From mboxrd@z Thu Jan  1 00:00:00 1970
From: jeff.covey@pobox.com (jeff covey)
Date: Mon, 18 Jun 2007 20:00:52 -0400
Subject: [sup-talk] GPG Support
In-Reply-To: <D55C81AD71647428E7B489B6@Sumatra.local>
References: <D55C81AD71647428E7B489B6@Sumatra.local>
Message-ID: <1182210252-sup-8502@mona>

Excerpts from Chris Lee's message of Thu May 17 17:24:11 -0400 2007:

> GPG support is coming along nicely right now. 

great!  :)  sorry for the delay in replying.

> If all email addresses of an email have keys, then, and only then, do I
> encrypt the email - this means if you have highly sensitive info, and you
> miskey an address, whoops it goes out unencrypted * I need a way to know
> if the user want to encrypt and/or sign an email and then alert him/her if
> I don't have all the required keys.

i rarely want to send encrypted mail, and i want the mail i usually send
left unencrypted so i have a clear copy for my reference.  from my
perspective, i'd rather just be able to hit a keybinding to turn encryption
on when i want it, instead of having it done automatically.

> I don't sign any email right now :(

that's the main thing i use gpg for.  :)

> The sources.yaml file is pgp encrypted now.

why is that?  there doesn't seem to be any sensitive information in
sources.yaml, and encrypting it makes it harder to deal with.

> it'd be nice to extend protections to non-pgp users.  Should I use openssl
> to encrypt the config file and then have the pgp password(s) in there?

i wouldn't bother with storing passwords/phrases and encrypting files, i
would just let gpg prompt people for the words/phrases as needed.  if they
don't want to type them each time, they can use something like gpg-agent.

> I only use one GPG private key, which is not tied to the sending address
> (it's specified in config.yaml).  This should be easy to fix if I store
> all the passphrases in an encrypted file.  * Do you need this feature?

i only use one key myself, but it would be nice to be able to specify a key
for each account under ":accounts:".

> You'll have to encrypt your sources.yaml file manually before the first
> time you launch sup with pgp support.  This totally breaks sup-add,
> sup-sync, and anything else that reads sources.yaml right now

yes, again, i'm not sure why you're encrypting sources.yaml.  it seems to be
adding unnecessary complications.

thanks again,

-- 
jeff covey
http://jeffcovey.net/