Re: Choose signing key



Hi Bruno:

Am 02.08.08 13:36 schrieb(en) Bruno Miguel:
I have two openpg keys, but that doesn't allow me to choose the one I want to use.

Balsa automatically chooses the key from the e-mail address of your identity. Each key contains at least one User ID (UID; == mail address), but you may add more for other mail addresses you have (this is a quite common case, try "gpg --list-keys"). If you have more than one key for the same mail address (which is an unusual case!), Balsa will pop up a dialogue and ask you which key you want to use for signing.

You can use either gpg or a tool like Seahorse to add more UID's to your keys, which would leave you with more than one key containing some or all of your e-mail identities. However, now Balsa will pop up the dialogue to choose the key every time, which may be quite annoying.

As I said before, this setup is rather unusual, so I don't think adding an identity setup option for this would have high priority... Maybe you can describe your use case somewhat more detailed, in particular why it doesn't fit into the scheme described above, so I get a little more insight?

It would be really useful to have the ability to create signing filters, that is, create a filter to sign an email sent to specific addresses, avoiding forgetting to sign an important message.

Why don't you want to sign each and every message you send? I recommend to use the GnuPG MIME mode for that; Balsa will create a multipart/signed which should be compatible with all current MUA's (read: people still using elm on an ancient pdp-11 will have problems...), and those not knowing about security (like M$ Outlook or web mailers) will simply ignore it. Or didn't I get your point here?

A different thing is the /encryption/ of messages, as many recipients still don't have GnuPG keys, so it's a problem to activate it by default. I added an option "remind me if messages can be encrypted" to the identities a while ago. I have this option activated, and "sign with GPG/MIME" as default. Now every message I send will be signed (unless I explicitly deactivate it for a specific message), and a dialogue will ask me if I want to encrypt if keys exist for all To: and Cc: recipients (note that messages with bcc: recipients cannot be encrypted, as it would break their privacy). IMO, this is really useful so I don't forget to encrypt if it would be possible.

Please remember that /signing/ the message does *not* protect your privacy. The message body is still readable for everybody (sysadmins, police, whoever) like a postcard. The signature is just a proof for the recipient that it was really you who wrote the message. As to protect you privacy, you must *encrypt* messages (have a look at the source of signed vs. encrypted messages).

Also, that could be complemented with an option to choose specific keys for the filters, because you probably don't sign all your emails with the same key; some need a key only shared with close people.

What is the reason behind that? The idea of GnuPG is that you can share your *public* key with everybody, preferably using a key server. There is absolutely no reason to keep it secret! Of course, you *must* protect your private key...

Hope this helps,
Albrecht.

Attachment: pgpgxHMGlZ7RU.pgp
Description: PGP signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]