I'm no expert in this and don't really know how it works, but could it
be possible to sign emails with a smart card?
I know that I can sign my git commits with it, using something like:
signingkey=$( gpgsm -K | egrep '(key usage|ID)' | grep -B 1 digitalSignature | awk '/ID/ {print $2}' )
git config --global user.signingkey $signingkey
git config --global gpg.format x509
git config --global commit.gpgsign true
Also don't know how this works, but apparently for thunderbird and
evolution the `pkcs11-register` is used.
On Thu, Sep 22, 2022 at 12:00:58PM +0200, Vladimír Magyar wrote:
>I'm no expert in this and don't really know how it works, but could it>be possible to sign emails with a smart card?https://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2507486
If I remember correctly, GnuPG can work with smart cards directly. And
the interface for keys that are on smart cards is the same as for the
ones in your home directory—so it will probably be transparent for Aerc
once you add make your smart card work with GPG.
I never signed emails with smart card, and it's been a while since I
even used one, so I can't give you better pointers.
On Thu Sep 22, 2022 at 5:00 AM CDT, Vladimír Magyar wrote:
> I'm no expert in this and don't really know how it works, but could it> be possible to sign emails with a smart card?>> I know that I can sign my git commits with it, using something like:>> signingkey=$( gpgsm -K | egrep '(key usage|ID)' | grep -B 1 digitalSignature | awk '/ID/ {print $2}' )> git config --global user.signingkey $signingkey> git config --global gpg.format x509> git config --global commit.gpgsign true>> Also don't know how this works, but apparently for thunderbird and> evolution the `pkcs11-register` is used.
Hey Vladimir -
This should be possible. I would guess that if you run that command for
signing key, and use that output as the pgp-key-id in your account
config.
Tim
When I add the output of that signingkey to `pgp-key-id` and then try to
`:sign` the message, aerc prints this error:
Cannot sign message: entity not found in keyring
Hi,
On Fri Sep 23, 2022 at 7:49 AM CEST, Vladimír Magyar wrote:
> When I add the output of that signingkey to `pgp-key-id` and then try to> `:sign` the message, aerc prints this error:>> Cannot sign message: entity not found in keyring
did you set `pgp-provider=gpg` in aerc.conf?
Kind regards,
Jens
--
Wegtam GmbH, CTO 2022-09-23 08:51
Homepage : https://www.wegtam.com
<gorgo> what do you get when someone cracks your debian machine ?
<gorgo> mashed potato...
I think, it has something to do with
git config --global gpg.format x509
git then uses `gpgsm` (I think), and not just `gpg`. This would need to
be added to aerc because `pgp-provider` cannot take `gpgsm`.
On Fri Sep 23, 2022 at 9:13 AM CEST, Vladimír Magyar wrote:
> git then uses `gpgsm` (I think), and not just `gpg`. This would need to> be added to aerc because `pgp-provider` cannot take `gpgsm`.
S/MIME support is slowly boiling in my back-kitched. Until then the
values from ~/.gnupg/gpg.conf are used most of the time.
--
Moritz Poldrack
https://moritz.sh