Question for app developers, like Enigmail etc. - Identicons
stefan.claas at posteo.de
Sun Jun 4 12:39:03 CEST 2017
On 04.06.17 11:50, Ben McGinnes wrote:
> On Sun, Jun 04, 2017 at 11:21:33AM +0200, Stefan Claas wrote:
>> The reason why i ask, i started to use Thunderbird with Enigmail and
>> Enigmail shows me always Untrusted Good Signature with a 32bit key ID,
>> when i have not carefully verified the persons pub key and --lsign'ed
>> the pub-key. Showing only the long key id or the complete fingerprint
>> is imho more difficult to quickly memorize than an additionial shown
>> identicon (computed from the fingerprint).
> You shouldn't need to memorise it. In Enigmail you can create rules
> for addresses to link to preferred keys, as well as set whether or not
> to encrypt all messages or just sign and so on. Most MUAs which
> support GPG provide some method of doing this and GPG itself supports
> that function with group lists in the gpg.conf file.
Thank you for the information, i will check it out.
> If the version of GPG you have installed supports it, you should
> probably add this to your gpg.conf:
> trust-model tofu+pgp
> tofu-default-policy unknown
> That will gradually build a more practical web-of-trust which keeps
> track of seen keys for you.
I use GPGTools and therefore can't use it yet.
>> P.S. With scallion it took me only seconds/or a minute to generate
>> a fake pub-key with the same 32bit key id, on my old notebook.
> Yes, this has been possible for a long time now. Most people use a
> 64-bit view for that reason. This is now the default view in GPG 2.1,
> along with displaying the full finterprint. If you do not have GPG
> 2.1.x installed, such as if you're using GPGTools on OS X or GPG4Win,
> then add "keyid-format 0xLONG" to your gpg.conf file.
I did that, but Enigmail still shows me the short key-id. :-(
More information about the Gnupg-users