From: Angel de Vicente <angel.vicente.garrido@gmail.com>
To: help-gnu-emacs@gnu.org
Subject: Verifying signed mail in Gnus
Date: Mon, 31 Oct 2022 10:24:22 +0000 [thread overview]
Message-ID: <87a65cz3xl.fsf@gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2151 bytes --]
Hello,
it is only yesterday that I started worrying about signing/encrypting
mails, so I still have plenty of holes in my understanding of the
process in order to have a simple and secure workflow.
So here I go with some questions, based on some real scenarios that I
tried to solve today and for which I'm not sure how to proceed:
1) I got a signed mail from someone for which I don't have his public
key. I tried to use the EasyPG epa-search-keys command, but found that
the keyserver I'm using (epa-keyserver: "keys.openpgp.org") doesn't have
that key. Is it not possible (via a command prefix) to change the
keyserver to be searched by that function? I thought keyservers
exchanged information so at the end all had basically the same keys? Am
I mistaken?
2) Once I have the public PGP key of someone, I know how to sign it, so
its trust becomes "full", which Gnus shows nicely:
,----
| [[PGP Encrypted Part:OK]]
|
| [[PGP Signed Part:Good signature from 5CA8B9B7XXXXXXXX XXXXXX
| X. XXXXXXXXXX <XXXXXX@XXX.XX> (trust full) created at
| 2022-10-31T09:54:05+0000 using RSA]]
`----
but now I got an e-mail from someone using S/MIME, and despite reading
that GnuPG should be able to handle S/MIME certificates, I'm not sure
how to do it. Is there something similar to `epa-search-keys` but for
certificates? I guess since we are dealing with certificates here, I
don't need to get the individual certificate of this person, but just
the certificate for the Certification Authority, but how to find the
certificate, and how to do the equivalent of the signing above, so trust
will go from "undefined" to "full"?
,----
| [[S/MIME Signed Part:Good signature from
| DD733F6DFA9EBA0303FXXXXXXXXXXXXXXXXXXXXX /CN=XXXXX XXXXXX XXXXXX
| XXXXXXXX/O=Instituto de Astrofisica de Canarias/STREET=Calle Vía
| Láctea, s\x2fn/ST=Santa Cruz de Tenerife/C=ES (trust undefined)]]
`----
Thanks for any pointers.
Cheers,
--
Ángel de Vicente -- (GPG: 0x64D9FDAE7CD5E939)
Research Software Engineer (Supercomputing and BigData)
Instituto de Astrofísica de Canarias (https://www.iac.es/en)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 702 bytes --]
next reply other threads:[~2022-10-31 10:24 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-31 10:24 Angel de Vicente [this message]
2022-10-31 11:48 ` Verifying signed mail in Gnus Akib Azmain Turja
2022-10-31 12:30 ` Angel de Vicente
2022-10-31 17:04 ` Akib Azmain Turja
2022-10-31 19:53 ` Uwe Brauer
2022-11-02 20:52 ` Björn Bidar
2022-11-02 23:53 ` Tomas Hlavaty
2022-11-03 5:24 ` Björn Bidar
2022-11-03 8:53 ` Tomas Hlavaty
2022-10-31 19:18 ` GH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a65cz3xl.fsf@gmail.com \
--to=angel.vicente.garrido@gmail.com \
--cc=help-gnu-emacs@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).