Re: Which one?

2017-04-10 Thread Dirk Zemisch 
Moin Martin, hello list

> Martin Schoch  wrote yesterday @18:06:

>> I personally use Mailbox.org [1], but there are some others too. [2]
 
> Ok. But if you really want to setup a fresh new account to use GnuPG?

If you like to start using openPGP (PGP or GnuPG) with a fresh account - so why 
not start with mailbox.org (or the equivalent at Posteo)?

These accounts are fully accessible though WebMail and/or a dedicated mail 
client with OpenPGP support (there were named some in the thread). And you can 
use them with TheBat! of course (returning to the list subject).

Mailbox.org generates a new key for the (new) adress - same you should do, if 
you set up an account at any other provider. This key is downloadable and ready 
for import in your local keyring, so you can use the key (and the mail account) 
outside the WebMail application.

If you already have GnuPG (or PGP) installed, you also have an mail adress 
connected to this key. And hopefully access to the account behind the adress. 
;-) Here you have the chance to use Mailvelope in WebMail. 

>> Generally  you  can  try  to  use  Mailvelope  [3]  for  most  webmail
>> applications. It's a browser extension enabling OpenPGP.
 
> I am not happy with this solution. Why to setup the keys or import (to
> which location) your keys again? I want to use GnuPG on my local
> machine with keys stored on my local machine.

Do you use WebMail from your local machine? I mean - if not, you will not have 
the problem. Otherwise: Why not use an dedicated mail client there? It's YOUR 
machine, you have the possibility to use one...

But if you like to use both, I found the following in the mailvelope FAQ:

"Mailvelope stores the keys in the local storage of the browser and only there. 
This is a file in the user data directory of Chrome or the profiles folder of 
Firefox. If you clear temporary browsing data this will not affect the key 
storage of Mailvelope. If you delete the Mailvelope Chrome extension, then the 
key storage will also be removed from your file system. On Firefox there is an 
additional confirmation dialog once you remove the Mailvelope add-on that 
allows to delete all keys or leave them in the profile folder of the system."

So the keys will not leave your local system if you don't export them to a key 
server.

If you don't like the idea to store all information about your keys in the 
browser - so try yubikey[4] (or any other OpenPGP smartcard). The secret key 
will not work without your yubikey, even if anyone has access to your 
(unsecured) machine.

For further information I recommend Simon Josefsson's blog [1] and the very 
helpful article about offline keys there [2].

>>> You could use WinPT to encrypt your mail locally and copy the encrypted 
>>> ascii armor file
>> I would *not* recommend this.
> And why not?

It's to tricky - you will use that once or twice. Afterwards we will have 
minimum one more user telling that encryption (and decryption) is a really nice 
feature but not for him, because it's so tricky in use. ;-)

I used GPGRelay [3] for a long time - it was (is) a local relay server, signing 
(or encrypting) all outgoing mail and decrypting incoming - with minimal 
interaction (caching passphrases locally for some time) with the user. But 
unfortunately it was discontinued some years ago.

[1] https://blog.josefsson.org/
[2] 
https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/
[3] https://sourceforge.net/projects/gpgrelay/
[4] https://www.yubico.com/

Regards,
Dirk


Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Which one?

2017-04-09 Thread Dirk Zemisch 
Good morning List,

the day before yesterday (on 04/07/2017 at 17:32) Martin Schoch chipped in:

> Mail on Webmail with GnuPG is quite difficult - I don't know any
> provider which support this.

It's  not  easy - but far not as difficult as it was one or more years
ago.

There  are some providers, even here in Germany, providing Signing and
encrypting mails in WebMail.

I personally use Mailbox.org [1], but there are some others too. [2]

Generally  you  can  try  to  use  Mailvelope  [3]  for  most  webmail
applications. It's a browser extension enabling OpenPGP.

> You could use WinPT to encrypt your mail
> locally and copy the encrypted ascii armor file to the webmail text
> field. But this is not a very nice solution IMHO.

I would *not* recommend this.

[1] https://mailbox.org/en/
[2] https://posteo.de/en
https://gmx.net
(Details in german: https://www.gmx.net/mail/sicherheit/pgp/details/)
[3] https://www.mailvelope.com/en

-- 
Regards,
Dirk



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: IMAP: get bodies for all message headers, how?

2014-07-01 Thread Dirk Zemisch 
Good afternoon Thomas  TBUDL,

just now (on 07/01/2014 at 16:47) Thomas commented:

 On Tue, 01 Jul 2014 16:34:46 +0200 GMT (01-Jul-14, 21:34 +0700 GMT),
 Luca wrote:

 I have many IMAP folders with lots of messages without bodies, just headers.
 I'd like to get all bodies, but I can't find other way except for selecting
 every single message one by one. 

 Is there any get all bodies command, somewhere? Workarounds?

 The whole idea of IMAP is that you leave the messages on the server
 and don't keep them all on your computer. If you want all bodies, I
 believe POP is better for you.

No.  IMAP  is also fine for filtering the messages already on the server
(ONCE!) and not in any client again. For *me* this is the most important
benefit from IMAP over POP.

Especially  when  I  fetch my mails with my mobile I would like to fetch
only  messages  from  some  folders,  not  all. Using POP I will get all
messages.

 Why do you want all bodies on your server, may I ask?

For some offline scenario or local backup I think.

-- 
Regards,
Dirk Zemisch



Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: email traveling

2007-07-13 Thread Dirk Zemisch 
Joyce Ragels wrote:

 First of all, may The Bat be legally installed on both my desktop and
 a laptop.

You've  got  a  Personal  license,  so you can use TB! on more than one
computer, but only you.

 Once I get back home, I'd want to sinc the laptop email with the computer.
 Is this doable?  How have some of you handled that situation?

Two suggestions:

The  first  one  is  simple: set your second installation (laptop)up to
leave  the  mail  on  the server. When you will be back you can all the
mail receive as usual.

I use this version, being at home only at weekends.

The  second  one  is the TB! internal sync, which do right this - syncs
two  installations.  I tried it last with version 2.xx and came back to
my  first  suggestion.  But  you  can  test  it,  maybe  there were some
improvements...

-- 
Regards
Dirk





Current version is 3.99 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html