[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: [Enigmail] New user part 2 Mika Suomalainen Sat Apr 07 02:00:35 2012

Hash: SHA1

On 07.04.2012 08:15, Eugene Seidel wrote:
> Thanks to Mika Suomainen, who gave generously of his time, I sent
> my first encrypted message (with attachment) and received
> confirmation that it arrived intact. My thanks also go to the
> people who helped me with questions already.

You're welcome :)

> 1 Should I always sign every e-mail from now on? Pro: this may
> prompt some correspondents to reveal they, too, are using this
> software and enlarge the number of people with whom I can
> communicate in this way. Con: It's ugly and may confuse some
> correspondents!

Yes, so people could verify that you are the real sender of email and
the message is not spoofed or something.

If you use S/MIME, that con isn't a problem, it just adds
signature.asc file as attachment for all messages. I'm not sure how
this works so it might be best for someone else to answer how.

> 2 Why is the "signature block" at the end of a mail message so
> much shorter for some of you? How can I shrink my own signature
> block?

The length of signature block depends on how many bytes your key is.
Mine is 4096 (maximum without modifying the source) and your seems to
be 2048 (default) bit .

> 3 I got corrected by a few people for calling this a news group
> instead of a mailing list. Well, in the Enigmail Quick Start
> guā¬ide, chapter 3 (Your first signature) it says: <begin quote>
> "It's probably a good idea to send your first test email to a
> mailing list that has a lot of GnuPG folk around, and that offers
> support to newcomers who are just starting out. Two of the best
> options are PGP-Basics 
> [http://tech.groups.yahoo.com/group/PGP-Basics/] and Enigmail
> Users [http://www.mozdev.org/mailman/listinfo/enigmail/]." <end
> quote> I then searched Thunderbird help and mozillazine.org for
> instructions on how to set up a mailing list, but all the pages
> were about how to set up Thunderbird to send mail to multiple
> recipients (a.k.a. mailshot). This cost me some time, until I
> figured out I could go to the URL directly and sign up there. I
> guess the Quick Start guide could be a little more explicit on that
> point.
> 4 Security. I am still unclear on some of the key concepts. Let's
> say somebody gets a hold of my signature, perhaps by reading it
> here. Then he composes an e-mail but inserts my e-mail address as
> the "Sender". Finally he tacks on my signature block, and sends the
> mail to someone, pretending to be me. The recipient opens the mail
> and if they have Enigmail, too, it looks up the signature to see if
> it exists and confirms that it belongs to me. Surely it can't be so
> easy to impersonate me. Where is my misunderstanding?

The receiver of message which has your signature which is copy-pasted
from another message gets Enigmail, which shows red banner and tells
"Invalid signature from...". The signature is signed hash of your
message (someone else might be best to explain this as I don't
remember how this works).

> 5 For now, I guess that my Enigmail works only on this Thunderbird
> and on this (desktop) computer. What if I am traveling and using a
> different computer?

You can export your private key and import it with another computer.
To do this, you open terminal (or cmd.exe if you use Windows and GPG4Win)
and give command
gpg --export -a <KEYID> > privatekey.asc
To import your key on another computer, you will use command
gpg --import privatekey.asc
and then you can sign (and decrypt) messages on that another computer too.
> Enigmail mailing list [EMAIL PROTECTED] 
> https://www.mozdev.org/mailman/listinfo/enigmail

- -- 
Mika Suomalainen
> gpg --keyserver pool.sks-keyservers.net --recv-keys
> 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A  AA65
> 4DB5 3CFE 82A4 6728
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

Enigmail mailing list