date:20170410

Re: Which one?

2017-04-10 Thread MFPA

Hi


On Friday 7 April 2017 at 4:05:04 PM, in
, Goos wrote:-


> And their encryption tool also has to be Gnu PG? Or
> doesn't it matter which
> one they use?  

GnuPG or PGP or any other tool which implements the OpenPGP protocol.




-- 
Best regards

MFPA  

Don't learn safety rules by accident... 

Using The Bat! v7.4.16 on Windows 10.0 Build 14393  



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to?

2017-04-10 Thread Maggie Meister

Hi Martin,

On Monday, April 10, 2017 at 9:23:40 AM you wrote:

M> One thing I would like to ask - which client are you using? The mail
M> header says:

M> RITLABS Mailer v4.2.44.2

M> Quite old IMHO.

Yes, that is correct. I have an XP laptop. I had not thought to
ask if any of current GnuPG or the PGP might with my antique
system.

-- 

Best Regards,
Maggie  http://www.OurCabinOnTheCreek.com 

An idea, like a ghost, must be spoken to a little before it will
explain itself. -Charles Dickens
 



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to?

2017-04-10 Thread Martin

Hi Maggie

On Monday, April 10, 2017 3:10:55 PM you wrote:

> Okay, Thanks Martin, now I know a little more. 

One thing I would like to ask - which client are you using? The mail
header says:

RITLABS Mailer v4.2.44.2

Quite old IMHO.

-- 
Best regards,
   Martin
   dagob...@yahoo.com

TheBat! 7.4.16.3 (BETA) Pro (with OTFE) on Windows 7 6.1 7601 Service Pack 1



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to?

2017-04-10 Thread Maggie Meister

Hi Martin,

On Sunday, April 09, 2017 at 11:23:40 AM you wrote:

M> I am using GnuPG sometimes - so I am not a power user. Perhaps I can
M> try to answer your questions... ;-)

M> On Saturday, April 8, 2017 2:57:10 PM you wrote:MM>> 1. Using GnuPG seems to 
take up lots of space. 

M> The GPG key doesn't go into the signature - its a own element in the
M> text or inline

MM>> 2. How will correspondents using smart phones manage this 
>> considering the screen size?

M> I don't understand your question. The key is mostly not displayed with
M> the client so there is no "screen size" problem.

Yes, this answers what I was _trying_ to ask. 

MM>> 4. When replying without trimming in an email thread, this could
>> potentially take to not only scroll through, but to even find the
>> actual email amidst all the other security characters?

M> Email clients which are supporting GnuPG don't include key in the
M> reply.

Thank you!

>> 5. Are these questions also relevant to PGP or only GnuPG?

M> I am using GnuPG - don't know PGP at all.

Okay, Thanks Martin, now I know a little more. 

-- 

Best Regards,
Maggie  http://www.OurCabinOnTheCreek.com 

“There is no harm in being sometimes wrong - especially if one
is promptly found out.” Keynes

Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Which one?

2017-04-10 Thread Martin

Hi Dirk

On Monday, April 10, 2017 8:23:38 AM you wrote:

> Mailbox.org generates a new key for the (new) adress - same you
> should do, if you set up an account at any other provider. This key
> is downloadable and ready for import in your local keyring, so you
> can use the key (and the mail account) outside the WebMail application.

With other words: The private key is stored on the server of the mail
provider? No, that is not secure in my opinion.

> Do you use WebMail from your local machine? I mean - if not, you
> will not have the problem. Otherwise: Why not use an dedicated mail
> client there? It's YOUR machine, you have the possibility to use one...

I am using email clients with GnuPG support and I don't like Webmail
at all. But the orignal post asked for GnuPG support for Webmail.

> If you don't like the idea to store all information about your keys
> in the browser - so try yubikey[4] (or any other OpenPGP smartcard).
> The secret key will not work without your yubikey, even if anyone
> has access to your (unsecured) machine.

As said - I am using TheBat (or ClawsMail, Thunderbird on Windows or
Linux, R2Mail2 on Android ) with GnuPG support and these clients are
calling the GnuPG with local stored keys. For me there is no need to
change something and such a setup can be used by other users, too.

> It's to tricky - you will use that once or twice. Afterwards we
> will have minimum one more user telling that encryption (and
> decryption) is a really nice feature but not for him, because it's so tricky 
> in use. ;-)

No, its not tricky.

> I used GPGRelay [3] for a long time - it was (is) a local relay
> server, signing (or encrypting) all outgoing mail and decrypting
> incoming - with minimal interaction (caching passphrases locally for
> some time) with the user. But unfortunately it was discontinued some years 
> ago.

Yes I know this, too. Also a good solution if you want encyrypt/sign
all your mail. With clients you are more flexible to choose what you
will do - encrypt, sign, both or nothing - according to your
addressee.

-- 
Best regards,
   Martin
   dagob...@yahoo.com

TheBat! 7.4.16.3 (BETA) Pro (with OTFE) on Windows 7 6.1 7601 Service Pack 1

Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Which one?

2017-04-10 Thread Adrian Godfrey


Monday, April 10, 2017, 9:16:06 AM, you wrote:

> Instead, two of them counter-proposed to use VPN.

A VPN is much easier. If you use a mobile device for email, a VPN will
work there as well.

Trying to guess which recioients use PGP (and most people don't) 

Even worse for mails you receive as they can come from anywhere.

Adrian

-- 
Best regards,
 Adrianmailto:li...@ags.lu



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Which one?

2017-04-10 Thread Goos



> If you already have GnuPG (or PGP) installed,

I have GnuPG installed but failed to make a The Bat
new mail template ... despite the help site.
Moreover, I do not know how to organize it automated
in TB to use GnuPG with contacts who also use it and not
to use it with those who don't.
Neither do I know if it also works when people use another
PGP program.
Anyway, I wrote simple mails to some people proposing to
use mail encryption, but they all considered it too much work
(it indeed would include to dive into the matter ... docs, manuals
to understand it and to implement it).
Instead, two of them counter-proposed to use VPN.

Resuming, I have to admit, that encrypting mail is still a
complicated issue for someone who does not know the
subject matter - IMO that hasn't become much easier
since I in vain tried it some 5 years ago.
Well, at least, secure sending and recieving does work.

Rather disappointed,
Gunivortus



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Which one?

2017-04-10 Thread Dirk Zemisch

Moin Martin, hello list

> Martin Schoch  wrote yesterday @18:06:

>> I personally use Mailbox.org [1], but there are some others too. [2]
 
> Ok. But if you really want to setup a fresh new account to use GnuPG?

If you like to start using openPGP (PGP or GnuPG) with a fresh account - so why 
not start with mailbox.org (or the equivalent at Posteo)?

These accounts are fully accessible though WebMail and/or a dedicated mail 
client with OpenPGP support (there were named some in the thread). And you can 
use them with TheBat! of course (returning to the list subject).

Mailbox.org generates a new key for the (new) adress - same you should do, if 
you set up an account at any other provider. This key is downloadable and ready 
for import in your local keyring, so you can use the key (and the mail account) 
outside the WebMail application.

If you already have GnuPG (or PGP) installed, you also have an mail adress 
connected to this key. And hopefully access to the account behind the adress. 
;-) Here you have the chance to use Mailvelope in WebMail. 

>> Generally  you  can  try  to  use  Mailvelope  [3]  for  most  webmail
>> applications. It's a browser extension enabling OpenPGP.
 
> I am not happy with this solution. Why to setup the keys or import (to
> which location) your keys again? I want to use GnuPG on my local
> machine with keys stored on my local machine.

Do you use WebMail from your local machine? I mean - if not, you will not have 
the problem. Otherwise: Why not use an dedicated mail client there? It's YOUR 
machine, you have the possibility to use one...

But if you like to use both, I found the following in the mailvelope FAQ:

"Mailvelope stores the keys in the local storage of the browser and only there. 
This is a file in the user data directory of Chrome or the profiles folder of 
Firefox. If you clear temporary browsing data this will not affect the key 
storage of Mailvelope. If you delete the Mailvelope Chrome extension, then the 
key storage will also be removed from your file system. On Firefox there is an 
additional confirmation dialog once you remove the Mailvelope add-on that 
allows to delete all keys or leave them in the profile folder of the system."

So the keys will not leave your local system if you don't export them to a key 
server.

If you don't like the idea to store all information about your keys in the 
browser - so try yubikey[4] (or any other OpenPGP smartcard). The secret key 
will not work without your yubikey, even if anyone has access to your 
(unsecured) machine.

For further information I recommend Simon Josefsson's blog [1] and the very 
helpful article about offline keys there [2].

>>> You could use WinPT to encrypt your mail locally and copy the encrypted 
>>> ascii armor file
>> I would *not* recommend this.
> And why not?

It's to tricky - you will use that once or twice. Afterwards we will have 
minimum one more user telling that encryption (and decryption) is a really nice 
feature but not for him, because it's so tricky in use. ;-)

I used GPGRelay [3] for a long time - it was (is) a local relay server, signing 
(or encrypting) all outgoing mail and decrypting incoming - with minimal 
interaction (caching passphrases locally for some time) with the user. But 
unfortunately it was discontinued some years ago.

[1] https://blog.josefsson.org/
[2] 
https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/
[3] https://sourceforge.net/projects/gpgrelay/
[4] https://www.yubico.com/

Regards,
Dirk


Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Which one?

Re: How to?

Re: How to?

Re: How to?

Re: Which one?

Re: Which one?

Re: Which one?

Re: Which one?

8 matches

Site Navigation

Mail list logo

Footer information