Emacs not finding keys to verify signatures

2013-06-30 Thread Daniel Patterson 
Daniel Kahn Gillmor  writes:
> i think the command would be "notmuch gpg", not "gpg-notmuch" -- in your
> configuration, how does emacs know to invoke notmuch on the remote
> server instead of locally?

notmuch on my local machine is a shell script that executes notmuch on
my server via ssh, as per http://notmuchmail.org/remoteusage/. The
reason why this works is that there is no meaning for it to ever execute
locally - there is no notmuch database locally. So from the perspective
of emacs, it might as well be running on the same computer as notmuch
is. Having notmuch-emacs execute shell commands is really nice for this
- because they can easily be replaced with versions that run commands on
other hosts. 

> is it possible that we could make this change something that happens
> in exactly one place in the emacs configuration, and have the wrapper
> scripts figure out the rest?

I think so - signing/encrypting is done via message-mode, so it could be
configured separately (as this should probably always happen locally,
and certainly shouldn't be forced to happen in the same place as the
email store). So if there were a setting like:

(setq notmuch-gpg-command "/path/to/gpg-or-wrapper")

That was what notmuch-emacs used to fetch keys (and anything else it
needed to do), I think it would work.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL:

Emacs not finding keys to verify signatures

2013-06-30 Thread Daniel Kahn Gillmor 
On 06/29/2013 11:24 AM, Daniel Patterson wrote:

> This works. Thanks a lot!

great!

> Yeah, it would be good if there were a hook to be able to send to remote
> gpg... because everything else works so smoothly with simple
> wrappers. Even if it were just a matter of setting a custom gpg command
> (like gpg-notmuch, which would be a shell script that would send the
> calls to the remote gpg).

i think the command would be "notmuch gpg", not "gpg-notmuch" -- in your
configuration, how does emacs know to invoke notmuch on the remote
server instead of locally?  is it possible that we could make this
change something that happens in exactly one place in the emacs
configuration, and have the wrapper scripts figure out the rest?

--dkg

-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL:

Emacs not finding keys to verify signatures

2013-06-29 Thread Daniel Patterson 
Daniel Kahn Gillmor  writes:
> Daniel: on your remote host, have you tried fetching the relevant keys
> into your gpg keyring?  you don't need to create any secret key material
> on the remote host, just fetch the keys as you normally would any other
> user's public key material; then you'll want to mark your own key as
> "ultimately" trusted on the remote host.

This works. Thanks a lot!

> you'll want to maintain this public keyring on that host to be able to
> verify the messages, but you don't need to do anything else with it.
>
> this makes me wonder if the actions that get triggered on those
> "unverified" crypto buttons in the display interface need to be
> customizable to send the commands to a remote gpg as well, instead of
> assuming that they are local.

Yeah, it would be good if there were a hook to be able to send to remote
gpg... because everything else works so smoothly with simple
wrappers. Even if it were just a matter of setting a custom gpg command
(like gpg-notmuch, which would be a shell script that would send the
calls to the remote gpg).

With notmuch, I can just override the command itself, because there is
no local meaning... but I obviously don't want to override gpg globally
- only in the context of adding public keys.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL:

Emacs not finding keys to verify signatures

2013-06-28 Thread David Bremner 
Daniel Patterson  writes:

> One thing I forgot to mention - I have notmuch running on a remote
> server through ssh. I don't really imagine this would be an issue, but
> maybe? (I also have the library installed locally, for emacs).

The verification of the message happens in the notmuch CLI, so on the
the remote host. I guess the downloading is happening on the local host,
so that is quite possibly the problem.

d

Emacs not finding keys to verify signatures

2013-06-28 Thread Daniel Kahn Gillmor 
On 06/28/2013 11:05 AM, David Bremner wrote:
> Daniel Patterson  writes:
> 
>> One thing I forgot to mention - I have notmuch running on a remote
>> server through ssh. I don't really imagine this would be an issue, but
>> maybe? (I also have the library installed locally, for emacs).
> 
> The verification of the message happens in the notmuch CLI, so on the
> the remote host. I guess the downloading is happening on the local host,
> so that is quite possibly the problem.

i'm quite sure this is the problem, that was a relevant bit of info to
include :)

Daniel: on your remote host, have you tried fetching the relevant keys
into your gpg keyring?  you don't need to create any secret key material
on the remote host, just fetch the keys as you normally would any other
user's public key material; then you'll want to mark your own key as
"ultimately" trusted on the remote host.

So, for example, on the remote host:

 gpg --keyserver ha.pool.sks-keyservers.net --recv
0x36EEAD9EA53D20B79C383EED2747EC48A98D4AF0

 gpg --edit-key 0x36EEAD9EA53D20B79C383EED2747EC48A98D4AF0 trust

you'll want to maintain this public keyring on that host to be able to
verify the messages, but you don't need to do anything else with it.

this makes me wonder if the actions that get triggered on those
"unverified" crypto buttons in the display interface need to be
customizable to send the commands to a remote gpg as well, instead of
assuming that they are local.

please report back with how that works for you!

--dkg

-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL:

Emacs not finding keys to verify signatures

2013-06-28 Thread Daniel Patterson 

David Bremner  writes:
>> I click on it, and it requests _my_ public key from the key server, and
>> of course nothing changes - because I already had the key.
>
> So after you click, the key downloads, and the button does not change
> colour?

Yes. After it downloads, it still says "Unknown key KEYID or unsupported
algorithm". I would be confused by the unsupported algorithm - it is
just an RSA/RSA key, newly created. This has also happened for other
signed messages - it downloads the key, but still says it doesn't know
the key (and this persists across restarts of emacs).

>> Any ideas? Is this because of some missing package or misconfigured
>> setting? I'm using the latest released version of notmuch (0.15.2),
>> emacs 24.2.1, and gpg 1.4.11.
>
> Does using easypg from within emacs work for you? You can try with 
> "M-x epa-list-keys"

That works, and it shows the key there.

One thing I forgot to mention - I have notmuch running on a remote
server through ssh. I don't really imagine this would be an issue, but
maybe? (I also have the library installed locally, for emacs).
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL:

Emacs not finding keys to verify signatures

2013-06-28 Thread David Bremner 
Daniel Patterson  writes:
>
> I click on it, and it requests _my_ public key from the key server, and
> of course nothing changes - because I already had the key.

So after you click, the key downloads, and the button does not change
colour?

> Any ideas? Is this because of some missing package or misconfigured
> setting? I'm using the latest released version of notmuch (0.15.2),
> emacs 24.2.1, and gpg 1.4.11.

Does using easypg from within emacs work for you? You can try with 
"M-x epa-list-keys"

Emacs not finding keys to verify signatures

2013-06-24 Thread Daniel Patterson 

Apologies if this is addressed somewhere in the docs - I haven't found
it!

I am testing out signing of messages. I set
(add-hook 'message-setup-hook mml-secure-message-sign-pgpmime)
As per the docs, and I can send a message and it gets signed. When I
view the message (which was Bcc'd to me) and hit $, I see this message:

[ Unknown key ID 0x2747EC48A98D4AF0 or unsupported algorithm ]

I click on it, and it requests _my_ public key from the key server, and
of course nothing changes - because I already had the key.

Any ideas? Is this because of some missing package or misconfigured
setting? I'm using the latest released version of notmuch (0.15.2),
emacs 24.2.1, and gpg 1.4.11.

Thanks!
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: