~rjarry/aerc-discuss

7 5

Signing email with a smartcard

Details
Message ID
<CN2UCY91XJRS.14VBB1ZM4TPO0@vm-book>
DKIM signature
missing
Download raw message
I'm no expert in this and don't really know how it works, but could it
be possible to sign emails with a smart card?

I know that I can sign my git commits with it, using something like:

	signingkey=$( gpgsm -K | egrep '(key usage|ID)' | grep -B 1 digitalSignature | awk '/ID/ {print $2}' )
	git config --global user.signingkey $signingkey
	git config --global gpg.format x509
	git config --global commit.gpgsign true

Also don't know how this works, but apparently for thunderbird and
evolution the `pkcs11-register` is used.
Details
Message ID
<20220922112024.wcavorntcwcbnphq@arch>
In-Reply-To
<CN2UCY91XJRS.14VBB1ZM4TPO0@vm-book> (view parent)
DKIM signature
missing
Download raw message
On Thu, Sep 22, 2022 at 12:00:58PM +0200, Vladimír Magyar wrote:
>I'm no expert in this and don't really know how it works, but could it
>be possible to sign emails with a smart card?

https://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2507486

If I remember correctly, GnuPG can work with smart cards directly. And
the interface for keys that are on smart cards is the same as for the
ones in your home directory—so it will probably be transparent for Aerc
once you add make your smart card work with GPG.

I never signed emails with smart card, and it's been a while since I
even used one, so I can't give you better pointers.
Details
Message ID
<CN2W4ODXTJ43.1JJRJ7KS0LHS4@TimBook-Arch>
In-Reply-To
<CN2UCY91XJRS.14VBB1ZM4TPO0@vm-book> (view parent)
DKIM signature
missing
Download raw message
On Thu Sep 22, 2022 at 5:00 AM CDT, Vladimír Magyar wrote:
> I'm no expert in this and don't really know how it works, but could it
> be possible to sign emails with a smart card?
>
> I know that I can sign my git commits with it, using something like:
>
> 	signingkey=$( gpgsm -K | egrep '(key usage|ID)' | grep -B 1 digitalSignature | awk '/ID/ {print $2}' )
> 	git config --global user.signingkey $signingkey
> 	git config --global gpg.format x509
> 	git config --global commit.gpgsign true
>
> Also don't know how this works, but apparently for thunderbird and
> evolution the `pkcs11-register` is used.

Hey Vladimir -

This should be possible. I would guess that if you run that command for
signing key, and use that output as the pgp-key-id in your account
config.

Tim
Details
Message ID
<CN3JMU9GH4PV.247CWNBABWXPD@vm-book>
In-Reply-To
<CN2W4ODXTJ43.1JJRJ7KS0LHS4@TimBook-Arch> (view parent)
DKIM signature
missing
Download raw message
When I add the output of that signingkey to `pgp-key-id` and then try to
`:sign` the message, aerc prints this error:

	Cannot sign message: entity not found in keyring
Jens Grassel <jens@wegtam.com>
Details
Message ID
<CN3KYT1E60HS.34URWTRGDG48D@bianca-beakley.nowhere.wegtam.com>
In-Reply-To
<CN3JMU9GH4PV.247CWNBABWXPD@vm-book> (view parent)
DKIM signature
missing
Download raw message
Hi,

On Fri Sep 23, 2022 at 7:49 AM CEST, Vladimír Magyar wrote:
> When I add the output of that signingkey to `pgp-key-id` and then try to
> `:sign` the message, aerc prints this error:
>
> 	Cannot sign message: entity not found in keyring

did you set `pgp-provider=gpg` in aerc.conf?

Kind regards,

Jens

-- 
Wegtam GmbH, CTO 2022-09-23 08:51
Homepage : https://www.wegtam.com

<gorgo> what do you get when someone cracks your debian machine ?
<gorgo> mashed potato...
Details
Message ID
<CN3L22K5OIV6.2L3WD688VDHRX@vm-book>
In-Reply-To
<CN3KYT1E60HS.34URWTRGDG48D@bianca-beakley.nowhere.wegtam.com> (view parent)
DKIM signature
missing
Download raw message
No, but I added it, now it prints this:

	Cannot sign message: no private key found
Details
Message ID
<CN3LFM17K6Z5.3BGH01EPTAADG@vm-book>
In-Reply-To
<CN3L22K5OIV6.2L3WD688VDHRX@vm-book> (view parent)
DKIM signature
missing
Download raw message
I think, it has something to do with

	git config --global gpg.format x509

git then uses `gpgsm` (I think), and not just `gpg`. This would need to
be added to aerc because `pgp-provider` cannot take `gpgsm`.
Details
Message ID
<CN3ND1F4N95S.25H7Q14PNJIGA@hades.moritz.sh>
In-Reply-To
<CN3LFM17K6Z5.3BGH01EPTAADG@vm-book> (view parent)
DKIM signature
missing
Download raw message
On Fri Sep 23, 2022 at 9:13 AM CEST, Vladimír Magyar wrote:
> git then uses `gpgsm` (I think), and not just `gpg`. This would need to
> be added to aerc because `pgp-provider` cannot take `gpgsm`.
S/MIME support is slowly boiling in my back-kitched. Until then the
values from ~/.gnupg/gpg.conf are used most of the time.

-- 
Moritz Poldrack
https://moritz.sh
Reply to thread Export thread (mbox)