[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Verifying signed mail in Gnus
From: |
Akib Azmain Turja |
Subject: |
Re: Verifying signed mail in Gnus |
Date: |
Mon, 31 Oct 2022 17:48:42 +0600 |
Angel de Vicente <angel.vicente.garrido@gmail.com> writes:
> Hello,
>
> it is only yesterday that I started worrying about signing/encrypting
> mails, so I still have plenty of holes in my understanding of the
> process in order to have a simple and secure workflow.
>
> So here I go with some questions, based on some real scenarios that I
> tried to solve today and for which I'm not sure how to proceed:
>
> 1) I got a signed mail from someone for which I don't have his public
> key. I tried to use the EasyPG epa-search-keys command, but found that
> the keyserver I'm using (epa-keyserver: "keys.openpgp.org") doesn't have
> that key. Is it not possible (via a command prefix) to change the
> keyserver to be searched by that function? I thought keyservers
> exchanged information so at the end all had basically the same keys? Am
> I mistaken?
>
> 2) Once I have the public PGP key of someone, I know how to sign it, so
> its trust becomes "full", which Gnus shows nicely:
>
> ,----
> | [[PGP Encrypted Part:OK]]
> |
> | [[PGP Signed Part:Good signature from 5CA8B9B7XXXXXXXX XXXXXX
> | X. XXXXXXXXXX <XXXXXX@XXX.XX> (trust full) created at
> | 2022-10-31T09:54:05+0000 using RSA]]
> `----
>
> but now I got an e-mail from someone using S/MIME, and despite reading
> that GnuPG should be able to handle S/MIME certificates, I'm not sure
> how to do it. Is there something similar to `epa-search-keys` but for
> certificates? I guess since we are dealing with certificates here, I
> don't need to get the individual certificate of this person, but just
> the certificate for the Certification Authority, but how to find the
> certificate, and how to do the equivalent of the signing above, so trust
> will go from "undefined" to "full"?
>
> ,----
> | [[S/MIME Signed Part:Good signature from
> | DD733F6DFA9EBA0303FXXXXXXXXXXXXXXXXXXXXX /CN=XXXXX XXXXXX XXXXXX
> | XXXXXXXX/O=Instituto de Astrofisica de Canarias/STREET=Calle Vía
> | Láctea, s\x2fn/ST=Santa Cruz de Tenerife/C=ES (trust undefined)]]
> `----
>
> Thanks for any pointers.
>
> Cheers,
How did you make Gnus display those nice messages? My Gnus doesn't do
that (but ask me for password for decrypting mails).
--
Akib Azmain Turja
Find me on Mastodon at @akib@hostux.social, and on Codeberg (user
"akib").
This message is signed by me with my GnuPG key. Its fingerprint is:
7001 8CE5 819F 17A3 BBA6 66AF E74F 0EFA 922A E7F5
signature.asc
Description: PGP signature