> > 1) What is a useful/meaningful setup in ~/.gnus.el for obtaining enabling > > GnusPG > > for PGP/MIME? > > I figured the following to be useful: > > (setq mm-verify-option 'always); always verify signed parts > > (setq mm-decrypt-option 'always); always decrypt encrypted parts > > (setq gnus-message-replysign t); gnus-message-replyencrypt, > > gnus-message-replysignencrypted are already t by default > > I also found Gnus users who set > > (setq gnus-treat-x-pgp-sig t) > > but I could not find sufficient documentation of gnus-treat-x-pgp-sig to > > determine whether this is useful. > > There's also these two (defaulting to nil): > > mm-sign-option 'guided > mm-encrypt-option 'guided
Thanks, Kevin. Do you know what gnus-treat-x-pgp-sig does? I could not find documentation on this. > > If set to 'guided, you'll get a menu on sending signed/encrypted > messages asking which key you want to use. > > > 2) Why are gnus-message-replyencrypt and gnus-message-replysignencrypted > > set to > > t by default, but gnus-message-replysign defaults to nil? Has this been > > forgotten in the recent change (see > > http://comments.gmane.org/gmane.emacs.gnus.general/75543)? > > > > 3) Is it "good practice" to always sign messages? AFAIK, this does not > > require > > the recipient to deal with encryption, but he could at least check that the > > message has the correct signature. How would one always sign messages in > > Gnus by > > default? > > (no idea) In the meantime, I found the solution to 3) on http://www.emacswiki.org/emacs/GnusPGG (just look for "Automatic signing/encryption of messages") > > > 4) Where are my private/public keys? I never saw them nor was asked to > > generate > > them. > > You make them with GnuPG (gpg --gen-key); Emacs seems to figure out how > to run gpg on its own. This is strange: I already have a folder ~/.gnupg (owned by root). I found this problem online at various places and I followed the advice to change the ownership. > There are some issues with gpg2 though (specifically, with pinentry). > I've installed gpg1 alongside gpg2 for the time being and have > > (when (file-executable-p "/usr/bin/gpg1") > (setq epg-gpg-program "/usr/bin/gpg1")) > > More at http://www.emacswiki.org/emacs/EasyPG#toc4 > > > > 5) Am I correct in that signing a message simply requires C-c C-m s p? (and > > signing + encrypting C-c C-m c p?) > > Yes. I find `C-c C-m C-s' faster though (pinky never leaves the caps key). Thanks, that's indeed nice. > > > I tried to send a test mail to [email protected] (mentioned on the german wiki > > page > > http://de.wikipedia.org/wiki/GNU_Privacy_Guard). I used C-c C-m c p. On > > sending > > via C-c C-c, I received "No public key for <[email protected]>; skip it? (y or > > n)". I chose 'y', since the public key will be sent by [email protected]. I > > then > > obtained "mml2015-epg-encrypt: No recipient specified". What does this mean? > > My German is not so good, but it seemed to me you're supposed to just > attach your public key to Adele. So don't encrypt that e-mail. Then she > sends back her own key, but now encrypted for your eyes only. Now you > can save that key as a file on disk, and do > > $ gpg --import that-file-on-disk > > to import her key. _Now_ you should be able to `C-c C-m C-c' and encrypt > your next email for Adele. > > > > Also, if you want to check my signature, do > > $ gpg --keyserver pgp.mit.edu --recv-keys 0x766AC60C > > Then in gnus, press "g" to redisplay this email, and it should no longer > say "No public key for …". > > I use the following to fetch unknown keys on `C-c k', though it's not > particularly pretty: > > #+begin_src emacs-lisp > (defun gnus-article-receive-epg-keys () > "Fetch unknown keys from a signed message." > (interactive) > (with-current-buffer gnus-article-buffer > (save-excursion > (goto-char (point-min)) > (if > (re-search-forward "\\[\\[PGP Signed Part:No public key for > \\([A-F0-9]\\{16,16\\}\\) created at " > nil 'noerror) > (shell-command (format "gpg --keyserver %s --recv-keys %s" > "pgp.mit.edu" > (match-string 1))) > (message "No unknown signed parts found."))))) > (add-hook > 'gnus-startup-hook > (lambda nil > (define-key gnus-article-mode-map (kbd "C-c k") > 'gnus-article-receive-epg-keys) > (define-key gnus-summary-mode-map (kbd "C-c k") > 'gnus-article-receive-epg-keys))) > #+end_src > Great, many thanks! _______________________________________________ info-gnus-english mailing list [email protected] https://lists.gnu.org/mailman/listinfo/info-gnus-english
