Outlook automatic PGP sign/encrypt ONLY IF I have all users' keys

Outlook automatic PGP sign/encrypt ONLY IF I have all users' keys

Post by Jason Ti » Fri, 13 Jun 2003 12:12:33



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is there a way to have Outlook automatically encrypt a
message only if ALL recipients have PGP key on my keyring?

- --
- -----BEGIN GEEK CODE BLOCK-----
Version: 3.12

GCS d- s: a--- C++ !U P L E? o? W++
N++ K? w++ !O M- V? PS !PE Y+ PGP++
t++ 5- X- tv+ b DI D? G e-> !h r- y-

- ------END GEEK CODE BLOCK------

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPufvmMfsqVOt5QlRAQLxmQ/+Kl3TvTltHyoa2dK/Viour/zf0C5Jji3E
F4iiG3wW0szRvvuLbjOvKkqdTRJJOwu72YEa1UL1L34aq+nl8DyBxiINx1QTUJP1
mqTdwFXolufxjerBxpLbrgneQnjk6TgjIOUMzUwG2pTc8yldEnJYFhk7TLbkqSqF
TAdY5CS+LIfkmUJp7olFA7IU4KrDa/Yn4DBLUOSH5xO0eCfSun4MPo0OPbxLZsie
KSwqHRb2hlyxHN89qd3yEAXTPg7QSt8B0g62Llx0103bCfrXzbPLrYCLyGrBG4fA
XwTrcXJK/ZjahMYs2QlgKIwo2oCk09Rje6gas8pIv25nMJBeRtTvqxTodYJETxa/
StMo2Z1DJQgDrDx6eBpvAGn1hSrritusBmlD9uz+oNnTRWxfMbM7SvBM8nadv8P5
xf3Dk+V+DulbTysVLWsLXumc7aMCxc3lQthLoyZW8pWlH1tqYrHJjxXj9fGNAwIM
lFWNcIhrlZyRgkUxSkOFWfSX91KD4NJwShxx4QoPmcU6Hlh/+yqfGlg86efpBe93
ivQstJKrzjrpXHa6AMepIU1VwzlNJs8gzxOEb6QDGFP0k3Yc4IHFKoJ1haJqRJy3
AA1CAYhNIAAWC0d0YifFKkHN5vpLYlBLTiGQr+e8/Xn4PD4sXtTZA88kcNPAg8J3
jFzXL4Z3dV0=
=/xvH
-----END PGP SIGNATURE-----

 
 
 

Outlook automatic PGP sign/encrypt ONLY IF I have all users' keys

Post by Erik Hallber » Fri, 13 Jun 2003 18:44:51



Quote:> Is there a way to have Outlook automatically encrypt a
> message only if ALL recipients have PGP key on my keyring?

Yes, Discretion was created for exactly this purpose:
http://www.hallbergulrich.com/discretion/

Kind regards,
Erik Hallberg

 
 
 

Outlook automatic PGP sign/encrypt ONLY IF I have all users' keys

Post by Jason Ti » Sat, 14 Jun 2003 00:44:39


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thankyou! - I heard about it but then forgot its name and
where I saw it!

- --
- -----BEGIN GEEK CODE BLOCK-----
Version: 3.12

GCS d- s: a--- C++ !U P L E? o? W++
N++ K? w++ !O M- V? PS !PE Y+ PGP++
t++ 5- X- tv+ b DI D? G e-> !h r- y-

- ------END GEEK CODE BLOCK------






| > Is there a way to have Outlook automatically encrypt a
| > message only if ALL recipients have PGP key on my
| > keyring?
|
| Yes, Discretion was created for exactly this purpose:
| http://www.hallbergulrich.com/discretion/
|
| Kind regards,
| Erik Hallberg
|

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPuifzcfsqVOt5QlRAQKXbg/9GrzTuFEudDDTjOqS503BlrN4ogXHnFEP
9tJ9DY5/CSpB/Y+ELfUTj0kr6UlqAhWCzZvWinCGUMnGhmburQGI+eMCneU82laU
rOMZr3MOrrTqtPG9ZoHPEOnV5tIlg/qL0V0K8POTm/dguke2hpCVadlMaW9Yctbz
Z/Qm5mrosWQH9/4b2TQSAJawObYhIixRzVaGEzCZ1WLZLUWbPjPOpKy4r12ZhMYC
L5knebkE90M/yUdwJyvb+2c/+p5PN9N3pZGGZtjC5TYr/dg481kaj4tWlB3qFAzZ
lmehYkWUQmPk5y0ngARMb6RoTKWv4or6XM25AoTyxrq43tCJRyBCKmuZVqonPqX8
ivxJ5dhsdpy6xxAbNE0Ws4A+/6anMQ08zq02GYKPNjbeCzRKT0fR/sDVc4rgR8z6
ctVuAx/v2WVQ+OiQ3lR+8BXnrKCrun21yeQ5+TnBvrPhc7zzhBW2oERDPalo1Lv6
tAijBizsw4IEnVfRP8nf4zbMcl1kyeLdC9SGoOM+y+WpGXke56e8OFJZAoL4l4sS
vreVRqwTIrCmmeUBc+Q6/Oon3GKlEy1ktU4oLQd2tOs/9irs3dsMKZ/O+5leaXX1
YY+VpUAA5tDfinuo4Z2apU4nhxsUe1YtohPJOHiH5I+LGT9UiLW+0FNGfU/mJIBt
Xlg4VMwJxZk=
=geYk
-----END PGP SIGNATURE-----

 
 
 

1. PGP trust model: why sign user ID's and not keys?

I'm a bit puzzled about one aspect of the PGP trust model. When you sign a
key, you actually sign the default user ID, but when PGP decrypts/verifies,
the distinction between user ID's is lost and signatures are treated as if
the key as a whole has been signed.

I tried the following:

Apart from me two other people are involved:
1. A trusted friend.
  I have his public key, I signed it and granted him complete trust.
2. Someone I never met.
  I have his public key, and it has been signed by my trusted friend, so PGP
  considers it valid.

The second person decides to change his internet provider and gets a new
e-mail address. So he adds a new user ID to his key and removes the old one.
He sends me his altered public key and I update my keyring. This now shows
both the old and the new user ID, and the old one remains the default. The
old ID is signed by my trusted friend and marked valid, the new one isn't
and is marked invalid. The key as a whole is marked valid.

When I verify a signature the second person made with his new user ID, PGP
reports the key as valid (it shows the OLD user ID which is still the
default on my key ring).

When I set the second person's new user ID as default for on my key ring,
the key is marked invalid (the old user ID is still marked valid). When I
check the signature from the second person again it's still marked valid.

When I remove the old user ID from my ring (the e-mail address won't be used
anymore) I also remove my trusted friend's signature. Now when I check the
same signature again it's marked invalid.

This shows that the receiver of a signed message can't see which of the
signing key's user ID's has been used. It doesn't make any difference
either, as far as I can see. A key belongs to a person, and this person
signed the message. If he/she has multiple e-mail adresses or chooses to
have a number of pseudonyms on the net, it doesn't make any difference. He
or she signed the message. But why then, if you sign somebody's key, is this
signature attached to one of those user ID's, and not to the key as a whole?
is this a design flaw or does it have a deeper meaning? It doesn't make any
sense to me. If there is a reason to sign user ID's instead of keys, then
why doesn't PGP report a signature as invalid when the signing user ID is
invalid?

Please enlighten me.


Please remove the "nospam!" from my email-address when responding directly.
Sorry for the inconvenience.

2. file association in vb.net question

3. paper on defective 'sign and encrypt' in pgp

4. How many T1s in one bundle?

5. : REMINDER: LISA '97 PGP key signing BoF--send keys by Thurs, Oct 23

6. hwlp with dual Procs

7. REMINDER: LISA '97 PGP key signing BoF -- send your keys in

8. Epoch HSM filesystem hang w/Solaris?

9. Outlook 2002 won't decrypt PGP-encrypted message

10. cant encrypt to someone's just-added PGP key

11. Can RSA key users verify and/or decrypt a message encrypted/singed with a DH key

12. Can't Sign Security Employee Cert Key in PGP 7.0.3/Mac

13. Automatic Signing or Encrypting