Help with GNU PGP - no password prompt when sending e-mails

Faramir faramir.cl at gmail.com
Sat Nov 20 17:32:18 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 20-11-2010 12:41, Gold IsMoney escribió:
> Thank you for the quick reply.  You're right - I didn't realize the
> thing about signing since I usually don't use it.  It makes perfect
> sense though - so I know now that if I receive an encrypted e-mail from
> a sender but it's only encrypted, not signed - all I know is that the
> sender has access to the private key.. not necessarily the password. It
> 'should' be the sender, but not necessarily.

  No, no, he didn't have access to any private key, he just had access
to YOUR public key.

  To encrypt a message, I need access to the public key of the
recipient, and since it is public, anyone can have access to it without
any security risk.

  To sign a message, I need access to my own private key.

  To check a signature issued by someone else, I need access to the
public key of the sender.

  To decrypt a message, I need access to my private key.

  To "prove" a message comes from somebody, the message should have a
signature, otherwise it can come from anybody with access to the
sender's e-mail account.

  To prevent people from signing things with your key (or reading your
encrypted messages), you need to use a good password (more likely, a
passphrase), and don't leave your computer alone while the password is
cached in memory (you can set a short amount of time for it to be
remembered, or you can clean the cached password before leaving).

  To prevent people from sending messages using your e-mail address, you
can either:

1.- Protect your windows account with a password, and never leave the
computer with your session open.

2.- Don't let Thunderbird store your e-mail account password (so you
would have to enter it manually each and every time you want to use the
e-mail account... very inconvenient).

3.- Protect Thunderbird's password database with a Master Password, and
close Thunderbird each time you leave the computer alone.

  Keep in mind that, according to OpenPGP point of view (if I understood
it right), your identity is checked by your signature, not by the e-mail
account used to send the message.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJM5/gSAAoJEMV4f6PvczxAqI4H+wZxm/4U4VDYEPRXDAKavhj/
VztDPQA74hJkzCiB8z6FL9zSDd4iluxM7Mu43WQcm88H81iGS7ZpK3636wBlFreS
Xu2PBF2bGuEmLPpg9ataoDytQMBYMb15z6VPBmKKogPCKvH2TcuP/U7dUGs9iv3N
Z+aR4vl/tEFSP2N6ehYWbs55nFu4tAKQJbzv65Qyo008/nCs0xWpDZmAwfxJNjkr
RpMV8OHmKEPTts78qXb4wtKaYt3acfN/pHop9LO57RyApi3bP47Xdjy+E6mxQtnp
s4CJI3xgFAHvFEMNrv351GkYKktAYqVUjYIRbqyYm69oR4ti+7Idv7v23OB4ox0=
=s7A9
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list