D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Gpg signing of emails

 

Thanks Neil.

Good info that i will look into a bit later...

Martin.

On Monday 25 April 2005 07:17, Neil Williams wrote:
On Monday 25 April 2005 12:44 am, Martin White wrote:
So, having gone through the whole thing of creating the key pair and
registering them with the server, and then onto the DCLUG etc, etc, i
have just one question...

Is KMail going to insist on asking me for my passphrase EVERY time i send
an email? Trust me, i send way too many emails every day to want to put
up with that all day long :)

So do I!

:-)

You need to look at gpg-agent but how you set that up is dependent on your
distribution. Gpg2 has just come into Debian unstable where the agent is
more tightly integrated and KMail needs to be v1.7.x before that
integration with gpg-agent also becomes straightforward.

I've been using the agent with KMail for over a year but until now I've had
to compile the agent from source or latterly pull in Debian packages from
outside the main tree.

Any way to turn it off? Did i miss a setting somewhere?

You're thinking of having a key without a passphrase but you don't need to
do that. The agent will cache the passphrase in secure memory for a
configurable period of time and although I've set it fairly short, I only
get prompted for a passphrase for 1 in 3 emails - provided you do your
email in batches.

And, yes, i know that everyone is probably going to say that's a bad idea
and defeating the object and all that, BUT, the only person that has
access to this PC is me. If anyone breaks into my house and nick's off
with the PC, whether or not they can send some signed emails really will
be the least of my worries!!

Make sure you have a revocation certificate, print it out to paper (it's
v.short), delete the file and keep the paper v.safe. It'd be wise to have a
backup of your secret key somewhere v.safe too.

Anyone with physical access to your machine would still have to know the
passphrase to use your key BUT if you set NO passphrase, then anyone with
even temporary physical access to your machine could *change* that and lock
you out of your own key! (Which is why a revocation certificate is so
essential.)

Your key isn't just for signing email, in future you may find other uses
for it and you would then be grateful for looking after your key now.

Attachment: pgp00033.pgp
Description: PGP signature