From 3e473dd56bba5e4231f74c8554f84cfdd4db534a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 29 Jun 2013 11:13:14 +2000 Subject: [PATCH] Re: Emacs not finding keys to verify signatures --- ac/609b2734a9d73c39c9eed9c348376634a505b8 | 129 ++++++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 ac/609b2734a9d73c39c9eed9c348376634a505b8 diff --git a/ac/609b2734a9d73c39c9eed9c348376634a505b8 b/ac/609b2734a9d73c39c9eed9c348376634a505b8 new file mode 100644 index 000000000..e7871f478 --- /dev/null +++ b/ac/609b2734a9d73c39c9eed9c348376634a505b8 @@ -0,0 +1,129 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 17FF7431FBD + for ; Fri, 28 Jun 2013 08:13:27 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 0 +X-Spam-Level: +X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] + autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id 8cg-SO+y2RnT for ; + Fri, 28 Jun 2013 08:13:19 -0700 (PDT) +Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) + by olra.theworths.org (Postfix) with ESMTP id E6FE6431FB6 + for ; Fri, 28 Jun 2013 08:13:18 -0700 (PDT) +Received: from [192.168.23.229] (dsl254-070-154.nyc1.dsl.speakeasy.net + [216.254.70.154]) + by che.mayfirst.org (Postfix) with ESMTPSA id B6901F979; + Fri, 28 Jun 2013 11:13:16 -0400 (EDT) +Message-ID: <51CDA80A.9050700@fifthhorseman.net> +Date: Fri, 28 Jun 2013 11:13:14 -0400 +From: Daniel Kahn Gillmor +User-Agent: Mozilla/5.0 (X11; Linux x86_64; + rv:17.0) Gecko/20130518 Icedove/17.0.5 +MIME-Version: 1.0 +To: David Bremner +Subject: Re: Emacs not finding keys to verify signatures +References: + <87sj07a72g.fsf@thinkpad.i-did-not-set--mail-host-address--so-tickle-me> + <87sj028ovv.fsf@zancas.localnet> <87ehbmpeg5.fsf@mbp.dbpmail.net> + <87zjua9sxi.fsf@convex-new.cs.unb.ca> +In-Reply-To: <87zjua9sxi.fsf@convex-new.cs.unb.ca> +X-Enigmail-Version: 1.5.1 +Content-Type: multipart/signed; micalg=pgp-sha512; + protocol="application/pgp-signature"; + boundary="----enig2OHGJQORHRDAFGBXAMMAP" +Cc: notmuch@notmuchmail.org +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Fri, 28 Jun 2013 15:13:27 -0000 + +This is an OpenPGP/MIME signed message (RFC 4880 and 3156) +------enig2OHGJQORHRDAFGBXAMMAP +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: quoted-printable + +On 06/28/2013 11:05 AM, David Bremner wrote: +> Daniel Patterson writes: +>=20 +>> One thing I forgot to mention - I have notmuch running on a remote +>> server through ssh. I don't really imagine this would be an issue, but= + +>> maybe? (I also have the library installed locally, for emacs). +>=20 +> The verification of the message happens in the notmuch CLI, so on the +> the remote host. I guess the downloading is happening on the local host= +, +> so that is quite possibly the problem. + +i'm quite sure this is the problem, that was a relevant bit of info to +include :) + +Daniel: on your remote host, have you tried fetching the relevant keys +into your gpg keyring? you don't need to create any secret key material +on the remote host, just fetch the keys as you normally would any other +user's public key material; then you'll want to mark your own key as +"ultimately" trusted on the remote host. + +So, for example, on the remote host: + + gpg --keyserver ha.pool.sks-keyservers.net --recv +0x36EEAD9EA53D20B79C383EED2747EC48A98D4AF0 + + gpg --edit-key 0x36EEAD9EA53D20B79C383EED2747EC48A98D4AF0 trust + +you'll want to maintain this public keyring on that host to be able to +verify the messages, but you don't need to do anything else with it. + +this makes me wonder if the actions that get triggered on those +"unverified" crypto buttons in the display interface need to be +customizable to send the commands to a remote gpg as well, instead of +assuming that they are local. + +please report back with how that works for you! + + --dkg + + +------enig2OHGJQORHRDAFGBXAMMAP +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: OpenPGP digital signature +Content-Disposition: attachment; filename="signature.asc" + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) +Comment: Using GnuPG with Icedove - http://www.enigmail.net/ + +iQJ8BAEBCgBmBQJRzagMXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w +ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB +NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpc//MP/RaS0FTtnfPoMxc97/4gUJq2 +QmJC7RK/uES6Vdmg+/LrykkU3a6085u5QwWM3ZzdUJYLUgveCb/bMHAGS3tKTxoy +P2lHBwv5K+OQc+yoiciWQhq6DT0YsvQEM3v51QI+43MQmomqIN2UU7x2L7wveAfX +hV1DtKy7WkWV11GKn7c28LoiUQTcWJPHkTBxuHddgwf1SEpWu+YJ8rAg60DqIJzZ +CDPhHzO1Rk96drTvXll5KFGOIl7deEOWd4N5bmiwnfSvoxf56B2aGoIbaQ8M1NWS +h4SWVIYIvPbO6CwbIJw9wlEZZtTEGtKqjQBmoq47gLqSNmFO6whdlUm1OeqZz+Qe +ElY9UZeEk17ipWi9L1YkwHArxPKrZ0w4ctbfwTc7Ja3O5GgF9EcGMWNlamWhCi7X +34dGjthCJExVkIo7uBDyjI+HkQCIOl0+at4Oc88aRF6hCz3hETxYl6G/RKAzawd+ +OOVfkKGefUYyJ1z1VGUyCp/m3MVd7V+U7h4RTKVo/OV1PubNdZUGDfpR60i0PYeB +bnQNyDnlqdxfjLBBbxzrhr/MojmDDftAEHxH7dqfq7w/cwo5wy85fK8HGdvill9f +22sOJpo0pW/l1LXwVYfQ7LDYHvAewouEugczqcucOnPqu4g7JlY+aiAcbDwrvCt9 +2QpktiEAWTQvYcPI488V +=ZtS/ +-----END PGP SIGNATURE----- + +------enig2OHGJQORHRDAFGBXAMMAP-- -- 2.26.2