[PGP/MIME Signatures] (was: Re: [PGP/MIME Signatures] was: Re: Message to "moderator" Koh Choon Lin)

Mika Suomalainen mika.henrik.mainio at hotmail.com
Thu Jun 14 15:24:43 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11.06.2012 22:08, NoOp wrote:
> On 06/07/2012 08:39 AM, Mika Suomalainen wrote: ...
>> 
>> Hi "moderator",
>> 
>> There are two big issues with these mailing lists, could you
>> take a look at them?
>> 
>> 1. PGP/MIME signatures cannot be verified, see 
>> https://bugs.launchpad.net/ubuntu/+bug/996581 .
> 
> Unless I've missing something - PGP/MIME signatures can certainly 
> be verified on this list.

I cannot verify them and as far as I know, Enigmail cannot verify them.

> Take a look at Oliver's reply to you - I have Oliver's pgp key in 
> my keyring & his emails definitely appear as decrypted to me.
> Yours on the otherhand does not as I've not imported your pgp key
> & enigmail (openPGP) then give me the option to import your public 
> key(s - 19?). However were I to import your key(s) yours would be 
> the same. So what am I missing? (serious question - not attempting 
> to be facetious)

We are talking about signing, not encrypting nor decrypting?

I am automatically receiving missing keys from keyserver and you can
get my key by running

> gpg --keyserver pool.sks-keyservers.net --recv-keys 82A46728

> Oliver uses PGP/MIME (as do all of the signed emails on the Ubuntu
>  Security Announce list): ==== 
> --------------enig87C08C9590005E7255B14A56 Content-Type: 
> application/pgp-signature; name="signature.asc" 
> Content-Description: OpenPGP digital signature
> Content-Disposition: attachment; filename="signature.asc"
> 
> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) 
> ====
> 
> Yours on the otherhand does not & is clear-signed:

I don't understand.

> ==== ____________________________ -----BEGIN PGP SIGNATURE----- 
> Version: GnuPG v2.0.19 (GNU/Linux)
> 
> Also note that enigmail 1.2 w/gnupg 14 does not retrieve your 
> public key automatically either:

Enigmail and GnuPG don't automatically receive keys unless you
configure it to do so.

With Enigmail you go to expert settings and write the keyserver where
to receive keys to the second box in that tab where you specify
keyservesrs.

With GnuPG you have keyserver line and something like below in
~/.gnupg/gpg.conf:

> keyserver-options auto-key-retrieve no-include-revoked verbose

>> OpenPGP Security Info
>> 
>> Unverified signature
>> 
>> gpg command line and output: /usr/bin/gpg2 gpg: Signature made 
>> Fri 08 Jun 2012 08:20:05 AM PDT using RSA key ID 82A46728 gpg: 
>> Can't check signature: No public key

I told how to receive key above.

> However, if I go and import your key from a public server directly:
> gpg: requesting key 82A46728 from hkp server 
> pool.sks-keyservers.net gpg: key 82A46728: public key "Mika 
> Suomalainen" imported gpg: 3 marginal(s) needed, 1 complete(s) 
> needed, PGP trust model gpg: depth: 0  valid:   1  signed:   0 
> trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: Total number processed: 1 gpg: 
> imported: 1  (RSA: 1)
> 
> OpenPGP Security Info
> 
> UNTRUSTED Good signature from Mika Suomalainen 
> <mika.henrik.mainio at hotmail.com> Key ID: 0x82A46728 / Signed on: 
> 06/11/2012 08:51 AM Key fingerprint: 24BC 1573 B8EE D666 D10A AA65 
> 4DB5 3CFE 82A4 6728

The key appears as UNTRUSTED, because you haven't (l)signed my key and
you shouldn't do it unless you meet me and verify my identity.

> and from that point on, I no longer have to look at your 
> clear-signed key in my email msg display :-)

I warmly recommend to receive missing keys automatically :).

> ====
> 
> $ apt-cache policy gnupg2 gnupg2: Installed: 2.0.14-2ubuntu1 
> Candidate: 2.0.14-2ubuntu1 Version table: *** 2.0.14-2ubuntu1 0
> 500 http://mirrors.us.kernel.org/ubuntu/ natty/main amd64 Packages
> 100 /var/lib/dpkg/status
> 
> (yes I know 2.0.19 is released - but Ubuntu is only up to 2.0.17)
> 
> Enigmail 1.4.2
> 
> Nice, simple matrix: 
> <http://www.phildev.net/pgp/pgp_clear_vs_mime.html> [GPG Signing: 
> Traditional vs. PGP/Mime] ...
> 
> 

My versions:

```
% apt-cache policy icedove enigmail
icedove:
  Installed: 11.0-1
  Candidate: 11.0-1
  Version table:
 *** 11.0-1 0
       -500 ftp://ftp.debian.org/debian/ experimental/main amd64 Packages
        100 /var/lib/dpkg/status
     10.0.4-1 0
        500 ftp://ftp.debian.org/debian/ sid/main amd64 Packages
        500 ftp://ftp.fi.debian.org/debian/ sid/main amd64 Packages
        500 ftp://ftp.acc.umu.se/debian/ unstable/main amd64 Packages
enigmail:
  Installed: 2:1.4.1exp-1
  Candidate: 2:1.4.1exp-1
  Version table:
 *** 2:1.4.1exp-1 0
       -500 ftp://ftp.debian.org/debian/ experimental/main amd64 Packages
        100 /var/lib/dpkg/status
     2:1.4.1-2 0
        500 ftp://ftp.debian.org/debian/ sid/main amd64 Packages
        500 ftp://ftp.fi.debian.org/debian/ sid/main amd64 Packages
        500 ftp://ftp.acc.umu.se/debian/ unstable/main amd64 Packages
```

Note that I am currently on Debian Unstable (Sid) and this might be
little outdated, because I don't have time to upgrade and same is with
replying to emails. I see that this email where I am replying to was
sent three days ago.

- -- 
[Mika Suomalainen](https://mkaysi.github.com/) ||

NOTICE! I am on mobile broadband with very limited time, so I cannot
read emails very much.
The best time to contact me is probably week ends when I have better
connectivity with good luck.

[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[This signature](https://gist.github.com/2643070#file_icedove.md) ||

[Please reply below this
line](http://mkaysi.github.com/articles/complaining/topposting.html)

____________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Homepage: http://mkaysi.github.com/
Comment: gpg --keyserver pool.sks-keyservers.net --recv-keys 82A46728
Comment: Public key: http://mkaysi.github.com/PGP/key.txt
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP2gI2AAoJEE21PP6CpGco3HUP/RylQvnTguohkp8QOBh+ZM7c
0y/4mUksG3qQnesIuArFEmsUs/YvqzfSUZqgf2Td8tI9eZzYStj0VJlb3Asj97Oh
SSU/MEI7qnZjvlk8L/X2tbRs5z2Qeru+sbG0iqeGgBqaQjOG/1/dQ042sZ0TnHD3
eHGyT7yme+gujCCLDaoDK6rbB4IHAMzTeacQcX6Qe5Fxm1fUvWEuaZGtC323Rqn6
mKTcDFEYTD+X0LLju4369hokKC7PZP5kJbG13khJO0BHWAhY6w3B+gmTXRoagyyc
CXIKRmYHaYXqMsBnCCBOMkLAnOkEc0LquTz8o6R19P+aedS+XpicTBsP9ONbhOs8
l+LZUzk6XixpcildYqFWyaxOoyL21ZzGZiK/2nmKlWFKqBQR1Yr9zGhIklfQ2ZX4
Gox3oQeShOvPlkBM1sHHy5PB2eF8Vrm7US2ww2CHiOXV1rMRJtmzNzXHGRVT5/Sx
uCEmH+Yp0q4q/x4rmCqlo832aaJd3B1Pfbp331Rhh5X0obtTzHmWFskGzRPj2nAf
6FzeQKyVtW2xcs5jwM6XryDRtp6xdg5E76dpT+iF++TXJq88quSOFaz/6cjQEiZh
CWZR25HMGW2L6aLbxyPFo9DA9Tng2pkxV2Ui/VEpvspY4VQp8yryemNpvPclSPz2
jGzHhEAtrPpY4Qe0W8oc
=tCb3
-----END PGP SIGNATURE-----

More information about the ubuntu-users mailing list