Signing Email Messages
in [Debian]
|
Prev: AM3 socket Asus M4A87TD EVO motherboard work flawlessly in Debian?
Next: Maple 14 and Squeeze (amd64): SOLVED
From: Arthur Machlas on 2 Jul 2010 15:00 I just recently setup encrypted mail for my personal mail account, using icedove and enigmail. I'm curious about a general feature of "signing" the email. Why can't I just copy the "signature" portion of the email, which many people on this list attach to their posts, and paste it at the bottom of a fake email? Appreciate any comments or links you may have. Best, AM -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/AANLkTimh0BGCSIXX9G-y5XSV9Id3lQg-F8m5akXwwNCx(a)mail.gmail.com
From: Arthur Machlas on 2 Jul 2010 15:20 On Fri, Jul 2, 2010 at 2:11 PM, Celejar <celejar(a)gmail.com> wrote: > On Fri, 2 Jul 2010 13:52:47 -0500 > Arthur Machlas <arthur.machlas(a)gmail.com> wrote: > >> I just recently setup encrypted mail for my personal mail account, >> using icedove and enigmail. I'm curious about a general feature of >> "signing" the email. Why can't I just copy the "signature" portion of >> the email, which many people on this list attach to their posts, and >> paste it at the bottom of a fake email? Appreciate any comments or >> links you may have. > > Look at the signatures carefully. Â Each one, even from the same signer, > is different, and depends on the exact contents of the message. Â The > whole point of a signature is that if one is improperly attached to a > message, it won't match, and the mail reader or other client will > notice this. > > Celejar Make abundant sense. And I assume they'd need my public key to verify the signature? Thanks Celejar -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/AANLkTinffT_3NRLCKKoJKHHXhK4hvDq3Pw9Jk3Jx4Wu8(a)mail.gmail.com
From: Celejar on 2 Jul 2010 15:20 On Fri, 2 Jul 2010 13:52:47 -0500 Arthur Machlas <arthur.machlas(a)gmail.com> wrote: > I just recently setup encrypted mail for my personal mail account, > using icedove and enigmail. I'm curious about a general feature of > "signing" the email. Why can't I just copy the "signature" portion of > the email, which many people on this list attach to their posts, and > paste it at the bottom of a fake email? Appreciate any comments or > links you may have. Look at the signatures carefully. Each one, even from the same signer, is different, and depends on the exact contents of the message. The whole point of a signature is that if one is improperly attached to a message, it won't match, and the mail reader or other client will notice this. Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/20100702151100.78d1b697.celejar(a)gmail.com
From: Celejar on 2 Jul 2010 15:30 On Fri, 2 Jul 2010 14:17:50 -0500 Arthur Machlas <arthur.machlas(a)gmail.com> wrote: > On Fri, Jul 2, 2010 at 2:11 PM, Celejar <celejar(a)gmail.com> wrote: > > On Fri, 2 Jul 2010 13:52:47 -0500 > > Arthur Machlas <arthur.machlas(a)gmail.com> wrote: > > > >> I just recently setup encrypted mail for my personal mail account, > >> using icedove and enigmail. I'm curious about a general feature of > >> "signing" the email. Why can't I just copy the "signature" portion of > >> the email, which many people on this list attach to their posts, and > >> paste it at the bottom of a fake email? Appreciate any comments or > >> links you may have. > > > > Look at the signatures carefully. Each one, even from the same signer, > > is different, and depends on the exact contents of the message. The > > whole point of a signature is that if one is improperly attached to a > > message, it won't match, and the mail reader or other client will > > notice this. > > > > Celejar > > Make abundant sense. And I assume they'd need my public key to verify > the signature? Exactly. A mail client that receives a message signed by you generally tries to look up your public key from a keyserver. Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/20100702152738.8647475d.celejar(a)gmail.com
From: Brad Rogers on 2 Jul 2010 16:20 On Fri, 2 Jul 2010 14:17:50 -0500 Arthur Machlas <arthur.machlas(a)gmail.com> wrote: Hello Arthur, > Make abundant sense. And I assume they'd need my public key to verify > the signature? Yes. Upload it to one of the (many) keyservers available for this purpose, and they won't have to nag you for it. However, before you upload your public key, make sure you generate a revocation certificate for it. That way, if your key par ever do become compromised, you can still revoke the public key and generate a new key pair. -- Regards _ / ) "The blindingly obvious is / _)rad never immediately apparent" I am alone there's nobody there I Look Alone - Buzzcocks
|
Next
|
Last
Pages: 1 2 Prev: AM3 socket Asus M4A87TD EVO motherboard work flawlessly in Debian? Next: Maple 14 and Squeeze (amd64): SOLVED |