Two questions

John Clizbe JPClizbe at comcast.net
Thu Sep 15 09:12:06 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gary Graham wrote:
> I have a couple questions I have not been able to figure out on my own.
> First, and probably easiest: Is it possible to put a photo into a
> key?  I see some keys have it, but have not figured how to do it.

gpg --edit-key <keyID> addphoto

> Second: I have a Thawte Freemail certificate. I have Enigmail set to
> use it.  How do I import it, or whatever, it into my GNUpg keyring?  I
> see several have done it.

How do I say "It's more trouble than it's worth"? You have to use PGP as an
intermediate step. The CA cert on X.509 certificate is not recognized by
GnuPG 1.4.x and shows up as a signature from keyid 0x00000000. PGP will
consider the X.509 as a valid key if you import the CAs keys and sign them
as a trusted introducer.  For GnuPG to consider the X.509 RSA key material
valid you need to either sign the key with your default key or self-sign the
key.

Unless your identity has been verified by Thawte's Assurance program, the
key will have your name as "Thawte Freemail Member" - not exactly a stand
out on the keyservers. Key prefs are another pain. Am imported Thawte cert
shows:
     Cipher: 3DES
     Digest: SHA1
     Compression: ZIP, Uncompressed

A GnuPG created key shows:
     Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA
     Digest: SHA1, SHA256, RIPEMD160
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify

My last post to this list gave a brief overview. If you still want to do it,
it's best to ask for more help over on the PGP-Basics Yahoo! group.
http://groups.yahoo.com/group/PGP-Basics/

Also, Enigmail WILL NOT use X.509 keys. You have most likely configured
S/MIME to use your Thawte certificate. That's the 'Security' tab in TB's
account settings. Enigmail is configured on the 'OpenPGP Security' tab.


- --
John P. Clizbe                      Inet:   John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?"        / "two words: good decisions."
"what's the key to good decisions?" /  "one word: experience."
"how do i get experience?"          / "two words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold conversations?"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3-cvs-3891-2005-09-13 (Windows 2000 SP4)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Be part of the £33t ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDKR7FHQSsSmCNKhARAuMrAJ4nrbsFJN23d06f00C1XRM5GhW6swCgrCGm
vrOXWyIrGLewNbDkFqOnSbw=
=zCI9
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list