Moin Martin, hello list
> Martin Schoch wrote yesterday @18:06:
>> I personally use Mailbox.org [1], but there are some others too. [2]
> Ok. But if you really want to setup a fresh new account to use GnuPG?
If you like to start using openPGP (PGP or GnuPG) with a fresh account - so why
not start with mailbox.org (or the equivalent at Posteo)?
These accounts are fully accessible though WebMail and/or a dedicated mail
client with OpenPGP support (there were named some in the thread). And you can
use them with TheBat! of course (returning to the list subject).
Mailbox.org generates a new key for the (new) adress - same you should do, if
you set up an account at any other provider. This key is downloadable and ready
for import in your local keyring, so you can use the key (and the mail account)
outside the WebMail application.
If you already have GnuPG (or PGP) installed, you also have an mail adress
connected to this key. And hopefully access to the account behind the adress.
;-) Here you have the chance to use Mailvelope in WebMail.
>> Generally you can try to use Mailvelope [3] for most webmail
>> applications. It's a browser extension enabling OpenPGP.
> I am not happy with this solution. Why to setup the keys or import (to
> which location) your keys again? I want to use GnuPG on my local
> machine with keys stored on my local machine.
Do you use WebMail from your local machine? I mean - if not, you will not have
the problem. Otherwise: Why not use an dedicated mail client there? It's YOUR
machine, you have the possibility to use one...
But if you like to use both, I found the following in the mailvelope FAQ:
"Mailvelope stores the keys in the local storage of the browser and only there.
This is a file in the user data directory of Chrome or the profiles folder of
Firefox. If you clear temporary browsing data this will not affect the key
storage of Mailvelope. If you delete the Mailvelope Chrome extension, then the
key storage will also be removed from your file system. On Firefox there is an
additional confirmation dialog once you remove the Mailvelope add-on that
allows to delete all keys or leave them in the profile folder of the system."
So the keys will not leave your local system if you don't export them to a key
server.
If you don't like the idea to store all information about your keys in the
browser - so try yubikey[4] (or any other OpenPGP smartcard). The secret key
will not work without your yubikey, even if anyone has access to your
(unsecured) machine.
For further information I recommend Simon Josefsson's blog [1] and the very
helpful article about offline keys there [2].
>>> You could use WinPT to encrypt your mail locally and copy the encrypted
>>> ascii armor file
>> I would *not* recommend this.
> And why not?
It's to tricky - you will use that once or twice. Afterwards we will have
minimum one more user telling that encryption (and decryption) is a really nice
feature but not for him, because it's so tricky in use. ;-)
I used GPGRelay [3] for a long time - it was (is) a local relay server, signing
(or encrypting) all outgoing mail and decrypting incoming - with minimal
interaction (caching passphrases locally for some time) with the user. But
unfortunately it was discontinued some years ago.
[1] https://blog.josefsson.org/
[2]
https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/
[3] https://sourceforge.net/projects/gpgrelay/
[4] https://www.yubico.com/
Regards,
Dirk
Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html