From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Akib Azmain Turja Newsgroups: gmane.emacs.help Subject: Re: Verifying signed mail in Gnus Date: Mon, 31 Oct 2022 17:48:42 +0600 Message-ID: <87pme8w6w5.fsf@disroot.org> References: <87a65cz3xl.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="19117"; mail-complaints-to="usenet@ciao.gmane.io" Cc: help-gnu-emacs@gnu.org To: Angel de Vicente Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Mon Oct 31 12:51:21 2022 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1opTK4-0004ku-Ty for geh-help-gnu-emacs@m.gmane-mx.org; Mon, 31 Oct 2022 12:51:20 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1opTJX-0002Ap-LP; Mon, 31 Oct 2022 07:50:47 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1opTJP-00027c-30 for help-gnu-emacs@gnu.org; Mon, 31 Oct 2022 07:50:39 -0400 Original-Received: from knopi.disroot.org ([178.21.23.139]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1opTJK-0003ti-GO for help-gnu-emacs@gnu.org; Mon, 31 Oct 2022 07:50:38 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 3DA2B408B2; Mon, 31 Oct 2022 12:50:32 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Original-Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I1lHXw6t9a1K; Mon, 31 Oct 2022 12:50:30 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1667217030; bh=u/CJR7LdlJ2j0EFtSApuMqiG/JT26jFr8Z1z/8+2d7Q=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=T1UCB/10p9Nr16pW7g17DpjUEYDjKrF/O2kqs/FYqUuaK/39B06BKY7VQPLqWUebC VeSxaazMGbdv6caAOLqgrb/lc1To9qERChn1OTe3dTpwT3adwCIfJspcwRDwHwYIrs WrzLUpDxPrJBBSbJmO2Sq11ssJGEfYq640wvg/9xdtGEo6c2Xnd+q6TvtT7RP69grV hlQCjYbOWqrGxvNAEzhEQjAkr2CdEmWzTRmU/fEMLL1gUl/VW/kNwzJJD04DgHwJTR bvUH64gP4X3Yav38QUBpeCNCk9/vMhBi3FfKaw3uG8QOgzvkAxOWBQv5VJ2/y93Ezp ZjcEzW5RRIKtw== In-Reply-To: <87a65cz3xl.fsf@gmail.com> (Angel de Vicente's message of "Mon, 31 Oct 2022 10:24:22 +0000") Received-SPF: pass client-ip=178.21.23.139; envelope-from=akib@disroot.org; helo=knopi.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: "help-gnu-emacs" Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.help:140533 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Angel de Vicente writes: > Hello, > > it is only yesterday that I started worrying about signing/encrypting > mails, so I still have plenty of holes in my understanding of the > process in order to have a simple and secure workflow. > > So here I go with some questions, based on some real scenarios that I > tried to solve today and for which I'm not sure how to proceed: > > 1) I got a signed mail from someone for which I don't have his public > key. I tried to use the EasyPG epa-search-keys command, but found that > the keyserver I'm using (epa-keyserver: "keys.openpgp.org") doesn't have > that key. Is it not possible (via a command prefix) to change the > keyserver to be searched by that function? I thought keyservers > exchanged information so at the end all had basically the same keys? Am > I mistaken? > > 2) Once I have the public PGP key of someone, I know how to sign it, so > its trust becomes "full", which Gnus shows nicely: > > ,---- > | [[PGP Encrypted Part:OK]] > | > | [[PGP Signed Part:Good signature from 5CA8B9B7XXXXXXXX XXXXXX > | X. XXXXXXXXXX (trust full) created at > | 2022-10-31T09:54:05+0000 using RSA]] > `---- > > but now I got an e-mail from someone using S/MIME, and despite reading > that GnuPG should be able to handle S/MIME certificates, I'm not sure > how to do it. Is there something similar to `epa-search-keys` but for > certificates? I guess since we are dealing with certificates here, I > don't need to get the individual certificate of this person, but just > the certificate for the Certification Authority, but how to find the > certificate, and how to do the equivalent of the signing above, so trust > will go from "undefined" to "full"? > > ,---- > | [[S/MIME Signed Part:Good signature from > | DD733F6DFA9EBA0303FXXXXXXXXXXXXXXXXXXXXX /CN=3DXXXXX XXXXXX XXXXXX > | XXXXXXXX/O=3DInstituto de Astrofisica de Canarias/STREET=3DCalle V=C3= =ADa > | L=C3=A1ctea, s\x2fn/ST=3DSanta Cruz de Tenerife/C=3DES (trust undefined= )]] > `---- > > Thanks for any pointers. > > Cheers, How did you make Gnus display those nice messages? My Gnus doesn't do that (but ask me for password for decrypting mails). =2D-=20 Akib Azmain Turja Find me on Mastodon at @akib@hostux.social, and on Codeberg (user "akib"). This message is signed by me with my GnuPG key. Its fingerprint is: 7001 8CE5 819F 17A3 BBA6 66AF E74F 0EFA 922A E7F5 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmNfthoACgkQVTX89U2I YWuNxQ/8DyXLkQ04Pn50o1qYiHIYe9uSWVGH+LFiGWha4CejIq9tHPojrMqPiJ4O xySoGdG9c6HCsIr9PShdMO0RcFI6CEFI/Sy3NUbB+L8QwhNbFTQQnOftq3oG4xtc SiXzzOBuZVZ0r5ctQrlKpgCYJ6KUzcGP2ZbCe7y1+4c/mSwLucoSOwSfFFAW5Bq7 03IJfN1md6zPE90LozThe3Nsi4m5jIoEpD83QKm/F1XQjLxf5GbfJfz/Gc+MYaSa ezrjeyekkdYCxc82VGqGFnDREqy3VBnUC0/KF6or4HqF+yMIV9oMTTivJ40Kmzdz P3pOi8jQbQxoSZ4/NEaoy32jB0O3SZpkdGklH72aQOESXskj2y7Pb0SvSHPF1rNg gos59wAr9R8hGx28M+iEHJfOp9w/pr1hh+s2xja91d5/qk2szBzXY0L5rE3fh5mY EfL2q56JKSNpmJnNBE39sgwTV1rkw6bvZuCBZsjQCWcJ5BMbpTSTpOKQsIYMbqo/ OS+EDsV28t2Ul4bPYOGyzY7zhQ+olk1YC153gZBsbfMu9LwsLPJ+7NChhglDBIw4 YLfZfegkoXfKEPKBxtqyuwgt8B97QgAHG05A7JumjQp7pBjU79sSm7kEjXYJ8LTh e/UD0XMGzV/rZVKDcS/C+yehv0c5V2eZiwi41pS+i2dFGZqgTCY= =7tkb -----END PGP SIGNATURE----- --=-=-=--