Angel de Vicente writes: > Hello, > > it is only yesterday that I started worrying about signing/encrypting > mails, so I still have plenty of holes in my understanding of the > process in order to have a simple and secure workflow. > > So here I go with some questions, based on some real scenarios that I > tried to solve today and for which I'm not sure how to proceed: > > 1) I got a signed mail from someone for which I don't have his public > key. I tried to use the EasyPG epa-search-keys command, but found that > the keyserver I'm using (epa-keyserver: "keys.openpgp.org") doesn't have > that key. Is it not possible (via a command prefix) to change the > keyserver to be searched by that function? I thought keyservers > exchanged information so at the end all had basically the same keys? Am > I mistaken? > > 2) Once I have the public PGP key of someone, I know how to sign it, so > its trust becomes "full", which Gnus shows nicely: > > ,---- > | [[PGP Encrypted Part:OK]] > | > | [[PGP Signed Part:Good signature from 5CA8B9B7XXXXXXXX XXXXXX > | X. XXXXXXXXXX (trust full) created at > | 2022-10-31T09:54:05+0000 using RSA]] > `---- > > but now I got an e-mail from someone using S/MIME, and despite reading > that GnuPG should be able to handle S/MIME certificates, I'm not sure > how to do it. Is there something similar to `epa-search-keys` but for > certificates? I guess since we are dealing with certificates here, I > don't need to get the individual certificate of this person, but just > the certificate for the Certification Authority, but how to find the > certificate, and how to do the equivalent of the signing above, so trust > will go from "undefined" to "full"? > > ,---- > | [[S/MIME Signed Part:Good signature from > | DD733F6DFA9EBA0303FXXXXXXXXXXXXXXXXXXXXX /CN=XXXXX XXXXXX XXXXXX > | XXXXXXXX/O=Instituto de Astrofisica de Canarias/STREET=Calle Vía > | Láctea, s\x2fn/ST=Santa Cruz de Tenerife/C=ES (trust undefined)]] > `---- > > Thanks for any pointers. > > Cheers, How did you make Gnus display those nice messages? My Gnus doesn't do that (but ask me for password for decrypting mails). -- Akib Azmain Turja Find me on Mastodon at @akib@hostux.social, and on Codeberg (user "akib"). This message is signed by me with my GnuPG key. Its fingerprint is: 7001 8CE5 819F 17A3 BBA6 66AF E74F 0EFA 922A E7F5