ShortCut[GPG]: Mysterious crypto mails
When I write mails to people for the first time they usually answer them immediately with something like
What is that crazy crypto stuff surrounding your mails? Wondering why I can't read it!?
There are lots of legends out there belonging to this clutter, most of them are only fairy tales, here is the one and only true explanation!
As a friend of security I always try to encrypt my mails via GPG. That is only possible if the recipient is also using GPG and I have his/her public key. If this is not the case, I just sign my mail to give the addressee the chance to verify that the mail is from me and nobody else on its way has modified the content of the mail. So the clutter is the electronic signature of the mail! It’s a simple ASCII code, however not readable for human eyes but readable for some intelligent tools.
There are two kinds of signatures:
- inline signature: it surrounds the message with cryptographic armor. That has the disadvantage that you can't sign attachments or HTML mails and the text is more or less hidden between PGP-goodies.
- attached signatures: the crypto stuff is attached as signature.asc. With the disadvantage that mailservers may be alarmed from this attachment and drop the mail.
Since I usually write ASCII mails without attachments I sign them inline. Such a signed mail that reaches your inbox may look like:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Malte,
just asking for the weather on the other shore!?
Regards, Martin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk0hAAsACgkQ2bNRc0RtswagiwCeL5HPAGff5U34ldjeHIAgHiHS
T48AnjB+XPC7fTWcYw7S94IWAzvDTGkD
=PLl7
-----END PGP SIGNATURE-----Depending on the used mail-client I usually also attach my public key, so if you’re using a mail-client that is able to handle GPG signed/encrypted mails it should parse the crypto stuff and verify whether the signature is correct or not. In this case the mail will be collapsed so that you’ll see something like this (with an indication whether the signature was valid or not):
Dear Malte,
just asking for the weather on the other shore!?
Regards, MartinBut if you’re using a client that doesn’t ever heard about GPG it won’t recognize the cryptographic parts and you’ll only see lot’s of clutter. In this case I recommend to change the mail-client! ;-)
To learn more about GPG take a look at gnupg.org.
- explained (43) ,
- gnu (22) ,
- mail (11) ,
- network (81) ,
- security (31) ,
- shortcut (10) ,
- thunderbird (6) ,
- icedove (6) ,
- ugly (26)
Martin Scharm
Leave a comment
There are multiple options to leave a comment:
- send me an email
- submit a comment through the feedback page (anonymously via TOR)
- Fork this repo at GitHub, add your comment to the _data/comments directory and send me a pull request
- Fill the following form and Staticman will automagically create a pull request for you:
1 comment
malte!!!