[Nottingham] nonplussed (digital signing)

Martin martin at ml1.co.uk
Wed Mar 21 15:18:48 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/03/12 11:16, david at gbenet.com wrote:
> On 21/03/12 10:39, Jason Irwin wrote:
>> On 21/03/12 10:28, david at gbenet.com wrote:
>>> Question: How do I sign an open document in OpenOffice?
> 
>> Looking at the LibreOffice docs, it seems to be a bit of a faff.
>>  http://help.libreoffice.org/Common/Applying_Digital_Signatures

Well... That is for using "Certificates" from a Certificate Authority
to do your signing. For myself, I am highly dubious of the 'trust'
that can be placed in the 'for-profit' 'Certificate Authorities' and
especially so for the recent behaviour of some of them...

The GnuPG system and the associated "web-of-trust" looks to be a far
more robust system. Perhaps we should have a key-signing session?


>> But then I am the bloke who can't get signing in Thunderbird to 
>> work in any sensible manner (hence why none of my emails are 
>> signed!)

Mmmm... I thought I'd just blundered through that one on an earlier
thread!


> Ha! Jason!
> 
> Well it seems that it OpenOffice does not offer any support for 
> gnupg - so I will give that up.

It is a bit dated now. Is there any option for using a GPG key for
signing in that or LibreOffice or others?...


> As you have Linux and Thunderbird installed I will give you a
> guide what to do.
> 
> (1) open a terminal on your desktop and type the following gpg 
> --version - this will create all  the defaults within the hidden 
> ./gnupg folder.

Good 'trick' but I would hope that such a trick wasn't needed...


> (2) Install GPA Gnome's Privacy Assistant Kgpg does not seem to 
> work on 64 bit Mint Linux
> 
> (3) Run GPA and create a private and public key set. In the 
> passphrase some say an all numericaal key is easy to but whereas 
> "Mary had a little doggy" is way too  hard to crack.Create 2048
> bit set of keys.

The important thing is that you should use a "pass phrase" rather than
be in the mentality of a small short "password". It might be a faff to
type in the longer phrase, but then again, this is something that is
to be your *signature* ... In any case, this is where you can use
gpg-agent to keep your passphrase 'live' for a few minutes at a time
so that you are not wearing out your fingers too often.

As for what pass phrase... Keep off the obvious ones and especially so
for any favourites in such as HHGTTG ( ;-) ) or famous quotes. "Stupid
associations" unique to your internal mentality are a good thing to
try. Or whatever else that is long enough and reliable enough for you
to use. Whatever you use, it should be easily remembered just by you...


> (4) You canset the trust of this key to ultimate and then create a 
> revocation certificate and then publish your key to a key server - 
> all within GPA.
> 
> (5) Next you want to install Enigmail - this addon should be
> listed in your local repositories. Add it install it.
> 
> (6) Start Thunderbird and set to sign outgoing emails and to write 
> all emails as plain text.

Thanks for that.


Would you like to add that as a "HowTo" to our website?

Cheers,
Martin


ps: My digital sig added as an example :-)

- -- 
- ----------------
Martin Lomas
martin at ml1.co.uk
- ----------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9p8UgACgkQ+sI3Ds7h07fXtACeP/wBToRvTqHD/DWHH2ZmOjyl
gyYAn2y6GkMlbfaxjwDTWomNKYVqtm7Z
=T81m
-----END PGP SIGNATURE-----



More information about the Nottingham mailing list