On 04.01.2020 19:37, August Abolins : Wilfred van Velzen :

Key management could be a nightmare across multiple devices.

I export my secret keys to a "home" directory in my LAN, and then I can
import them to any workstation.

Enigmail is a nice tool, as well as kleopatra of gpg4win package.

'Tommi

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 04/01/2020 3:27 p.m., Tommi Koivula : August Abolins wrote:

Key management could be a nightmare across multiple devices.

I export my secret keys to a "home" directory in my LAN, and
then I can import them to any workstation.

I might like to use it from a laptop that I carry around, and from a
desktop at another location. I guess I can delegate the laptop as my
"home". I usually have the laptop with me wherever I go anyway.

I wouldn't want to store keys on a USB though. I lost a USB (fell off my keychain!) last year. Among other files, I had an MS Access database
copy on it, and lo an behold, a resourceful person actually explored the details and extracted credit card info from the .accdb file. I noticed
the unusual charges pretty much right away, but all was taken care of well.

Meanwhile, I found a PGP app for my Blackberry. Getting the secret keys
to it in a secure way are a bit tricky though. But once done, I should
be fine for several years.

Enigmail is a nice tool, as well as kleopatra of gpg4win
package.

It is absolutely amazing that a simple add-on can introduce a nice new
feature to TB.

I am having trouble signing this message! Enigmail is sending me in a loop!

../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-05 02:30:00, you wrote to me:

Apparently, I haven't fully explored its full configuration options.
There are so many. I saw a setting on my other pc where I could
"assign" other identities to the existing ones. Maybe that is the
answer.

Probably!

Next to being able to sign messages in echomail/newsgroups, fully encrypted messages only make sense in email - direct to a specific individual.

Or routed netmail!

But are those older keys still usable? I have two keys from
1993, I no longer remember the passwords for. :-( But they
aren't on the keyservers afaik, so nobody will be tempted
to use them. ;)

That's the beauty of pulling down the keys and checking their
properties. The properties will reveal creation dates, expiry dates, revocations,etc. It would be relatively easy to just pick the most
recent date, and send a brief hello message with a CC: and see which
ones reach their target.

If there are multiple keys to choose from...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-05 03:21:24, you wrote to me:

If you used decent passwords for the secret keys, it
doesn't matter if the files fall in the wrong hands...

I could email the secret keys between my devices, but I don't like the idea that email in general is in the clear and the isp/systems enroute
can cache and record anything.

You can use a common storage place, either on your own network or external lile
dropbox. If that's an encrypted place (I don't know if dropbox is by default?) that would be even better.

The passphrase is fairly decent. I am confident that no one would be
able to guess it.

Than it doesn't matter too much what you use to exchange the secret key files.

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Re: Key management could be a nightmare
By: August Abolins to Wilfred van Velzen on Sun Jan 05 2020 03:21:24

I could email the secret keys between my devices, but I don't like the
idea that email in general is in the clear and the isp/systems enroute
can cache and record anything.

use pgp/gpg to encrypt it, then email it, and decrypt it on the other end...


)\/(ark
--- SBBSecho 3.10-Linux
* Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)

Hello mark!

** 05.01.20 - 07:46, mark lewis wrote to August Abolins:

Re: Key management could be a nightmare
By: August Abolins to Wilfred van Velzen on Sun Jan 05 2020 03:21:24

I could email the secret keys between my devices, but I don't like
the idea that email in general is in the clear and the isp/systems
enroute can cache and record anything.

use pgp/gpg to encrypt it, then email it, and decrypt it on the other
end...

Still working through the morning coffee? <BWG>

I need that key on the other end *before* I can decrypt anything.

;)




../|ug

--- OpenXP 5.0.42
* Origin: /|ug's Point, Ont. CANADA (2:221/1.58)

On 1/5/2020 7:12 AM, between "Wilfred van Velzen : August Abolins":

I could email the secret keys between my devices, but I
don't like the idea that email in general is in the clear
and the isp/systems enroute can cache and record anything.

You can use a common storage place, either on your own
network or external lile dropbox. If that's an encrypted
place (I don't know if dropbox is by default?) that would
be even better.

Hello Wilfred!

I have an option for my Blackberry. I can send it through my own wi-fi connections to a file directory on the device. But I have to do it from
my Win7 pc desktop which is at a remote location. :(

The passphrase is fairly decent. I am confident that no one
would be able to guess it.

Than it doesn't matter too much what you use to exchange
the secret key files.

Nah.. Even if the secret key were sent with Gmail for example, its copy
would be grabbed and stored in the cloud forever. The "they" people
could then feed the key to their petra flop computers to try and crack it.

I think it is absolutely imperative to never transfer a secret key
through a transfer mechanism that I don't have exclusive control over.

../|ug

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Re: Key management could be a nightmare
By: August Abolins to mark lewis on Sun Jan 05 2020 09:10:00

use pgp/gpg to encrypt it, then email it, and decrypt it on the other
end...

Still working through the morning coffee? <BWG>

nope, not when i wrote that...

I need that key on the other end *before* I can decrypt anything.

are you saying that you cannot simply encrypt some text and decrypt it? i don't
mean to encrypt it to a specific individual... just general encryption with a phrase... pgp used to do that and i used it numerous times to send stuff to others with no keys involved...


)\/(ark
--- SBBSecho 3.10-Linux
* Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)

On 05/01/2020 1:10 p.m., mark lewis : August Abolins wrote:

Still working through the morning coffee? <BWG>

nope, not when i wrote that...

No offense meant.

I need that key on the other end *before* I can decrypt
anything.

are you saying that you cannot simply encrypt some text and
decrypt it? i don't mean to encrypt it to a specific
individual... just general encryption with a phrase... pgp used
to do that and i used it numerous times to send stuff to others
with no keys involved...

Thank you for mentioning just plain encryption (without keys). I hadn't
thought of that. Apparently, *I* hadn't finished *my* morning coffee.

WRT to my Blackberry, where I need to send the keys, I am not aware of
away to decrypt a message that I simply encrypted somewhere else.

The pgp app on the Blackberry only operates with established keys.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 04/01/2020 3:27 p.m., Tommi Koivula : August Abolins wrote:

Enigmail is a nice tool, as well as kleopatra of gpg4win package.

Hmmm..

Apparently, I had kleopatra (via gpg4win) already on the pc that I use
for TB 60.

Very nice. It seems to tie in to the existing gpg package that the
Enigmail installation created, and they use the same local database for
the keys.

Even searching for keys is more responsive with the default server(s).

Thanks for mentioning kleopatra.

Now I wonder if kleopatra would solve the server access problem in the
older Enigmail/TB 2.0.0.24 combo on my XP pc.

../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)