certificat for a key pair

Henry Hertz Hobbit hhhobbit at securemecca.net
Thu May 30 08:28:55 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 05/29/2013 07:27 PM, Doug Barton wrote:
> On 05/29/2013 12:09 PM, Henry Hertz Hobbit wrote: | On 05/29/2013
> 06:12 AM, edgard devaux wrote: |> hello using Gnupg with linux
> debian 7.0 and gnome; i created a |> key pair. my e-mail client
> asks me a certificat for personal to |> sign , and an other
> certificat for the key. How can i get this |> certificat for
> keyring , i don't find where . excuse my english |> (i'm
> franchman). thanks edgard | | Thunderbird: ============
> http://wiki.debian.org/EmailClients | | If you are using
> Thunderbird, do NOT install enigmail with an | apt-get with a sudo!
> Also do not set up one common folder but have | separate email
> sections for each POP or IMAP email account. Another | way to add
> enigmail to Thunderbird: | |
> https://addons.mozilla.org/fr/thunderbird/addon/enigmail/ | | Add
> it as yourself, not as root.  The apt-get way of doing things |
> here may not work.  You end up installing it in the system |
> thunderbird (/usr/lib/thunderbird) folder.  You want enigmail |
> installed in your ~/.thunderbird folder. | | Once enigmail is
> installed, you can specify specifically what key | you want used
> with each email account by clicking on the email | account and then
> view settings then OpenPGP.
> 
> That advice is contrary to the conventional wisdom, which is to
> use the same method to install Enigmail that you use to install 
> Thunderbird (i.e., apt-get + apt-get, or manually + manually). Can
> you please explain your reasoning here?

First, whose advice?  I was advised to blacklist nouveau with
a certain file on OpenSuSE 11.4 that didn't exist because Linux
cannot upgrade the video drivers when you install a new video
card so I had to do the upgrade manually as it always has been
done.  Hint:  look for a file with the pattern "blacklist" in
the /etc/modprobe.d/ folder and put the "blacklist nouveau" in
that file to get it to accept the new Nvidia driver - similarly
for Ubuntu which is Debian based for 10.04:

http://securemecca.com/public/DemingLinux/OpenSuseNvidia.txt
http://securemecca.com/public/DemingLinux/UbuntuNvidia.txt

OpenSuSE also installed the clamav program without creating
the requisite clamav group and clamav user (it really IS
necessary).  Ergo, much advice while being given with good
intentions is wrong.  Sometimes that wrong hurts and some
times it doesn't hurt.

In the case of adobe flash Player, just like downloading  my
video drivers files from either the chip creator or the video
card creator it hurts.  For Windows it doesn't hurt too bad
unless you are a gamer.  The drivers from Micorosoft are at
least 3 months and most likely 6 months to a year older than
what you get from the chip vendor.  For adobe flash player you
get a convoluted list of symlink files and no way to backroll
to the previous flash player because of lib or other problems,
with the Ubuntu update not supplying the update anyway.  So I
do it myself:

http://www.adobe.com/
(click on flash player under downloads)
http://securemecca.com/public/UbuntuFlashInstall-11.txt

Now I can backroll if needed.  Sysadmins for even small Linux
shops will set up a symlink on each machine in the plugins
to point to yet another symlink on a UFS mount.  They then
just remove and re-establish the symlink on the NFS mount to
point to the new flash player.  If they run into problems they
just point the symlink on the UFS mount back to the old binary.
That beats the convoluted mess I saw employed by Ubuntu where
they even had links going through /etc for flash player. Ubuntu
doesn't want to handle the flash player anyway since it is
licensed by Adobe.

In the case of enigmail, it is an add-on and like Firefox the
enigmail is just an XPI install file. Just like the XPI installs
got Adblock Plus (ABP), Cookie-Safe, and other Firefox add-ons
which are installed into ~/.mozilla/firefox, by Firefox, the
enigmail XPI install add-on gets installed into ~/.thunderbird
by Thunderbird.  That is the proper way to do it.

That is how I did it with OpenSuSE 11.4 which is an RPM based
Linux.  This time around I just closed Thunderbird on OpenSuSE,
removed all the files in ~/.thunderbird/${HASH}.default/Cache,
then made a backup:

$ cd ; umask 077 ; rm /home/backups/${USERNAME}/thunderbird.7z
$ 7za a -p /home/backups/${USERNAME}/thunderbird.7z ./.thunderbird
(this zips it with an AES-128 encryption - supply password)

I installed Thunderbird on Ubuntu 10.04 (the end of the line)
via Synaptic Package Manager.  I then copied the thunderbird.7z
file onto a flash drive and from it onto the Ubuntu machine which
had an older version of Thunderbird.  I then unzipped it into
the ${HOME} folder.  When Thunderbird started it automatically
checks and in that case backrolled to the previous version of
enigmail because of an older version of thunderbird.  Two days
later Ubuntu upgraded Thunderbird with me closing the Thunderbird
program first via the File - Quit method.  If you click on the
X icon Thunderbird may continue to run during the upgrade!  When
I started Thunderbird again it updated enigmail to the newer
version of enigmail.  Where did the enigmail downgrade and
upgrade come from?  The Mozilla distributed mirror download
servers.  You are going to get the proper version of enigmail
from them eventually so why not start there in the first place?
That is what the RPM based distros do anyway.  They consider it
safe enough and so do I. Debian was royally hacked years ago and
even linux.org (where the kernel is) was hacked a year or so
ago.  I haven't heard of the Mozilla mirrors being hacked but
it is possible. Even then you are depending on randomly
getting the bad enigmail XPI file from the hacked mirror server.
You are much more likely to get the new one.

Actually I regularly zip the ~/.thunderbird folder and transfer
it to ,y other machine to keep both versions in sync.
Thunderbird has never failed in older ---> newer.  It may fail
if you do a newer ---> older but only if the older version of
Thunderbird doesn't know what to do with a newer files.  I of
course move ~/.thunderbird to ~/zzz.thunderbird before putting
the new  files from the other machine in place.  This sneaker-net
synchronization has never failed.  You would probably turn
pale at doing it.  Me?  I have redundant mail on two systems in
case one machine fails (which has happened).  That is infinitely
more important than worrying how enigmail got installed into
my ~/.thunderbird folder.  If you want to use apt-get go ahead
but don't blame me when you shift to an RPM based Linux distro
and have to do it the Mozilla way anyway.

Oh yes, I have been using Unix since the 1970s, and have been a
Unix admin since the 1980s.  I can do things like re-establishing
/dev/null which may turn you pale when it gets lost by a Linux
install.  Why does Linux lose it when I have never had real Unix
lose it?  I don't know.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBCAAGBQJRpvGnAAoJEMhFIk/IOUbwTeQH/iQf/RBmmIrAe0PjRwdn6Egs
qB8ckSBVLMrG0FhexErnIjwCf6T57SrpXLJ5Ja486sz9Va6ftJVMhGz321WCM28y
6xllg9aD464MdKMZvF4jaQZ55xwUzef3yqKn2++oifsmRhp91WqZ3pGI2ZPTm/LB
z43BR1xa9X1GAnIxNiwsRzRyUwhHZ3IJbrPmjNi6o1fs3BeL7ro+J5pzUkRbtkw1
koJVgAo/CSlcxH+e52miYpAPg4A02s06p7zhjJQZVuld7jUc6YFZMyY192nZ2++x
5YZ48XC7vQAI/pQ2zacJe8DT+H+/BOBeUpDckIkIy4RHAwxzbkkkQzIZTaDMABA=
=judH
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list