From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Angel de Vicente Newsgroups: gmane.emacs.help Subject: Verifying signed mail in Gnus Date: Mon, 31 Oct 2022 10:24:22 +0000 Message-ID: <87a65cz3xl.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="26926"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) To: help-gnu-emacs@gnu.org Cancel-Lock: sha1:SPTX8ByUBQZi4c/oUT6FGA2N6O8= Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Mon Oct 31 11:25:00 2022 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1opRyU-0006kN-L5 for geh-help-gnu-emacs@m.gmane-mx.org; Mon, 31 Oct 2022 11:24:58 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1opRyF-0001wC-UJ; Mon, 31 Oct 2022 06:24:43 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1opRyE-0001vq-6p for help-gnu-emacs@gnu.org; Mon, 31 Oct 2022 06:24:42 -0400 Original-Received: from ciao.gmane.io ([116.202.254.214]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1opRyC-0007mX-Na for help-gnu-emacs@gnu.org; Mon, 31 Oct 2022 06:24:41 -0400 Original-Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1opRyA-0006Gx-AN for help-gnu-emacs@gnu.org; Mon, 31 Oct 2022 11:24:38 +0100 X-Injected-Via-Gmane: http://gmane.org/ Received-SPF: pass client-ip=116.202.254.214; envelope-from=geh-help-gnu-emacs@m.gmane-mx.org; helo=ciao.gmane.io X-Spam_score_int: 3 X-Spam_score: 0.3 X-Spam_bar: / X-Spam_report: (0.3 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: "help-gnu-emacs" Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.help:140531 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, it is only yesterday that I started worrying about signing/encrypting mails, so I still have plenty of holes in my understanding of the process in order to have a simple and secure workflow. So here I go with some questions, based on some real scenarios that I tried to solve today and for which I'm not sure how to proceed: 1) I got a signed mail from someone for which I don't have his public key. I tried to use the EasyPG epa-search-keys command, but found that the keyserver I'm using (epa-keyserver: "keys.openpgp.org") doesn't have that key. Is it not possible (via a command prefix) to change the keyserver to be searched by that function? I thought keyservers exchanged information so at the end all had basically the same keys? Am I mistaken? 2) Once I have the public PGP key of someone, I know how to sign it, so its trust becomes "full", which Gnus shows nicely: ,---- | [[PGP Encrypted Part:OK]] | | [[PGP Signed Part:Good signature from 5CA8B9B7XXXXXXXX XXXXXX | X. XXXXXXXXXX (trust full) created at | 2022-10-31T09:54:05+0000 using RSA]] `---- but now I got an e-mail from someone using S/MIME, and despite reading that GnuPG should be able to handle S/MIME certificates, I'm not sure how to do it. Is there something similar to `epa-search-keys` but for certificates? I guess since we are dealing with certificates here, I don't need to get the individual certificate of this person, but just the certificate for the Certification Authority, but how to find the certificate, and how to do the equivalent of the signing above, so trust will go from "undefined" to "full"? ,---- | [[S/MIME Signed Part:Good signature from | DD733F6DFA9EBA0303FXXXXXXXXXXXXXXXXXXXXX /CN=3DXXXXX XXXXXX XXXXXX | XXXXXXXX/O=3DInstituto de Astrofisica de Canarias/STREET=3DCalle V=C3=ADa | L=C3=A1ctea, s\x2fn/ST=3DSanta Cruz de Tenerife/C=3DES (trust undefined)]] `---- Thanks for any pointers. Cheers, =2D-=20 =C3=81ngel de Vicente -- (GPG: 0x64D9FDAE7CD5E939) Research Software Engineer (Supercomputing and BigData) Instituto de Astrof=C3=ADsica de Canarias (https://www.iac.es/en) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQHUBAEBCAA+FiEEGQyM5qDLpMcIDuMKZNn9rnzV6TkFAmNfolYgHGFuZ2VsLnZp Y2VudGUuZ2Fycmlkb0BnbWFpbC5jb20ACgkQZNn9rnzV6TkPowv/ZYj9+P0FFhCI x6v2AoV38ag3U43vmzTT+qTokHpR0qnj8PliyVtZj6OWUuMZ3Obzy1DKQbCiUHly 4piO8bkRw8I8QutofRvNtE7+T0R7uRZHpgvOg6T8zMYSsQAYZa1T8NcaSLOuS2iT 4V+X7xlICZRvkQ2hgK+UEQLj+cqiZwPSQsuHZiiP0/jkd6q1naEAnBtEHgDuL8Ws j80TuCJnwAvq/E/ywfATa4iuzECu/eoPSdWyguDrsPzM0zhldH8nwEciMtM8Ynxz HR92ST1xdFScb/d8XGL5jglAogvl0F+CwB55wo6PFdEDswydtCG28yFYIiEjMX8W CIkjDBAyP1uHBRtNQ7fzwxlKBZsJmAUPgEohSbvW4rnVf5bcTKOhL0uccFTvH6Hv z2li4CA9dyi4P86hNhaEaYqbatx54LHP8BAEBI1N714egWwKfu9Lq66+NA/jpbTm 8AvumM76eTIhR/yPSv4x2WUfJwA81Cez1E6ySyXb9lFMP9XlmKBH =9+vD -----END PGP SIGNATURE----- --=-=-=--