* [sup-talk] GPG Support
@ 2007-05-17 21:24 Chris Lee
2007-06-19 0:00 ` jeff covey
0 siblings, 1 reply; 3+ messages in thread
From: Chris Lee @ 2007-05-17 21:24 UTC (permalink / raw)
Jeff,
GPG support is coming along nicely right now. There are some shortcomings
my speedy implementation that I need feedback on.
1. If all email addresses of an email have keys, then, and only then, do I
encrypt the email
- this means if you have highly sensitive info, and you miskey an
address, whoops it goes out unencrypted
* I need a way to know if the user want to encrypt and/or sign an email
and then alert him/her if I don't have all the required keys.
2. I don't sign any email right now :(
3. There is no mechanism to lookup keys from keyservers (e.g., --recv-key)
* We'll probably need a separate Manager to handle this
4. The sources.yaml file is pgp encrypted now. However, it'd be nice to
extend protections to non-pgp users. Should I use openssl to encrypt the
config file and then have the pgp password(s) in there?
5. I only use one GPG private key, which is not tied to the sending address
(it's specified in config.yaml). This should be easy to fix if I store all
the passphrases in an encrypted file.
* Do you need this feature?
6. You'll have to encrypt your sources.yaml file manually before the first
time you launch sup with pgp support.
* add :gpgkey: to config.yaml
:accounts:
:default:
:name: Chris Lee
:signature: /Users/chris/.signature
:sendmail: /usr/local/bin/esmtp -t
:email: 3v1l at n0spz.net
:alternates: []
:gpgkey: 14E44DBF
* gpg -a -e -r yourself sources.yaml
* cp sources.yaml.asc sources.yaml
* rm sources.yaml.bak
* is there a better way to do this transition?
7. This totally breaks sup-add, sup-sync, and anything else that reads
sources.yaml right now
* this should also be easy to fix
Chris
^ permalink raw reply [flat|nested] 3+ messages in thread* [sup-talk] GPG Support
2007-05-17 21:24 [sup-talk] GPG Support Chris Lee
@ 2007-06-19 0:00 ` jeff covey
2007-07-04 2:55 ` William Morgan
0 siblings, 1 reply; 3+ messages in thread
From: jeff covey @ 2007-06-19 0:00 UTC (permalink / raw)
Excerpts from Chris Lee's message of Thu May 17 17:24:11 -0400 2007:
> GPG support is coming along nicely right now.
great! :) sorry for the delay in replying.
> If all email addresses of an email have keys, then, and only then, do I
> encrypt the email - this means if you have highly sensitive info, and you
> miskey an address, whoops it goes out unencrypted * I need a way to know
> if the user want to encrypt and/or sign an email and then alert him/her if
> I don't have all the required keys.
i rarely want to send encrypted mail, and i want the mail i usually send
left unencrypted so i have a clear copy for my reference. from my
perspective, i'd rather just be able to hit a keybinding to turn encryption
on when i want it, instead of having it done automatically.
> I don't sign any email right now :(
that's the main thing i use gpg for. :)
> The sources.yaml file is pgp encrypted now.
why is that? there doesn't seem to be any sensitive information in
sources.yaml, and encrypting it makes it harder to deal with.
> it'd be nice to extend protections to non-pgp users. Should I use openssl
> to encrypt the config file and then have the pgp password(s) in there?
i wouldn't bother with storing passwords/phrases and encrypting files, i
would just let gpg prompt people for the words/phrases as needed. if they
don't want to type them each time, they can use something like gpg-agent.
> I only use one GPG private key, which is not tied to the sending address
> (it's specified in config.yaml). This should be easy to fix if I store
> all the passphrases in an encrypted file. * Do you need this feature?
i only use one key myself, but it would be nice to be able to specify a key
for each account under ":accounts:".
> You'll have to encrypt your sources.yaml file manually before the first
> time you launch sup with pgp support. This totally breaks sup-add,
> sup-sync, and anything else that reads sources.yaml right now
yes, again, i'm not sure why you're encrypting sources.yaml. it seems to be
adding unnecessary complications.
thanks again,
--
jeff covey
http://jeffcovey.net/
^ permalink raw reply [flat|nested] 3+ messages in thread
* [sup-talk] GPG Support
2007-06-19 0:00 ` jeff covey
@ 2007-07-04 2:55 ` William Morgan
0 siblings, 0 replies; 3+ messages in thread
From: William Morgan @ 2007-07-04 2:55 UTC (permalink / raw)
Excerpts from jeff.covey's message of Mon Jun 18 17:00:52 -0700 2007:
> Excerpts from Chris Lee's message of Thu May 17 17:24:11 -0400 2007:
> > The sources.yaml file is pgp encrypted now.
>
> why is that? there doesn't seem to be any sensitive information in
> sources.yaml, and encrypting it makes it harder to deal with.
For IMAP and mbox+ssh sources, the username and password is stored in
sources.yaml. Sup is careful to create it with the right unix mode, so
I'm not convinced of the vital necessity of this feature, but I'm not
opposed to its very existence either.
> i wouldn't bother with storing passwords/phrases and encrypting files,
> i would just let gpg prompt people for the words/phrases as needed.
> if they don't want to type them each time, they can use something like
> gpg-agent.
I tend to agree. I'm happy to offload as much functionality to other
programs as possible.
> i only use one key myself, but it would be nice to be able to specify a key
> for each account under ":accounts:".
Agreed.
I haven't incorporated Chris's patch yet, mostly because I wanted to
flesh out Sup's multi-account support, but now that things are better on
that end, I do plan to revisit the issue. Chris, if you're still there,
please don't feel like I've ignored you.
--
William <wmorgan-sup at masanjin.net>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-07-04 2:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-05-17 21:24 [sup-talk] GPG Support Chris Lee
2007-06-19 0:00 ` jeff covey
2007-07-04 2:55 ` William Morgan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox