Hello,
we have set "Import keys from e-mail" in the global advanced settings
for PGP, the rest of PGP settings are default. As of today we have no
PGP key in the database and today i detected a mail which should have
leaved a key behind. The header of the mail in question is:
X-Djigzo-Info-PGP-Encoding: PGP/MIME
X-Djigzo-Info-PGP-Signer-KeyID: DEBE62E439E84227
X-Djigzo-Info-PGP-Signature-Valid: False
X-Djigzo-Info-PGP-Signature-Failure: Signer's key with key ID DEBE62E439E84227
not found.
Is this because the mailing list software break the signature or what
am i missing here?
Regards
Andreas
Currently only PGP keys which are attached as a application/pgp-keys
attachment are imported, i.e., import of inline keys is not yet
supported. This will be added to a new release as an optional features.
Scanning for inline keys requires scanning the complete email.
Can you check whether the key was attached as a application/pgp-keys
attachment or whether it was an inline key.
Kind regards,
Martijn
···
On 07/02/2014 10:05 AM, lst_hoe02(a)kwsoft.de wrote:
we have set "Import keys from e-mail" in the global advanced settings
for PGP, the rest of PGP settings are default. As of today we have no
PGP key in the database and today i detected a mail which should have
leaved a key behind. The header of the mail in question is:
X-Djigzo-Info-PGP-Encoding: PGP/MIME
X-Djigzo-Info-PGP-Signer-KeyID: DEBE62E439E84227
X-Djigzo-Info-PGP-Signature-Valid: False
X-Djigzo-Info-PGP-Signature-Failure: Signer's key with key ID
DEBE62E439E84227
not found.
Is this because the mailing list software break the signature or what am
i missing here?
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
Twitter: http://twitter.com/CipherMail
Forgot to add some info.
If a key is not available, or not attached, you can search for the key
on the key server.
The signers key ID can be found in the header:
X-Djigzo-Info-PGP-Signer-KeyID: DEBE62E439E84227
If you search for the key with key id 0xDEBE62E439E84227 (a key server
requires that the key starts with 0x), you will find the key. You can
then import the key (don't forget to trust the key)
Kind regards,
Martijn
···
On 07/02/2014 10:05 AM, lst_hoe02(a)kwsoft.de wrote:
Hello,
we have set "Import keys from e-mail" in the global advanced settings
for PGP, the rest of PGP settings are default. As of today we have no
PGP key in the database and today i detected a mail which should have
leaved a key behind. The header of the mail in question is:
X-Djigzo-Info-PGP-Encoding: PGP/MIME
X-Djigzo-Info-PGP-Signer-KeyID: DEBE62E439E84227
X-Djigzo-Info-PGP-Signature-Valid: False
X-Djigzo-Info-PGP-Signature-Failure: Signer's key with key ID
DEBE62E439E84227
not found.
Is this because the mailing list software break the signature or what am
i missing here?
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
Twitter: http://twitter.com/CipherMail
Zitat von Martijn Brinkers <martijn(a)djigzo.com>:
we have set "Import keys from e-mail" in the global advanced settings
for PGP, the rest of PGP settings are default. As of today we have no
PGP key in the database and today i detected a mail which should have
leaved a key behind. The header of the mail in question is:
X-Djigzo-Info-PGP-Encoding: PGP/MIME
X-Djigzo-Info-PGP-Signer-KeyID: DEBE62E439E84227
X-Djigzo-Info-PGP-Signature-Valid: False
X-Djigzo-Info-PGP-Signature-Failure: Signer's key with key ID
DEBE62E439E84227
not found.
Is this because the mailing list software break the signature or what am
i missing here?
Currently only PGP keys which are attached as a application/pgp-keys
attachment are imported, i.e., import of inline keys is not yet
supported. This will be added to a new release as an optional features.
Scanning for inline keys requires scanning the complete email.
Hm, yes i read it and no we have not checked the "inline" case. But
because of "X-Djigzo-Info-PGP-Encoding: PGP/MIME" and
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
inside the mail i thought this should be a matching case, no?
Can you check whether the key was attached as a application/pgp-keys
attachment or whether it was an inline key.
Don't know much about PGP...
So the above is only the crypto checksum, not the actual "certificate"
(public key)??
Regards
Andreas
···
On 07/02/2014 10:05 AM, lst_hoe02(a)kwsoft.de wrote:
With S/MIME, normally (although not required) the signing certificate is
embedded within the S/MIME signature. With PGP this is not the case. If
you want to send a key by email, you need to explicitly attach the key.
The Key ID, is something similar to a fingerprint of a certificate. A
long key ID is practically unique (a key ID is generated based on the
fingerprint). You can search for the key with the key ID on the PGP key
servers and import it. Most keys are stored on the key servers (but not
all)
Kind regards,
Martijn Brinkers
···
On 07/02/2014 10:26 AM, lst_hoe02(a)kwsoft.de wrote:
Zitat von Martijn Brinkers <martijn(a)djigzo.com>:
On 07/02/2014 10:05 AM, lst_hoe02(a)kwsoft.de wrote:
we have set "Import keys from e-mail" in the global advanced settings
for PGP, the rest of PGP settings are default. As of today we have no
PGP key in the database and today i detected a mail which should have
leaved a key behind. The header of the mail in question is:
X-Djigzo-Info-PGP-Encoding: PGP/MIME
X-Djigzo-Info-PGP-Signer-KeyID: DEBE62E439E84227
X-Djigzo-Info-PGP-Signature-Valid: False
X-Djigzo-Info-PGP-Signature-Failure: Signer's key with key ID
DEBE62E439E84227
not found.
Is this because the mailing list software break the signature or what am
i missing here?
Currently only PGP keys which are attached as a application/pgp-keys
attachment are imported, i.e., import of inline keys is not yet
supported. This will be added to a new release as an optional features.
Scanning for inline keys requires scanning the complete email.
Hm, yes i read it and no we have not checked the "inline" case. But
because of "X-Djigzo-Info-PGP-Encoding: PGP/MIME" and
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
inside the mail i thought this should be a matching case, no?
Can you check whether the key was attached as a application/pgp-keys
attachment or whether it was an inline key.
Don't know much about PGP...
So the above is only the crypto checksum, not the actual "certificate"
(public key)??
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
Twitter: http://twitter.com/CipherMail
Zitat von Martijn Brinkers <martijn(a)djigzo.com>:
···
On 07/02/2014 10:26 AM, lst_hoe02(a)kwsoft.de wrote:
Zitat von Martijn Brinkers <martijn(a)djigzo.com>:
On 07/02/2014 10:05 AM, lst_hoe02(a)kwsoft.de wrote:
we have set "Import keys from e-mail" in the global advanced settings
for PGP, the rest of PGP settings are default. As of today we have no
PGP key in the database and today i detected a mail which should have
leaved a key behind. The header of the mail in question is:
X-Djigzo-Info-PGP-Encoding: PGP/MIME
X-Djigzo-Info-PGP-Signer-KeyID: DEBE62E439E84227
X-Djigzo-Info-PGP-Signature-Valid: False
X-Djigzo-Info-PGP-Signature-Failure: Signer's key with key ID
DEBE62E439E84227
not found.
Is this because the mailing list software break the signature or what am
i missing here?
Currently only PGP keys which are attached as a application/pgp-keys
attachment are imported, i.e., import of inline keys is not yet
supported. This will be added to a new release as an optional features.
Scanning for inline keys requires scanning the complete email.
Hm, yes i read it and no we have not checked the "inline" case. But
because of "X-Djigzo-Info-PGP-Encoding: PGP/MIME" and
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
inside the mail i thought this should be a matching case, no?
Can you check whether the key was attached as a application/pgp-keys
attachment or whether it was an inline key.
Don't know much about PGP...
So the above is only the crypto checksum, not the actual "certificate"
(public key)??
With S/MIME, normally (although not required) the signing certificate is
embedded within the S/MIME signature. With PGP this is not the case. If
you want to send a key by email, you need to explicitly attach the key.
The Key ID, is something similar to a fingerprint of a certificate. A
long key ID is practically unique (a key ID is generated based on the
fingerprint). You can search for the key with the key ID on the PGP key
servers and import it. Most keys are stored on the key servers (but not
all)
Ok, got it. I guess that is one of the points why PGP is even less
used in business environments than S/MIME...
Regards
Andreas