OpenPGP vs inline PGP

Neil Williams
Tue Jul 8 21:12:02 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Tuesday 08 Jul 2003 6:00 am, Robin Lynn Frank wrote:
> Now, compile and install them (note that you need much stuff here only to
> make newpg's configure script happy):
> I'm sorry, but installing software that is not actually needed???  I don't

No, you are installing software that is needed as a package. Many of the=20
SWITCHES on the ./configure command line are needed to make newpg happy. (I=
think.) Aegypten is much more powerful than you (or I) will be using so it=
needs to be limited by those switches.

> know about you, but the idea of being subject to potential vulnerabilities
> of software I don't actually need.  The rule usually is, if it isn't
> needed, don't install it.

But you DO need it - you cannot verify standard compliant messages (like mi=
without it.

As for vulnerabilities, keep up-to-date and you are in the best position to=
eliminate them. I have found few projects in Linux where the developers are=
as accessible and supportive as here. In the time I've been reading the lis=
I've seen numerous situations where comments from users have lead to direct=
and immediate changes to the next release of GnuPG. Not necessarily=20
vulnerabilities, but I'm sure if anyone on this list had found any, it woul=
be mentioned.

> Now, I ate my own words and compiled and installed, following the
> instructions to the letter.  After finding it wouldn't work unless one of
> the libraries was symlinked to /usr/lib from/usr/local/lib (not included =
> the
> documentation), I then discovered that kgpgcertmanager crashed everytime I
> tried to start it and that no key requiring a passphrase was useable.
> You will, however note that gpg, when used as nature intended, works just
> fine.  No, I take that back, It won't recognize my passphrase.  Progress
> :-(

Read the documentation, then read it again carefully - the answer is there =
it is a little masked. You need to specify the gpg-agent-info environment=20
variable. I put the eval($gpg-agent --deamon) command in the middle of=20
/usr/bin/startkde and it works fine, for all users, once you logout and=20

As the page says,=20
Before using gpg, you need to start gpg-agent:
eval "$(gpg-agent --daemon)"
(gpg-agent outputs a little shell script that sets the environment variable=
GNUPG_AGENT_INFO). You may want to add this to your ~/.xsession or startkde=
so that all programs see the environment variable.

The page does state that you need to have the environment variable within=20
scope of KMail before it can be expected to work.

Make sure you can work with gpg on the command line that you started gpg-ag=
in (should use gpg-agent and pinentry-qt).

Start KMail from that terminal and configure its (builtin / clearsigning)=20
GnuPG support until it works for you.

Note: start kmail from that terminal - the terminal window that you used to=
issue the gpg-agent --daemon command. That's the easiest way to see where t=
problems lie. Issue the command from a terminal window, then issue the=20
command kmail. Now view an encrypted message and if it works, it is the=20
gnupg-agent-info variable that needs to be made available to kmail - it may=
be set but just not within 'scope' of the kmail process.

I had problems with gpg-agent-info when I joined this list (it was the main=
reason I joined), but it is easy to sort it and it works perfectly once all=
the steps are in place.


Neil Williams

Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)