gpg).
>
> john doe hat am 8. Oktober 2019 um 07:45 geschrieben:
> To summarize:
>
> - Checksumming a file insures that the file has not been corrupted
> - Verifying a file insures that the file has not been tempered with
I totally agree to both statements
>
> Idealy, both steps are to be done.
>
I
Jeff Allen via Gnupg-users writes:
> So what? If the goal is private communication, ProtonMail and Tutanota
> are nearly effortless ways to achieve it. Sign up for a free account
How do you figure that? If they aren't encrypting mail then how is it
private? Or or is it using some other