Re: [PLUG] Signed GPG keys but still can't send mail

Isaac Bennetch on 18 Jan 2014 07:34:13 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Signed GPG keys but still can't send mail

From: Isaac Bennetch <bennetch@gmail.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Signed GPG keys but still can't send mail
Date: Sat, 18 Jan 2014 10:34:08 -0500
Cc: brent saner <brent.saner@gmail.com>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=yz9WoEa+9kKkLFrMBxbGSC5Px/cuxhuwZ0F5t/ilGTk=; b=y0SK2QL1gIcLKkc+Agko3AaFPp5mIJ+pnkfWV6qjE1bKZUXtL8cfNzzBpGSjdugqmX A/58R2Jh+FvBcjYnI9zBKPKE3I1vqoYk47uyK9yHQegtKYwLLtNJfXHyFkKjRxdm+Xr9 YB+l8/9SPZRpZYb+4pT/c9/mP0GJcoRVsnAiWvM1WYvY/6b1nSyOIOWzHwIkhb6KYVa0 KVFaCKKNw7sZ4uUbs7oS12J7BpPxKWDUVpKeeIUhi6fU1TXS+SeedrVTsSpefbDPibJD 42hVO5NttjWucBpEEUowcbqHI632lo4508MJZEZ5+e3rCSaUeZoXL2viJE5oxwpJ3XVR K6mA==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8

Thanks for the quick response, Brent. On the surface that makes sense
because I don't recall being prompted for a trust level nor explicitly
setting one. Furthermore, in the Enigmail prompt where I see lots of red
un-selectable checkboxes, for that particular friend the "Trust" column
reads "Untrusted". However, if I do "gpg --edit-key friend" I see

pub  4096R/AAAAAAAA  created: 2009-06-27  expires: never       usage: SC
                     trust: full          validity: unknown
sub  4096R/BBBBBBBB  created: 2009-07-17  expires: never       usage: E
sub  4096R/CCCCCCCC  created: 2013-09-29  expires: 2014-10-22  usage: S

Which seems I "fully" trust this friend's key. So I'm still confused.



On 1/18/14 12:07 AM, brent saner wrote:
> sounds like you signed the key successfully but either never set a trust
> level for the key or set too low a trust level (less than three, iirc,
> is considered to be untrusted).
> 
> brent s.
> (on my mobile device)
> 
> On Jan 17, 2014 11:57 PM, "Isaac Bennetch" <bennetch@gmail.com
> <mailto:bennetch@gmail.com>> wrote:
> 
>     Hi,
> 
>     So I've got issues trying to use GPG. It all started when I went to a
>     keysigning party several months ago. I came back and, following the
>     suggestions of the keysigning party host, used the "caff" tool to sign
>     the keys of the other folks there.
> 
>     At this point, I have my key which I can see with gpg --list-keys
>     8259BD92, I can also see that others have signed it with gpg --show-sigs
>     8259BD92 (I haven't uploaded it to a keyserver, but AFAIK that doesn't
>     affect what I'm doing locally, only if someone wanted to initiate
>     communication with me). I can see the key in my keychain of the person I
>     wish to write to, for anonymity's sake we'll say that's gpg --list-keys
>     AAAAAAAA; if I do gpg --show-sigs AAAAAAAA I also see myself as one of
>     the signers.
> 
>     So at this point, I feel I've done everything I need to in order to
>     communicate securely with this person. However, when I try to send an
>     encrypted email from Enigmail within Thunderbird, I see a dialog
>     "Recipient not valid, not trusted, or not found: [contact email
>     address]" then a list of all the keys I think I have signed, except they
>     all have red boxes in front of the names (it would be a checkbox, but I
>     can't check it because it's red and full of danger for some reason). I
>     assumed my Enigmail might be broken, so I tried from the command line:
>     gpg --armor --encrypt --sign -r friend@example.com
>     <mailto:friend@example.com> -r bennetch@gmail.com
>     <mailto:bennetch@gmail.com>
>     secretFile.txt. I got a warning that:
>     > It is NOT certain that the key belongs to the person named in the
>     > user ID.  If you *really* know what you are doing, you may answer the
>     > next question with yes."
> 
>     At this point I notice that the pub key displayed in the dialog is not
>     the same as the one I've signed -- but it is a subkey of that (I've
>     signed AAAAAAAA and friend@example.com <mailto:friend@example.com>
>     happens to be BBBBBBBB, which is
>     signed by AAAAAAAA, if that makes sense).
> 
>     So anyway, (1) What went wrong? and (2) How do I send an encrypted
>     message to my friend
>     ___________________________________________________________________________
>     Philadelphia Linux Users Group         --      
>      http://www.phillylinux.org
>     Announcements -
>     http://lists.phillylinux.org/mailman/listinfo/plug-announce
>     General Discussion  --  
>     http://lists.phillylinux.org/mailman/listinfo/plug
> 
> 
> 
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
> 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Signed GPG keys but still can't send mail
  - From: Isaac Bennetch <bennetch@gmail.com>
- Re: [PLUG] Signed GPG keys but still can't send mail
  - From: brent saner <brent.saner@gmail.com>

Prev by Date: Re: [PLUG] Signed GPG keys but still can't send mail
Next by Date: Re: [PLUG] Signed GPG keys but still can't send mail
Previous by thread: Re: [PLUG] Signed GPG keys but still can't send mail
Next by thread: Re: [PLUG] Signed GPG keys but still can't send mail
Index(es):
- Date
- Thread