OpenPGP vs inline PGP

Neil Williams linux@codehelp.co.uk
Tue Jul 8 21:12:02 2003


--Boundary-02=_3fxC/IeE6D6Epue
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Tuesday 08 Jul 2003 6:00 am, Robin Lynn Frank wrote:
> Now, compile and install them (note that you need much stuff here only to
> make newpg's configure script happy):
>
> I'm sorry, but installing software that is not actually needed???  I don't

No, you are installing software that is needed as a package. Many of the=20
SWITCHES on the ./configure command line are needed to make newpg happy. (I=
=20
think.) Aegypten is much more powerful than you (or I) will be using so it=
=20
needs to be limited by those switches.

> know about you, but the idea of being subject to potential vulnerabilities
> of software I don't actually need.  The rule usually is, if it isn't
> needed, don't install it.

But you DO need it - you cannot verify standard compliant messages (like mi=
ne)=20
without it.

As for vulnerabilities, keep up-to-date and you are in the best position to=
=20
eliminate them. I have found few projects in Linux where the developers are=
=20
as accessible and supportive as here. In the time I've been reading the lis=
t,=20
I've seen numerous situations where comments from users have lead to direct=
=20
and immediate changes to the next release of GnuPG. Not necessarily=20
vulnerabilities, but I'm sure if anyone on this list had found any, it woul=
d=20
be mentioned.

> Now, I ate my own words and compiled and installed, following the
> instructions to the letter.  After finding it wouldn't work unless one of
> the libraries was symlinked to /usr/lib from/usr/local/lib (not included =
in
> the
> documentation), I then discovered that kgpgcertmanager crashed everytime I
> tried to start it and that no key requiring a passphrase was useable.
>
> You will, however note that gpg, when used as nature intended, works just
> fine.  No, I take that back, It won't recognize my passphrase.  Progress
> :-(

Read the documentation, then read it again carefully - the answer is there =
but=20
it is a little masked. You need to specify the gpg-agent-info environment=20
variable. I put the eval($gpg-agent --deamon) command in the middle of=20
/usr/bin/startkde and it works fine, for all users, once you logout and=20
login.=20

As the page says,=20
<quote>
Before using gpg, you need to start gpg-agent:
eval "$(gpg-agent --daemon)"
(gpg-agent outputs a little shell script that sets the environment variable=
=20
GNUPG_AGENT_INFO). You may want to add this to your ~/.xsession or startkde=
=20
so that all programs see the environment variable.
</quote>
http://kmail.kde.org/kmail-pgpmime-howto.html

The page does state that you need to have the environment variable within=20
scope of KMail before it can be expected to work.

<quote>
Make sure you can work with gpg on the command line that you started gpg-ag=
ent=20
in (should use gpg-agent and pinentry-qt).

Start KMail from that terminal and configure its (builtin / clearsigning)=20
GnuPG support until it works for you.
</quote>

Note: start kmail from that terminal - the terminal window that you used to=
=20
issue the gpg-agent --daemon command. That's the easiest way to see where t=
he=20
problems lie. Issue the command from a terminal window, then issue the=20
command kmail. Now view an encrypted message and if it works, it is the=20
gnupg-agent-info variable that needs to be made available to kmail - it may=
=20
be set but just not within 'scope' of the kmail process.

I had problems with gpg-agent-info when I joined this list (it was the main=
=20
reason I joined), but it is easy to sort it and it works perfectly once all=
=20
the steps are in place.

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/


--Boundary-02=_3fxC/IeE6D6Epue
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/Cxf3iAEJSii8s+MRAobaAKDJA+CsspWKFi8c7MWSSSo2ttL91QCeJxs7
ZN8MTn1dY29a82XeOXMLJoI=
=bCAp
-----END PGP SIGNATURE-----

--Boundary-02=_3fxC/IeE6D6Epue--