2

I'm running

$ cat /etc/debian_version
jessie/sid
$ uname -rv
3.11-2-amd64 #1 SMP Debian 3.11.8-1 (2013-11-13)
$ gcc --version | head -n 1
gcc (Debian 4.8.2-1) 4.8.2
$ emacs --version | head -n 1
GNU Emacs 24.3.1
$ gpg --version | head -n 1
gpg (GnuPG) 1.4.15

The current (minimal) extent of my crypto use is:

  1. My local workstation's hard drives, and its backups, are encrypted.
  2. I regularly use SSH with key authentication and keychain.
  3. I send unencrypted email from Emacs using smtpmail, but I connect to my email service with TLS.

Unfortunately, someone I know recently had their email spoofed with non-trivial consequences, so I'm thinking I should start securely signing my outgoing email with a public key. So I've got some clueless/lazy/newbie questions:

  1. What's the easiest way to sign my outgoing email? Particularly, can I do this (easily) with smtpmail or must I convert to one of the many more-capable Emacs email clients? Which I've been putting off for, oh, about 20 years now :-)
  2. What must I {do, get, have} in order to generate keys with which to sign outgoing email?

Note again that I'm not yet ready to encrypt my outgoing mail (though I should probably be preparing to do that): for now I just want to securely sign it to {deter, reduce harm from} spoofing.

Pointers to docs are appreciated: I RTFM when I know what to read, but have been unable to find suitable-fine-looking doc with either DDG nor their main competitor.

TomRoche
  • 592
  • 3
  • 20
  • I send and receive encrypted mail (only to/from some of my friends) using Gnus. I would imagine that one can achieve this in a way that doesn't require using it, but for me it saved time investigating this question. Re' key generation: you could follow step-by-step instructions here, it's independent of a client you use: http://www.seanodonnell.com/code/?id=8 – wvxvw Feb 13 '15 at 09:56

2 Answers2

1

You do not need to use a full Emacs email client like Gnus or mu4e (although I recommend it); message-mode should be sufficient to compose and send email, and to encrypt or sign outgoing messages. I have not used smtpmail before. My setup relies on an external smtp client (msmtp), but this should not be necessary.

To compose emails, use message-mail. To sign the message, run mml-secure-sign. To send it with whatever mail function has been configured hit C-c C-c.

What must I {do, get, have} in order to generate keys with which to sign outgoing email?

You need to have a GPG keypair and run mml-secure-sign before sending your mail from within a message-mode buffer.

0

With this sort of functionality, you really need to use one of the emacs MTAs. You could do it using smtpmail, but you will have to write quite a bit of elisp glue code to get it working.

The other alternative is to setup your emacs to use whatever your preferred email client is rather than smtpmail. Some mail clients have emacs key bindings, so this can be less painful.

Many of the emacs mail clients support using PGP to both sign and encrypt mail as well as verifying mail received from others. I know that gnus, vm and mew do and I think wonderlust possibly does.

Tim X
  • 557
  • 2
  • 11
  • This is really more of a comment than an answer. It gives general guidance, but is short on details (e.g. how-to). – Drew Feb 14 '15 at 14:44