<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"/> <title>Encryption And Signatures</title> <link rel="stylesheet" href="manpage.css" type="text/css"/> <link rel="start" href="index.html" title="Cone: COnsole Newsreader And Emailer"/> <link rel="up" href="cone00index.html" title="Cone mail client"/> <link rel="prev" href="cone07remoteconfig.html" title="Remote Configuration"/> <link rel="next" href="cone09masterpassword.html" title="Master Passwords"/> <link xmlns="" rel="icon" href="icon.gif" type="image/gif"/> <meta xmlns="" name="MSSmartTagsPreventParsing" content="TRUE"/> <!-- Copyright 2002 - 2007 Double Precision, Inc. See COPYING for distribution information. --> </head> <body> <div class="navheader"> <table width="100%" summary="Navigation header"> <tr> <th colspan="3" align="center" rowspan="1">Encryption And Signatures</th> </tr> <tr> <td width="20%" align="left" rowspan="1" colspan="1"> <a accesskey="p" href="cone07remoteconfig.html" shape="rect">Prev</a> </td> <th width="60%" align="center" rowspan="1" colspan="1"> <span class="application">Cone</span> mail client</th> <td width="20%" align="right" rowspan="1" colspan="1">  <a accesskey="n" href="cone09masterpassword.html" shape="rect">Next</a></td> </tr> </table> <hr/> </div> <div class="chapter" lang="en" xml:lang="en"> <div class="titlepage"> <div> <div> <h2 class="title"><a id="cone08gpg" shape="rect" name="cone08gpg"> </a>Encryption And Signatures</h2> </div> </div> </div> <p><span class="application">Cone</span> includes supports for encryption and digital signatures. <span class="application">GnuPG</span> (http://www.gnupg.org) must be installed in order to use encryption and digital signatures.</p> <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> <h3 class="title">Note</h3> <p><span class="application">Cone</span> uses a newer MIME-based format for encrypted and signed messages. <span class="application">Cone</span> does not recognize or use the older “<span class="quote">inline-formatted</span>” messages (this is where the text messages contain keywords like “<span class="quote">BEGIN PGP SIGNED MESSAGE</span>”).</p> </div> <div class="section" lang="en" xml:lang="en"> <div class="titlepage"> <div> <div> <h4 class="title"><a id="id528975" shape="rect" name="id528975"> </a>MIME encryption and digital signatures</h4> </div> </div> </div> <p>At this time <span class="application">Cone</span> provides basic encryption, decryption, signature creation, and signature verification functionality. Key management (like creating and signing keys) must still be done with <span class="application">GnuPG</span>.</p> <div class="section" lang="en" xml:lang="en"> <div class="titlepage"> <div> <div> <h5 class="title"><a id="id528995" shape="rect" name="id528995"> </a>Signing and encrypting messages</h5> </div> </div> </div> <p>When <span class="application">GnuPG</span> is installed, two additional options become available after pressing <span class="keycap"><strong>CTRL</strong></span>-<span class="keycap"><strong>X</strong></span> to send a message:</p> <div class="variablelist"> <dl> <dt><span class="term">Sign</span></dt> <dd> <p>Pressing <span class="keycap"><strong>S</strong></span> displays a list of all available secret keys. Highlight the key and press <span class="keycap"><strong>Enter</strong></span> to select a key for signing the message. The list of keys is shown at the bottom of the screen. The top of the screen shows additional information about the currently highlighted key.</p> </dd> <dt><span class="term">Encrypt</span></dt> <dd> <p>Pressing <span class="keycap"><strong>E</strong></span> displays a list of all known public keys. More than one public key may be selected. All public keys whose addresses match any recipient address, or the sender's address, are selected by default. The message is encrypted by all chosen public keys. Highlight each key and press <span class="keycap"><strong>SPACE</strong></span> to select a public key encryption. Press <span class="keycap"><strong>Enter</strong></span> after selecting all public keys. A checkmark (or an asterisk, depending on the console display) is placed next to each selected key. Press <span class="keycap"><strong>SPACE</strong></span> again in order to un-select a selected key.</p> </dd> </dl> </div> <p>The original prompt is updated accordingly, after selecting either of these two options (the original “<span class="quote">Send message?</span>” prompt changes to a “<span class="quote">Sign, then send message?</span>”, or some other appropriate variant). The key used for signing a message is memorized like any other custom message header, and is automatically selected by default when sending the next message. Choose “<span class="quote"><span class="keycap"><strong>S</strong></span>ign</span>” again to un-select the key. A separate default signing key exists for every account <span class="application">Cone</span> is logged on to, and a default signing key is memorized for every open folder. It is possible to memorize a different key for signing replies to messages in different folders. However that may prove to be a bit cumbersome. Each time a message in a different folder is replied to, <span class="application">Cone</span> will prompt whether to set that folder's key (or any other custom header) as the default for the entire mail account. This feature is probably convenient when most replies are to messages from the same folder, and messages from other folders are accessed infrequently.</p> <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> <h3 class="title">Note</h3> <p>The “<span class="quote">Sign</span>” and/or the “<span class="quote">Encrypt</span>” option must be used before selecting “<span class="quote">Delivery notifications</span>”. After selecting “<span class="quote">Delivery notifications</span>”, the only remaining options shown are the various delivery notifications options, and <span class="keycap"><strong>Y</strong></span>, which sends the message.</p> </div> <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> <h3 class="title">Note</h3> <p>Copies of encrypted sent messages are saved in their encrypted form. Unless the sender's public key is also selected for encryption, the sender will not be able to read a copy of the sender's own message!</p> </div> </div> <div class="section" lang="en" xml:lang="en"> <div class="titlepage"> <div> <div> <h5 class="title"><a id="id529155" shape="rect" name="id529155"> </a>Passphrases</h5> </div> </div> </div> <p><span class="application">Cone</span> supports passphrase-protected keys. <span class="application">Cone</span> prompts for a passphrase before it signs a message. Press <span class="keycap"><strong>Enter</strong></span> without entering anything if the key does not have a passphrase.</p> <p><span class="application">Cone</span> remembers the passphrase, and will not ask for it again. When a master single-signon password is installed (see “<span class="quote">Master Passwords</span>”), passphrase passwords are also saved together with all other account passwords. <span class="application">Cone</span> does not automatically know when, and if, the key's passphrase is changed. When message signing fails, <span class="application">Cone</span> automatically removes the saved passphrase. Simply try again to sign the same message, and <span class="application">Cone</span> will prompt for the new passphrase.</p> </div> <div class="section" lang="en" xml:lang="en"> <div class="titlepage"> <div> <div> <h5 class="title"><a id="id529212" shape="rect" name="id529212"> </a>Decrypting messages, and verifying signatures</h5> </div> </div> </div> <p>Pressing <span class="keycap"><strong>Y</strong></span> (as in “<span class="quote">decr<span class="keycap"><strong>Y</strong></span>t</span>”) attempts to decrypt or verify the signature of a currently opened message. The message must be opened before it can be decrypted. A signed message must also be opened, before its signature can be verified.</p> <p>An encrypted message will initially be empty, naturally, except for a single attachment that contains the encrypted content. The contents of a signed message are displayed normally. The presence of an additional attachment, that contains the message's signature, indicates that the message is signed. After a message is succesfully decrypted, or its signature is verified, the message's contents are shown together with the diagnostic messages from <span class="application">GnuPG</span> which contain additional information on the message's encryption status.</p> <p>Forwarding or replying to a message always ends up forwarding or replying whatever's currently shown on the screen. If the message is decrypted, the decrypted contents are forwarded. If the message is not decrypted, its original encrypted version is forwarded.</p> </div> <div class="section" lang="en" xml:lang="en"> <div class="titlepage"> <div> <div> <h5 class="title"><a id="id529256" shape="rect" name="id529256"> </a>Decrypting messages with a passphrase-protected key</h5> </div> </div> </div> <p>Before decrypting a message, <span class="application">Cone</span> prompts for a passphrase. The passphrase is memorized just like passphrases are memorized after a message is signed, and <span class="application">Cone</span> will not ask for a passphrase again. Just like when signing, when a master single-signon password is installed, the passphrase is saved together with all other account passwords.</p> <p>At this time, <span class="application">Cone</span> is not smart enough to known which private key was used for encrypting a message. Therefore if multiple private keys are present, they all should have the same passphrase. Otherwise, each time an attempt is made to decrypt a message that's encrypted by different key, the attempt will fail because the wrong passphrase was memorized. Each time an attempt to decrypt a message fails, <span class="application">Cone</span> automatically forgets the saved passphrase, so that the attempt to decrypt the message can be tried again, this time entering the correct passphrase (which will now be memorized and used as a default decrypting passphrase from now on).</p> </div> </div> </div> <div class="navfooter"> <hr/> <table width="100%" summary="Navigation footer"> <tr> <td width="40%" align="left" rowspan="1" colspan="1"> <a accesskey="p" href="cone07remoteconfig.html" shape="rect">Prev</a> </td> <td width="20%" align="center" rowspan="1" colspan="1"> <a accesskey="u" href="cone00index.html" shape="rect">Up</a></td> <td width="40%" align="right" rowspan="1" colspan="1">  <a accesskey="n" href="cone09masterpassword.html" shape="rect">Next</a></td> </tr> <tr> <td width="40%" align="left" valign="top" rowspan="1" colspan="1">Remote Configuration </td> <td width="20%" align="center" rowspan="1" colspan="1"> <a accesskey="h" href="index.html" shape="rect">Home</a> | <a accesskey="t" href="bk01-toc.html" shape="rect">ToC</a></td> <td width="40%" align="right" valign="top" rowspan="1" colspan="1"> Master Passwords</td> </tr> </table> </div> </body> </html>