Re: Encrypting email

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I had to sign other people's keys before enigmail would 'trust' the
key. I sign them locally (ubuntu breezy 64 crashes when I do that) so
I sign them using the command line. "Set Owner Trust" would do the
same thing, I imagine - sign the foreign key with your own key.

At my previous job in MI, one of the previous admins tried to get PGP
working within the company, but failed horribly for reasons like this
(they didn't have any good PGP key management programs back then, and
getting outlook and the other clients to work with it wasn't a happy
ordeal).

I think that because of the security involved, you don't want to have
a program auto-sign or auto-trust keys for you; you could get the
wrong key, and have it auto-trusted when it's not a trusted source
(i.e. if spammers started sending out PGP keys to work around filters
that might auto-allow any pgp signed emails, or something) (and no, I
have no idea if that filter actually exists. It's theoretical.)

The bonus is that your mail is encrypted and unreadable to anybody
that doesn't have the secret key; and that should hopefully be
everybody in the world except the recipient of the email. AT work, I
use PGP to encrypt sensitive mail to local people as well as some
customers; We use SSL SMTP And SSL IMAP/POP3, but not everybody uses
it - and if you store it in your local mailstore unencrypted, it's
still able to get snagged.

Damien Hull wrote:

> I did something to set Adam's key as "trusted". If you right click
> on a key you should see a list of options. One is "set key trust".
>
> Oh, I did get Adam's key using the command line tools. I used the
> MIT server. Can't remember how I did the search but it gave me a
> short list of "Adam's". I didn't do anything with that though.
>
> I'm not sure why the command line tools work but Enigmail can't get
> the key. You should be able to search using the key ID and get the
> key you're looking for.
>
> If we are having this much trouble there's no way the average user
> is going to encrypt email.
>
> I can see a business using it. You would have to train all the
> users but it could be done.
>
> Jim Gribbin wrote:
>
>> Adam's, I had no problem with. I got it from the German keyserver
>> I mentioned. The keyserver you used, I had to download your key
>> as an ASCII file and import it from there. Joshua Kluger sent me
>> his key
> in an
>> email. Had no problem importing it, but couldn't sign it.
>
>> Have you been able to sign or set trust levels using Enigmail's
> tools on
>> the Linux side? The only way I could do it was use GnuPGs command
>> line tools. couldn't find anything in the Enigmail docs or forums
>> either. Guess I'll have to post something asking.
>
>> Less than useful for Joe Average end user.
>
>> Jim
>
>> Damien Hull wrote:
>
>
>>> I can't get it working on Linux. I'm on FC3. I put the MIT
>>> server
> in my
>>> list but I couldn't get Adam's PGP key. I had to download it
>>> and
> import
>>> it manually.
>>>
>>> I've also had some trouble checking Adam's email. It once told
>>> me his email was bad. Something about the PGP key or sign or
>>> something.
>>>
>>> Looks like they have some work to do on securing email.
>>>
>>> Jim Gribbin wrote:
>>>
>>>
>>>> This is the message I accidentally sent encrypted yesterday.
>>>
>>>> ------------------
>>>
>>>> I've been doing some playing around with OpenPGP using
>>>> Enigmail w/ Thunderbird on W2K.
>>>
>>>> Can't seem to get it all working correctly. It won't let me
>>>> sign any keys using Enigmail's tools. I can sign them using
>>>> gnupg's command line tools.
>>>
>>>> It also won't let me send or receive keys at the Key Server
>>>> you're using, but it will let me from at least one other.
>>>> random.sks.keyserver.penguin.de. The only way I could get
>>>> your
> key was
>>>> to download it and import it manually.
>>>
>>>> I'm also noticing that just signing kills html mail. Not that
>>>> that bothers me so much, but a lot of people like using html
>>>> mail. It will make it harder to get the general public using
>>>> it. I'm not sure I could ever get my sisters to give up the
>>>> background wallpaper on
> their
>>>> email.
>>>
>>>> Jim Gribbin
>>>
>>>
>>>
>>>
>>>
>>>> Damien Hull wrote:
>>>
>>>
>>>>> We were talking about email security at the meeting last
>>>>> night. I'm trying to setup pgp with Thunderbird.
>>>>>
>>>>> 1. I have a public and private key 2. It's only set to last
>>>>> 6 months 3. I put the public key on a key server.
>>>>>
>>>>> I had know idea what a key server was until I started this
> project. You
>>>>> don't have to use a key server but they seem like a good
>>>>> thing.
>>>>>
>>>>> You put your public key on the key server for others to
>>>>> look up.
> This
>>>>> email has my digital signature. You can check if it's
>>>>> really me by getting my pgp key from the key server.
>>>>>
>>>>> I won't know if this works until someone tries to verify my
>>>>> email.
>>>>>
>>>>> I used the following information to setup pgp in
>>>>> Thunderbird.
>>>>>
>>>>> http://software.newsforge.com/article.pl?sid=05/01/06/1557216
>>>>>
>>>
>>>
>>>> --------- To unsubscribe, send email to
>>>> <aklug-request@aklug.org> with 'unsubscribe' in the message
>>>> body.
>>>
>>>
>>>
>>> -- You can get my public PGP key at https://keyserver.pgp.com
>
>
>
>
> -- You can get my public PGP key at https://keyserver.pgp.com

- ---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDqbw8kZb3NX+IDMsRAoAZAJoCwexLKLqxVjA1J9ljsDYD55vjdQCePhFw
1tRuq4h4+EN9C7HSBN2h3cc=
=f0KE
-----END PGP SIGNATURE-----

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Dec 21 11:34:09 2005