Re: GPG and different mailers
On Fri, 2002-02-22 at 03:56, Derek D. Martin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For all of the above reasons, I argue both that PGP signatures do add value to a message, and that there is absolutely no comparison between a PGP signature and any of the aforementioned methods of message formatting. I would like to add another reason. I have yet to hear of a security vulnerability cased by, exploited using, or found in, a PGP/GPG signature. MSTNEF had an issure where you could munge the header information (much like RTF), and exec arbitrary code on the receiving machine. Winmail.dat used to carry a users password in it. HTML can have embeded scripting it in that, if the mailer isn't careful, can do a whole host of nasty things. A PGP or GPG signature is a small block of plain text that does nothing of it's own volition. It is merely used to authenticate a person's e-mail. All of the formatting ethods mentioned actively *DO* something if the ender is malicious. If you happen to use some other mailer at an alternate location, the mailers which can be made to understand cleartext PGP signatures, and thereby reduce or eliminate clutter include (but are not limited to): mutt pine exmh kmail Microsoft Outlook I would also add Outlook Express. There is a patch for it called gpgoe. It is also possible to use GPG in the Windoze world. There is even a pretty decent front end to it called WinPT (http://www.winpt.org). C-Ya, Kenny msg13217/pgp0.pgp Description: PGP signature
Re: GPG and different mailers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Content-Type: text/plain; charset=us-ascii Additionally, Pegasus for Windows supports PGP although I have not yet installed it. Kenneth E. Lussier wrote: I would like to add another reason. I have yet to hear of a security vulnerability cased by, exploited using, or found in, a PGP/GPG signature. MSTNEF had an issure where you could munge the header information (much like RTF), and exec arbitrary code on the receiving machine. Winmail.dat used to carry a users password in it. HTML can have embeded scripting it in that, if the mailer isn't careful, can do a whole host of nasty things.=20 A PGP or GPG signature is a small block of plain text that does nothing of it's own volition. It is merely used to authenticate a person's e-mail. All of the formatting ethods mentioned actively *DO* something if the ender is malicious.=20 =20 If you happen to use some other mailer at an alternate location, the mailers which can be made to understand cleartext PGP signatures, and thereby reduce or eliminate clutter include (but are not limited to): =20 mutt pine exmh kmail Microsoft Outlook I would also add Outlook Express. There is a patch for it called gpgoe. It is also possible to use GPG in the Windoze world. There is even a pretty decent front end to it called WinPT (http://www.winpt.org). - -- - -- Gerald Feldman [EMAIL PROTECTED] Boston Computer Solutions and Consulting ICQ#156300 PGP Key ID:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.5 12/25/2001 iD8DBQE8d8Ns+wA+1cUGHqkRAlPDAJ9+hr0/DfZ2Y7wP87vm7iXDy1UuNQCghd++ D6jR45/VZ326v/dKpK7ikYY= =lVzK -END PGP SIGNATURE- * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
Since we can't convince you GPG guyz :-) .procmailrc: :0 Bf * -BEGIN PGP | pgp_clean pgp_clean: #!/bin/sh -- # A comment mentioning perl eval 'exec perl -S $0 ${1+$@}' if 0; while () { $msg .= $_ } $msg =~ s/-BEGIN PGP SIGNED(.|\n)*?Hash:.*\n\n//; $msg =~ s/-BEGIN PGP SIGNATURE(.|\n)*?-END PGP SIGNATURE-\n//; print $msg; * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A brief note that in this message the term PGP refers to any implementation of the OpenPGP standard or implementations that inspired the standard, including Phil Zimmerman's original PGP and its decendants, and also GPG or any other implementation. At some point hitherto, Michael O'Donnell hath spake thusly: My point has always been simply that this channel has a blessedly high S/N ratio that is worth preserving, and pointlessly cluttered messages degrade it. This is the one point of your message I agree with, and I hope to respond to a few of your other points (slightly out of order) in order to provide some perspective as to the use of PGP, and perhaps even win over some people to using it regularly. I hope to pursuade you and others that PGP is neither pointless nor is it noise. PGP is pointless here because this channel (and GNHLUG in general) is a safe environment. There is no such thing as a safe environment, other than perhaps in some imaginary utopian society. In all aspects of life, there are non-zero but widely varying degrees of inherent danger. Just as it is up to the individual whether or not to buy homeowner's insurance or automobile insurance (in absentia of legal or contractual obligations that do often accompany the purchase of such), so it is the individual's right to decide what other forms of danger with which they will concern themselves and from which they will attempt to protect themselves. In using PGP, I choose to provide myself with what I feel is adequate protection from e-mail forgery, a danger with which I choose to concern myself. My point has never been that forgery is impossible, so your forgery stunt illustrates... what? The forgery itself illustrates very little; that is true. The fact that it took me about three extra seconds to do it as compared to generating my own reply illustrates that forging e-mail is easy enough that if some bored teenager or other malicious person might decide to pretend to be a regular poster and forge a message that will offend a large number of people, or for other malicious purpose, he or she will have NO trouble doing so. E-mail forgery isn't just possible, it's EASY. I'm quite capable of offending people on my own, and I (along with presumably everyone else who signs their e-mail) would prefer that if one of my posts offends people, that at least I were, in fact, the person who wrote it. And barring that, that it were fairly easy to show that I weren't. Much as when one signs a hand-written or typed letter [have you ever produced one you did not sign?], by using PGP to sign my messages, I am providing a reasonable certainty to anyone who chooses to test it that I and only I am the author of my message, whereas the mere mention of my name at the bottom of the electronic document can not reliably provide the same. Forgeries of both types of signatures are possible; however convincing forgeries that would stand up to expert scrutiny are very difficult to achieve, in both cases. In addition, there is an element of familiarity endowed by a signature. If you write a hand-written letter to a friend, the import of signing or not signing is hardly different than signing or not signging a mailing list post. But would you ever NOT do it? Most people wouldn't even consider not signing a hand-written letter. The same familiarity of your friend's signature on a hand-written letter is available in electronic documents through PGP signing. As the reader of a letter, if you are familiar with the author, you will see the signature and it will register as familiar. If you are unfamiliar with the author or his signature, you will simply ignore it, though it remains for your scrutiny. It is thus also with PGP signatures. In the meantime, though, since forgery is a total non-issue on this channel That is a subjective value judgement, and one with which I (and it would seem others as well) do not agree. Just because an event has never happened before, does not mean it will not ever. And just because if it ever does, YOU will not care, some of us may. the PGP clutter is no more appropriate here than any of the other clutter (eg. HTML, TNEF, RichText, etc, etc...) Again, we are in disagreement. The amount of extra text a PGP signature adds to a message is generally around 100 bytes or so, and represents about as much clutter as someone's large signature or custom e-mail headers (x-face and my favorite x-message-flag come to mind). And unlike those you mention, a PGP signature serves a useful FUNCTION distinct from the content of the message, which is to provide a *reasonably* reliable, though admittedly imperfect, assurance of the *author's* (but unfortunately not necessarily the *sender's*) identity. Clearly some members of the community *do* find value in this added function, as more than one person here uses it. Commonly, the other formats you mention add nothing
Re: GPG and different mailers
I sincerely believe that PGP-signed email messages have a legitimate use. No, I'm serious! I really do. I will probably someday send or receive a message about which (with a straight face) I can say, Yep!! that there was one IMPORTANT message - I sure am glad I had some serious encryption befitting its significance. And I'll probably transmit it as a MIME-encoded, TNEF-garbled, RichText-enhanced thing of beauty with a redundant HTML version attached, too, just to celebrate the occasion. And I'll ROT13 the headers - yeah! that's the ticket! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
In a message dated: Thu, 21 Feb 2002 08:09:47 EST Michael O'Donnell said: I sincerely believe that PGP-signed email messages have a legitimate use. No, I'm serious! I really do. I will probably someday send or receive a message about which (with a straight face) I can say, Yep!! that there was one IMPORTANT message - I sure am glad I had some serious encryption befitting its significance. And I'll probably transmit it as a MIME-encoded, TNEF-garbled, RichText-enhanced thing of beauty with a redundant HTML version attached, too, just to celebrate the occasion. And I'll ROT13 the headers - yeah! that's the ticket! To all on this list, please note that the above was NOT in fact composed or sent by Michael O'Donnell. Some imposter has hijacked his e-mail address and spoofed the headers. Had this *really* come from 'mod', we'd have a GPG signature to authenticate this message with. Please disregard all mail sent from this imposter in the future, as real 'mod' postings will be easily identifiable and authenticated. /sarcasm :) -- Seeya, Paul God Bless America! If you're not having fun, you're not doing it right! ...we don't need to be perfect to be the best around, and we never stop trying to be better. Tom Clancy, The Bear and The Dragon * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
I sincerely believe that PGP-signed email messages have a legitimate use. No, I'm serious! I really do. I will probably someday send or receive a message about which (with a straight face) I can say, Yep!! that there was one IMPORTANT message - I sure am glad I had some serious encryption befitting its significance. And I'll probably transmit it as a MIME-encoded, TNEF-garbled, RichText-enhanced thing of beauty with a redundant HTML version attached, too, just to celebrate the occasion. And I'll ROT13 the headers - yeah! that's the ticket! I changed my mind; I take back everything I just said. GPG is useless and everyone who uses it are a bunch of kneebiting jerks who'll be the first against the wall when the $%@! hits the fan... * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
[EMAIL PROTECTED] forged: I changed my mind; I take back everything I just said. GPG is useless and everyone who uses it are a bunch of kneebiting jerks who'll be the first against the wall when the $%@! hits the fan... My point has never been that forgery is impossible, so your forgery stunt illustrates... what? It's like sucker-punching a coworker who is unconvinced by any of your other attempts to persuade him that the workplace is a dangerous environment. There! You see??! That PROVES it! My point has always been simply that this channel has a blessedly high S/N ratio that is worth preserving, and pointlessly cluttered messages degrade it. PGP is pointless here because this channel (and GNHLUG in general) is a safe environment. If it ever got to the point where I had to wonder if a given message here was forged, my response would not be to inflict PGP clutter on everybody else. I would simply interpret that as the death of the GNHLUG and be sadly on my way. In the meantime, though, since forgery is a total non-issue on this channel, the PGP clutter is no more appropriate here than any of the other clutter (eg. HTML, TNEF, RichText, etc, etc...) so please allow me to beg y'all not to inflict it on the rest of us. --Michael O'Donnell * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Content-Type: text/plain; charset=us-ascii In a message dated: Tue, 19 Feb 2002 23:57:38 EST Derek D. Martin said: You never read any of my documentation, do you? :) No, docs are for the junior people we're supposed to be training. You're just supposed to tell me these things as you come across them ;) For that matter, it's in the man page. See the section entitled, ENVIRONMENT in the man page. =8^) exmh has about 20 or so different setting you can make for PGP/GPG. I *thought* (but was wrong) that one of them was location of the .gnupg directory, which is why I expected this same setting in Evolution. Now that I look more closely, I see that exmh's settings cover everything *but* this :) This may be because Evolution only supports the PGP-MIME method of signing (I'm not positive this is true, but I think it is), where most people usually use the clearsign method. Such messages can be verified by hand, but it's a pain in the patootie. That's what it seems. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.2 06/23/2000 (debian 2.2-1) iD8DBQE8c5QlPMkOzOrc6sMRAnQSAJwMgWmHHjI44o5J7trshVmqcbydoQCgqVFs g9J8WJUbtBqdsAXqfAEKywc= =+nwy -END PGP SIGNATURE- * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
On Tue, 19 Feb 2002 [EMAIL PROTECTED] wrote: -BEGIN PGP MESSAGE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.2 06/23/2000 (debian 2.2-1) owFdUr1rFEEUz11I4cGdBLQRxVd5CnfrJkgkZ+IHEiGFVQ7Ecm737e3D+Thm3t7d At least the people using Outlook send *some* readable text -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
Ben wrote: At least the people using Outlook send *some* readable text because Paul wrote: -BEGIN PGP MESSAGE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.2 06/23/2000 (debian 2.2-1) owFdUr1rFEEUz11I4cGdBLQRxVd5CnfrJkgkZ+IHEiGFVQ7Ecm737e3D+Thm3t7d because Paul is running Exmh version 2.2 06/23/2000 instead of version 2.5 07/13/2001 like I am (on Tru64 UNIX, BTW...) Bayard * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
In a message dated: Wed, 20 Feb 2002 09:04:38 EST Bayard Coolidge USG said: because Paul is running Exmh version 2.2 06/23/2000 instead of version 2.5 07/13/2001 like I am (on Tru64 UNIX, BTW...) Ironically, I'm not. At home I really *am* using 2.5 (2.4 at work). I don't know why the Exmh version says 2.2, it's not: $ grep -i version exmh | grep set set exmh(version) {version 2.5 07/13/2001} -- Seeya, Paul God Bless America! If you're not having fun, you're not doing it right! ...we don't need to be perfect to be the best around, and we never stop trying to be better. Tom Clancy, The Bear and The Dragon * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
Bayard Coolidge USG [EMAIL PROTECTED] writes: because Paul is running Exmh version 2.2 06/23/2000 instead of version 2.5 07/13/2001 like I am (on Tru64 UNIX, BTW...) I pulled the exmh 2.5 rpm off of sourceforge just now (I had to patch exmhMain.tcl again to fix the gnupg signatures), and I'm seeing version 2.5 01/15/2001 at the top of the exmh main window. Aside from the enhanced colorizing of reply text, what else has changed since exmh 2.4? -- John Abreau / Executive Director, Boston Linux Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 msg13167/pgp0.pgp Description: PGP signature
Re: GPG and different mailers
In a message dated: Wed, 20 Feb 2002 12:48:32 EST John Abreau said: Aside from the enhanced colorizing of reply text, what else has changed since exmh 2.4? Nothing to my knowledge. Though I'm sure there's a changelog at Brent's site if you're really interested. There were probably bug-fixes as well. -- Seeya, Paul God Bless America! If you're not having fun, you're not doing it right! ...we don't need to be perfect to be the best around, and we never stop trying to be better. Tom Clancy, The Bear and The Dragon * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
I'm able to read it just fine. However, I'm using exmh too. So some of us can read Paul's stuff. Keep working on it Paul. Derek D. Martin said: At some point hitherto, [EMAIL PROTECTED] hath spake thusly: Content-Type: text/plain; charset=us-ascii Note that this is still coming through as ASCII armored, and the MIME header is INSIDE The PGP block of the message. Figured it was just a configuration glitch, since you're playing with different mailers. Yeah, probably was. I think I fixed it. I think you didn't. ;-) -- Derek Martin [EMAIL PROTECTED] - I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- --- Tom Buskey * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
I have no problem with Paul's stuff on my home system running exmh (2.5 I believe). On 20 Feb 2002 at 14:35, Tom Buskey wrote: I'm able to read it just fine. However, I'm using exmh too. So some of us can read Paul's stuff. Keep working on it Paul. Derek D. Martin said: At some point hitherto, [EMAIL PROTECTED] hath spake thusly: Content-Type: text/plain; charset=us-ascii Note that this is still coming through as ASCII armored, and the MIME header is INSIDE The PGP block of the message. Figured it was just a configuration glitch, since you're playing with different mailers. Yeah, probably was. I think I fixed it. I think you didn't. ;-) -- Derek Martin [EMAIL PROTECTED] - I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- --- Tom Buskey * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * Jerry Feldman [EMAIL PROTECTED] Associate Director Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
On Wed, 20 Feb 2002, Tom Buskey wrote: I'm able to read it just fine. However, I'm using exmh too. It is the integrated GPG/PGP armor decoding, not exmh per se, that enables you to read what Paul said. So some of us can read Paul's stuff. Yah, and the Outlook users can read the Outlook barf, too. Some of us just want plain old text. 7-bit ASCII. No special language characters. No ANSI control codes. No HTML. No special encodings. No multi-color custom-font inline-image emails that talk when you open them. Plain old fscking text, that works on everything from a Timex Sinclair to a toaster. (Sorry for the rant, but I've been (trying) to communication with someone who only sends email as HTML marked as text/plain today, and it has made me wish for the good ole days when men were men and sent email by telnet localhost 25. ;-) -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
GPG and different mailers
Hi all, I've been playing around with Evolution lately and in general I'm impressed (as far as one can be with an overly graphical, eye-candy-based Outlook clone :) One thing I noticed though was that it's support for GPG seems to be lacking. The 2 areas I noticed had problems were: - you can not locate your .gnupg directory anywhere other than your home directory, there seems to be no way to configure this. This is bad, especially if your homedir is NFS mounted and you don't trust your network (which I never do, even when I'm the one admin'ing it!) - When trying to verify signed e-mail, it seems to always fail, yet the exact same e-mail in a different mail client (exmh) succeeds in then authentication. I've so far verified this with multiple e-mails sent to this list which I've read under both Evolution and exmh. Evolution fails every time, exmh succeeds every time. Does anyone have any insight to these issues? Thanks, * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
-BEGIN PGP MESSAGE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.2 06/23/2000 (debian 2.2-1) owFdUr1rFEEUz11I4cGdBLQRxVd5CnfrJkgkZ+IHEiGFVQ7Ecm737e3D+Thm3t7d 2tpo5z8gqYSUNlaWgiDaWFkYEOyMYG8hOLNrvCALu8O+3/t9vDfP28uN5urW+87H o8Ojt40P3/l0HCk3jtY24zjCucq37K/mXaMZNfeH5QQHwDjnqxMpSN+AJBfWIW8X ri9cQtRuhWdXgwCFzokxQioY0wEMC+zB2ibcwxGsx/G6fw3ieHBtA3b2hu3WRBbO EdrbinTqJpb0OEqMAicoHQTOm6f68CBHDWxLXwQ2MEVLWQmOxhpTwL4SJHtADA5R uYAQciZKB1koBAqAEhk4R8C5SDxQKPzbCBRMp5RlaH1WqP4lksL5chjElZrAFUmC mLqA5+BHFOHDlAgmoyOPqoG73SmCM17c1k7Jm+ScHMyIc1CFZJrIY3nnTXslNnVz hZPkGGY5JXlNZlGkUOgULYyMp9iZGlkEURDa5/ceo7p7UcgqavT6JTApv4IAW4RY VKJ6cS/Yx3fsJyzLHqgSzExXExZc+EIYqiodygxmxj6CjLTnHBUM3hBaB0a3WyfN m5Ar/X9HC4OJ0N16YVX2E8PEak//pCt/T28trzTCjTy+savNn52l/fvZ2S8vzz3b eHzm08VL334fPHnd3V7af9h511N7X+9EB2+aKxfO/zi8/vnVHw== =i8MR -END PGP MESSAGE- * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Content-Type: text/plain; charset=us-ascii In a message dated: Tue, 19 Feb 2002 20:32:48 EST mike ledoux said: Interestingly, my own signatures to myself work fine, but others on this list who send signed e-mail, Evolution can't seem to authenticate the signature. Please configure your mailer to send text/plain as text/plain. Sorry, thought it was. Can evolution verify this signature? I seem to recall that it is bass-ackwards and *only* understands PGP/MIME, so it can't deal with traditional PGP messages. This one meaning your mail, or the one I sent that you're responding to? -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.2 06/23/2000 (debian 2.2-1) iD8DBQE8cwANPMkOzOrc6sMRAnYOAJ0RF2+lNuRfoO0Yv0FIF8RLMY64PQCcDKTr aMq0HXUQb0IQXN78f6zU1dg= =jV5n -END PGP SIGNATURE- * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
[EMAIL PROTECTED] wrote: One thing I noticed though was that it's support for GPG seems to be lacking. The 2 areas I noticed had problems were: - you can not locate your .gnupg directory anywhere other than your home directory, there seems to be no way to configure this. In the Other settings section, for the gpg command, instead of just putting in /usr/bin/gpg, use /usr/bin/gpg --homedir /home/dir. This is bad, especially if your homedir is NFS mounted and you don't trust your network (which I never do, even when I'm the one admin'ing it!) This isn't a limitation of Evolution. This is the standard behavior of gpg. - When trying to verify signed e-mail, it seems to always fail, yet the exact same e-mail in a different mail client (exmh) succeeds in then authentication. I've so far verified this with multiple e-mails sent to this list which I've read under both Evolution and exmh. Evolution fails every time, exmh succeeds every time. This I can't explain. I think it has to do with the way Evolution uses pgp mime. Does anyone have any insight to these issues? Nope ;-) C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
[EMAIL PROTECTED] writes: I've been playing around with Evolution lately and in general I'm impressed (as far as one can be with an overly graphical, eye-candy-based Outlook clone :) I tried Evolution a couple months ago, and while it looked nice, it required a ton of Ximian packages that essentially broke the Redhat up2date process. It looked like I would have had to abandon Red Hat and embrace Red Carpet in order to use Evolution. -- John Abreau / Executive Director, Boston Linux Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 msg13152/pgp0.pgp Description: PGP signature
Re: GPG and different mailers
-BEGIN PGP MESSAGE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.2 06/23/2000 (debian 2.2-1) owFNkjGL1EAUx29vsVlcZcFaniCeQi6XXbS4uK7FsSdBDhYuzdnIJHmbPDeZWWcm t5v+CguLQ9BOFFFQUD+CjZVo4Qe40sYrrQ5snIm7x5EhYTKT3//3Xuaw3Wysdvrf Lvw4Pjr+2vj+W1/03EKlbnfT81ycF1lfXTq/JbhGrtfDaoo+aJzrjWnOiN+GOGNS ob5TqnWmYqJ2y14BBwYFKsVShIRpTHwIS3SguwnbGEHP83rm5t/q+V4Xhrthu1XQ BCHHRJRzUIwS33IGAxiMcmQKIRZ8TGkpESpRSigY5ShBC1DIkzNKwNSZmWsZNWdX SFk5oDNRppkG0jBjyi6bsV2Dk8VLeFQqbfyXiUyT4JDmpOPMAUU8rh3WjIrJqIin MCOdGU5C4zFK06iFnuW3W3vIzHdTKSIW5VUdCxAYE+IT8xzTvI6u9w7CDE8bF9ja NFyfZRRntdno3mhjJ9gZGg1hACgkaopZbrDDfZGXtakyJeaJYUUIJhFtkyQym3HD ASFtsgLBcVlMABnbR76m7d/s89ToFNWifIth8QQq/C+4V06dUwDMhJyY3WPieMWu PrnbPNewB2Z5oDqrn96uvOxcvU8f/jx7EX65lh/B84/v3n8+WXn1+OcbdfKgefg0 enj5L7kHN/1fr/8B =AbHV -END PGP MESSAGE- * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At some point hitherto, [EMAIL PROTECTED] hath spake thusly: Hi all, I've been playing around with Evolution lately and in general I'm impressed (as far as one can be with an overly graphical, eye-candy-based Outlook clone :) One thing I noticed though was that it's support for GPG seems to be lacking. The 2 areas I noticed had problems were: - you can not locate your .gnupg directory anywhere other than your home directory, there seems to be no way to configure this. You never read any of my documentation, do you? :) In the GPG Howto that I wrote up for our group, I covered exactly how to do this, specifically because of the issue you mention. For that matter, it's in the man page. See the section entitled, ENVIRONMENT in the man page. =8^) - When trying to verify signed e-mail, it seems to always fail, yet the exact same e-mail in a different mail client (exmh) succeeds in then authentication. This may be because Evolution only supports the PGP-MIME method of signing (I'm not positive this is true, but I think it is), where most people usually use the clearsign method. Such messages can be verified by hand, but it's a pain in the patootie. - -- Derek Martin [EMAIL PROTECTED] - - I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8cyzBdjdlQoHP510RAsH6AJ9Z1XQ5smixUlt/J/V7ikk/2R25AgCgo/aY O/NrzMqi0HvLCEPjEtpcflc= =cr3d -END PGP SIGNATURE- * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
At some point hitherto, [EMAIL PROTECTED] hath spake thusly: Content-Type: text/plain; charset=us-ascii Note that this is still coming through as ASCII armored, and the MIME header is INSIDE The PGP block of the message. Figured it was just a configuration glitch, since you're playing with different mailers. Yeah, probably was. I think I fixed it. I think you didn't. ;-) -- Derek Martin [EMAIL PROTECTED] - I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *