[Enigmail] Testing Enigmail - signed only
Faramir
faramir.cl at gmail.com
Mon Jun 2 21:37:46 PDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Richard Homme escribió:
> Thank-you, Robert.
>
> As it happens, I am considering using Enigmail within our group mainly
> because of a (possibly paranoid) concern with eavesdropping. I'd also
> like to get our group to use OpenPGP to encrypt certain specific
> documents for any kind of exchange - documents that we are supposed to
> make every effort to keep confidential (such as membership lists and
> financial documents).
>
> So that's not bad news. And it makes me feel a little better!
>
> Am I correct in understanding that we can exchange public keys in person
> to avoid using a key server?
Indeed, you can. Now, about how to do it... I *figure* you can export
your public key, and put it on a diskette or USB memory stick, and
exchange it with your mates. I am not sure if you should sign the public
key too, or if it is already signed.
But I don't see why you don't want to use keyservers... anyway, even
if you use them, you would like to exchange the public keys
"fingerprints" in person, in order to be able to sign them as trusted.
Just exchange the fingerprint codes, and once you are back to your
office/home, you can download the public keys from keyservers (using the
fingerprint code to locate them), and sign them as trusted keys.
Finally, remember there are 2 things you must set in the public keys
in your keyring: how much you trust the key belongs to the right person,
and how much you trust that person to verify somebody's identity before
signing the key of that somebody (I can't remember the words for these 2
concepts, one is "trust", but the other... well, surely somebody will
explain that part better than me).
By the way, if I were going to use gpg in 2 different areas, I would
use 2 different keypairs, with different email accounts, to keep them
isolated, just in case...
Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJIRMqaAAoJEMV4f6PvczxAefAH/2HQt7lD/LUkvA1GdjVvHJtA
M6bf/HtgjLJO5FUVTVZ4n5uNyK4fmyisNyZe+zUnucYmQx1HS/PbjJ+nvdzpLcu3
8gyhekc4Pxt3K3qOPuo079AklD99GfwYZcCq0LmQOkeuWbY6pQaanowBX8xvkUcg
rf97UCcqrYfnc6M+cgS0rYIRuXcIFZmjyXNEqqMQPM0sWp2fnpqYNJaKo7QUOlI/
RX+gsc6zlrCuKzcc3qId4tcywPWktWtmch9A4a7NzF/W4NFv4ttX+mzL1fMMTCfg
U2az6BZdojyMrTZJhthQdrrxIA+XdA0nZfjQIEZqTEQH7gxyaU4Zkn1PAjirR60=
=GHnu
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list