* Tim Guirgies <[email protected]> [2011-06-07 03:03:12 +1000]:
back on list :D
> Thankfully, gpg makes it pretty hard to do stupid things like sending
> out your private key. That block there is a PGP cleartext signature:
> what will appear with all your email once you begin to sign it; it's
> perfectly safe, and _is_ what signing is.
Good, that actually makes me feel slightly better ;D
> And since you can do that, that means your password is definately
> correct, and you _can_ sign with that key.
Yea, I was pretty sure I could, My pass is pretty damned complex and
I knew it's right, it's practically ingrained in me.
> That's fair enough and not particularly weird; it just seemed odd,
> that's all.
I will happily be odd. Makes I am doing my job! (What ever that is, I
have NFC.)
> Yup. I got your key. ID D5B20C0C and subkey 65AD06FE; is that correct?
Yes, that is me, you are PUB: BE773416, SUB: BE835FD3/F9682620?
> Well, it can't, actually. I've got it encrypted with gpg, and then in
> my .muttrc, I have:
>
> set imap_pass = `gpg --quiet --decrypt ~/.mutt-password-gmail`
>
> Note the backticks. This is for bash, but should work for all shells.
> Also, make sure you encrypt to yourself so that only your private key
> can decrypt it. Of course, gpg will still ask you to unlock the key
> when you start mutt anyway, so I don't really if it's a saving. :P
I'll keep that handy .... would that work for my actual gmail password
as well?
> After all that, however, we are no closer to solving your issue.
Nope, we're not :(
> Can you please tell me the exact sequence you use to try to sign a
> message?
Compose/reply to a piece of mail, esc:x to save it, I get moved to the
post-reply window. From there 'p', 'a' to Sign As, it asks for my KEY ID,
I enter either the 8-charater, 10-char hex, or my e-mail for my key and it
asks me to confirm the right key, since there is only one to choose from,
I hit enter. and I see the MINE and Security entries update in the header.
Security: Sign (PGP/MIME)
sign as: 0xD5B20C0C
>From that point, I hit 'y' to send and mutt prompts for my password, I
enter it like a good drone, when I do, mutt then clears and I see my shell,
and the following message is printed to stdout:
gpg: skipped "0xD5B20C0C": Bad passphrase
gpg: signing failed: Bad passphrase
Press any key to continue...
But I know my pass is right.
> Also, can you automatically verify my messages? To get my key, use
> gpg2 --recv-keys BE773416
> Then, when you open (you'll need to close and open again) my messages in
> mutt, it should say "signature verified" at the top.
I got your key without issue, but I don't see "signature verified" at the top.
--
> A: Yes.
> >Q: Are you sure?
> >>A: Because it reverses the logical flow of conversation.
> >>>Q: Why is top posting frowned upon?
