Question for app developers, like Enigmail etc. - Identicons

Stefan Claas stefan.claas at posteo.de
Sun Jun 4 12:39:03 CEST 2017


On 04.06.17 11:50, Ben McGinnes wrote:

> On Sun, Jun 04, 2017 at 11:21:33AM +0200, Stefan Claas wrote:
>> The reason why i ask, i started to use Thunderbird with Enigmail and
>> Enigmail shows me always Untrusted Good Signature with a 32bit key ID,
>> when i have not carefully verified the persons pub key and --lsign'ed
>> the pub-key. Showing only the long key id or the complete fingerprint
>> is imho more difficult to quickly memorize than an additionial shown
>> identicon (computed from the fingerprint).
> You shouldn't need to memorise it.  In Enigmail you can create rules
> for addresses to link to preferred keys, as well as set whether or not
> to encrypt all messages or just sign and so on.  Most MUAs which
> support GPG provide some method of doing this and GPG itself supports
> that function with group lists in the gpg.conf file.

 Thank you for the information, i will check it out.
>
> If the version of GPG you have installed supports it, you should
> probably add this to your gpg.conf:
>
>     trust-model tofu+pgp
>     tofu-default-policy unknown
>
> That will gradually build a more practical web-of-trust which keeps
> track of seen keys for you.

 I use GPGTools and therefore can't use it yet.
>
>> P.S. With scallion it took me only seconds/or a minute to generate
>> a fake pub-key with the same 32bit key id, on my old notebook.
> Yes, this has been possible for a long time now.  Most people use a
> 64-bit view for that reason.  This is now the default view in GPG 2.1,
> along with displaying the full finterprint.  If you do not have GPG
> 2.1.x installed, such as if you're using GPGTools on OS X or GPG4Win,
> then add "keyid-format 0xLONG" to your gpg.conf file.
>
I did that, but Enigmail still shows me the short key-id. :-(

Regards
Stefan





More information about the Gnupg-users mailing list