| Time |
S |
Nick |
Message |
| 02:06 |
|
prologic |
I'd like to test a GPG encrypted email exchange with someone. Any takers? (I'll need your public key obviously) |
| 02:15 |
|
bear |
https://bear.im/ <-- public key is on that page |
| 02:16 |
|
bear |
and you can send it to bear (at) bear.im |
| 02:16 |
|
prologic |
bear excellent thank you |
| 02:16 |
|
prologic |
mail incoming shortly |
| 02:16 |
|
bear |
k, do you need any header info for debugging? |
| 02:20 |
|
prologic |
which pub key do you want me to encrypt to? |
| 02:20 |
|
prologic |
seems you have a few :) |
| 02:20 |
|
bear |
the one in the link |
| 02:21 |
|
bear |
let me look |
| 02:21 |
|
bear |
fingerprint of 8EE5B4D8 |
| 02:24 |
|
prologic |
sent! |
| 02:24 |
|
prologic |
Do you get my public key in this exchange automatically? |
| 02:24 |
|
* prologic |
hopes so |
| 02:25 |
|
bear |
normally no - depends on how you read email |
| 02:25 |
|
prologic |
oh I see |
| 02:25 |
|
bear |
enigmail for thunderbird can automatically download it |
| 02:26 |
|
prologic |
so you'll want my public key then? |
| 02:26 |
|
bear |
no - that's up to my side of things to want |
| 02:26 |
|
bear |
I wouldn't trust you just giving it to me anyways |
| 02:26 |
|
prologic |
o'really? |
| 02:26 |
|
prologic |
waut?! :) |
| 02:26 |
|
prologic |
also how would you reply then (encrypted that is)? |
| 02:27 |
|
bear |
I would download it from a key server, or get the fingerprint and go look for your location for it |
| 02:28 |
|
bear |
right now thunderbird is asking if I want to import your key |
| 02:28 |
|
bear |
your email: "Hey! This is a test GPG encrypted email (as per #sourcefu on FreeNode) |
| 02:28 |
|
bear |
Hope this works! |
| 02:28 |
|
bear |
cheers |
| 02:28 |
|
bear |
James |
| 02:28 |
|
bear |
" |
| 02:29 |
|
prologic |
So my client (Rainloop) did send my public key along? |
| 02:29 |
|
bear |
ok, so yea - doesn't look like your key is anyplace thunderbird looks for it |
| 02:29 |
|
bear |
let me check |
| 02:29 |
|
prologic |
I just created this key for at mills dot io |
| 02:29 |
|
prologic |
so will upload it to keybase.io shortly |
| 02:29 |
|
bear |
there isn't any attachment on the email |
| 02:29 |
|
prologic |
is the fingerprint the long hex line after pub in gpg --list-keys / |
| 02:30 |
|
prologic |
pub rsa2048 2018-01-09 [SC] [expires: 2020-01-09] |
| 02:30 |
|
prologic |
indented |
| 02:30 |
|
prologic |
is taht the fingerprint? |
| 02:31 |
|
bear |
yes, but thunderbird doesn't interact with my key list to decrypt mail sent to me |
| 02:31 |
|
bear |
"gpg --list-keys | grep mills" returns nothing for me |
| 02:31 |
|
prologic |
right |
| 02:31 |
|
prologic |
so how do I get my pub key to you? |
| 02:32 |
|
prologic |
Also (FYI) I think your client (Thunderbird?) sent an read receipt unencrypted? |
| 02:32 |
|
bear |
you tell me your fingerprint or where it is on your site |
| 02:32 |
|
prologic |
Is that expected/normal? |
| 02:32 |
|
prologic |
I have not published it anywhere (yet) |
| 02:32 |
|
prologic |
but fingerprint is: B54D2AF4B302E282B8B4FF2878943CDA803564E5 |
| 02:33 |
|
bear |
yea, enigmail is telling me that when I ask for details |
| 02:34 |
|
prologic |
sent you my publ key |
| 02:35 |
|
prologic |
should match fingerprint ^^^ |
| 02:38 |
|
bear |
yep - matches |
| 02:39 |
|
prologic |
happy enough to reply then? :) |
| 02:39 |
|
bear |
and now thunderbird is liking your emails (showing as verified) |
| 02:39 |
|
prologic |
not sure (gpg etiquette?) how else to verify other's keys |
| 02:39 |
|
prologic |
ahh nice :) |
| 02:39 |
|
prologic |
I have two GPG identities I guess |
| 02:40 |
|
bear |
that's why I was mentioning having it on your site |
| 02:40 |
|
prologic |
yeah I need to work on that |
| 02:40 |
|
prologic |
I neglected my prologic.shortcircuit.net.au site |
| 02:40 |
|
bear |
because trust is based on the web-of-trust, which to purists can only exist if you meet in person |
| 02:40 |
|
prologic |
and its been negelected so long that its not worth reviving |
| 02:40 |
|
prologic |
my plan is to have https://james.mills.io/ soon |
| 02:40 |
|
bear |
I tend to trust a key if I can visit a site, get the finger print and then use a known out-of-band way of having you confirm the fingerprint (like video chat) |
| 02:41 |
|
prologic |
which will be a Web/HTTP mirror of the same content as gopher://james.mills.io/ (TBD) |
| 02:41 |
|
prologic |
well I guess IRC is "good enough" in this case :) |
| 02:42 |
|
prologic |
because a) you konw it's me here and b) nobody can forge my identity on FreeNode without getting killed |
| 02:42 |
|
bear |
for basic email exchange - yep |
| 02:42 |
|
bear |
when we exchange secrets at work we depend on a more proper web of trust exchange |
| 02:42 |
|
bear |
you should have received my reply |
| 02:46 |
|
prologic |
hmm |
| 02:46 |
|
prologic |
"Unverified signature" |
| 02:46 |
|
prologic |
Did you sign your reply? |
| 02:47 |
|
bear |
let me look |
| 02:47 |
|
prologic |
ofc this is Rainllop (just freshly installed) so I have little experience with it |
| 02:47 |
|
bear |
ah - forgot to sign it |
| 02:47 |
|
bear |
new reply sent - signed and encrypted |
| 02:48 |
|
prologic |
cool! |
| 02:48 |
|
prologic |
let's see |
| 02:48 |
|
prologic |
"Good signature from ..." |
| 02:48 |
|
prologic |
nice :) |
| 02:49 |
|
bear |
\o/ |
| 02:49 |
|
prologic |
So this works quite nicely |
| 02:49 |
|
prologic |
now I wonder if I can get my wife to use this too |
| 02:49 |
|
bear |
with a good mail client - it's fairly transparent ... until she tries to send to a non-gpg user |
| 02:50 |
|
prologic |
Rainloop isn't bad in that regard |
| 02:50 |
|
bear |
thankfully enigmail allows for per-recipient rules |
| 02:50 |
|
bear |
so I can mark someone as never send signed, etc |
| 02:50 |
|
prologic |
but you do have to make sure to click on the - button, then "GPG" |
| 02:50 |
|
prologic |
so its a 2-step process (4 if you include entering your passpharse and selecting the pub key to encrypt to) |
| 02:51 |
|
prologic |
There's an open issue to store pub keys against a contact in Rainloop -- should remove one step |
| 02:51 |
|
bear |
if Rainloop can interact with the gpg agent, then the passphrase can be stored in a keystore and only require the passphrase once during a session |
| 02:58 |
|
bear |
I'm very curious to see pdurbin's Raspberry PI encryption store thingy |
| 14:23 |
|
pdurbin |
bear: oh? I didn't know I had one of those. :) |
| 14:24 |
|
pdurbin |
I'm so glad prologic found someone to play encrypted email with. I haven't played that game since the late 90s. |
| 15:07 |
|
* dotplus |
uses encrypted mail as well |
| 15:08 |
|
dotplus |
I've managed to get technical but inexperienced-with-mail-encryption folks going (practically) with just a few minutes explanation. |
| 17:02 |
|
bear |
oh wait - am I getting my irc / twitter handles confused? |
| 19:30 |
|
|
tumdedum joined #sourcefu |
