Am I Missing Something?

Thu May 29 17:11:13 CEST 2008

Carlos Williams wrote the following on 5/29/08 10:21 AM:
> I am trying to generate a key and start using it with Mozilla Thunderbird /
> Enigmail & I am obviously missing something. I generated a key on my system
> using the following command:
> 
> cwilliams at tunafish:~$ gpg --gen-key
> 
> You can see below exactly what I did and I am now unclear once I created
> this key how to start using it with my email client. Am I missing something?

[...]

I don't know which Thunderbird and Enigmail versions you are using, but
this should help (I am using the Macintosh version, but there shouldn't
be significant differences if you are using another platform):

If you want to use the key you have generated to sign outgoing messages,
and to self-encrypt, please select 'Account Settings" from your Menu
options.

This will display a page where your account(s) are listed.

Select "OpenPGP Security", and input the options you want to use, first
of all 'Enable OpenPGP support (Enigmail) for this identity'

Select 'Use specific OpenPGP key ID (0x1234ABCD):
Click the button 'Select Key...' located at the right end of the empty
field. This will launch a window 'Select OpenPGP Key for Encryption.
Select (highlight) the row where your key is listed, go to the bottom of
the window, and click OK.

This will bring you back to the previous window, where your account(s)
is listed, but now the previously empty field will show the key ID of
your selected key, beginning with 0x (that's zero x).

Select other options you want to save, e.g.:
'Sign non-encrypted messages by Default'  IF you want to sign ALL your
outgoing messages.
'Sign encrypted messages by default', that's a good idea...
'Encrypt messages by default', NOT a good idea, since you will be
posting messages to lists, and you don't post encrypted messages to a
list (unless it is a special list where all postings are encrypted with
a shared public key). gnupg-users is NOT such a list.
'Use PGP/MIME by default', not a good idea, keep the choice to yourself.
Click 'Advanced', this will display another window where you can select
options for 'Send OpenPGP Header'
'Send OpenPGP Key ID' if you want your Key ID to be included in the
headers of the messages you send.
'Send URL for key retrieval: an empty field where you can enter the URL
where from your public key can be downloaded.
'Attach public key to signed or encrypted messages'. If you select that
option, *every time* you send a signed message to a list, your public
key will be attached, and that's a little too much, you can choose to
attach your public key manually in OpenPGP Preferences.
Click the OK button, you will be brought back to the previous window,
click the OK button, and you are set.

By the way, you choose to erase, in your message, the Key ID of your
public key, and that's your privilege. But if you are going to send
signed messages to people, you might want your recipients to be able to
verify your signature, and they need your public key.

You can choose to upload your public key (it is a *public* key) to a key
server, where from it will propagate to other keyservers, allowing your
correspondents to download your key when needed.

Last, but not least, since you are going to use Thunderbird+Enigmail, I
suggest that you subscribe to the Enigmail mailing list, visit
Enigmail's site <http://enigmail.mozdev.org/home/index.php> and
<http://www.mozdev.org/mailman/listinfo/enigmail/>

Best of luck,
Charly