[personal profile] idupree
(The canonical location of this blog post is now Enigmail & format=flowed on my web site.)

I decided it was time to restore my ability to sign/encrypt e-mail.

  • OpenPGP is a common cryptographic standard used for e-mail.

  • GPG is the FOSS implementation of this standard.

  • Thunderbird is the desktop email client I use.

  • Enigmail is the Thunderbird plugin for using GPG in Thunderbird.

  • format=flowed is a common version of plain-text email that indicates wrapped lines by a space before each soft line-break, and allows format=flowed message recipients to re-flow the text to the width of their viewing window.

  • Inline PGP signatures (or "clear-signing") are a way of cryptographically signing your messages by putting the signature in the body of the email. The same message ought not be clear-signed and format=flowed: the two are incompatible in a way that can cause the signature to be invalid.

  • PGP/MIME is an alternate way of signing e-mail. It is superior to inline signatures in every way except that Microsoft's Outlook Express cannot read messages that have been signed by PGP/MIME.
Enigmail defaults to inline PGP signatures (to mollify Outlook Express). In order to prevent sending inline signatures with format=flowed, Enigmail does overkill. It changes the Thunderbird default preference mailnews.send_plaintext_flowed from true to false. This makes all messages you send with Thunderbird fail to line-wrap for my recipients. I find it rude to knowingly send harder-to-use messages to my recipients (some of whom are mailing lists read by hundreds or thousands of people). So I set that preference back to true (Preferences => Advanced => General => Config Editor), and made sure to use PGP/MIME (Account Settings => OpenPGP Security => Use PGP/MIME by default). I can afford to use PGP/MIME since none of the people I'm sending signed messages to use Outlook Express. It's not perfect, but it's strictly better than no ability to sign/encrypt email at all, and it suffices for my present needs. (This possibility also allows my Thunderbird-using relatives who have the same politeness concern, but are not cypherpunks, to use Enigmail.)

Update (Sept 2013): Upgrading Thunderbird (or maybe Enigmail) silently set mailnews.send_plaintext_flowed back to false. I had to manually set it back to true again. Unhappiness.

Hint: When using Enigmail, remember to ignore the "Security" tab in account settings in favor of the "OpenPGP Security" tab.

Note: A non-web-based client (such as Thunderbird) is essential to get the full security benefits of PGP email.

Please correct me if I missed something. Wrong information about cryptography is terrible.

My key ID: 0x17062391

Fingerprint: AC5B DA24 40BD BF34 C4C7 DCF3 9ADC 2732 1706 2391

Corresponding e-mail address: I'm not listing it here, but you can search my for name or domain on a keyserver such as http://pgp.mit.edu/.[*]

[*] I'm curious to see how long it will take spammers to harvest this e-mail address from the keyservers, so I made an address specially for usage with OpenPGP. It is somewhat irritating that the OpenPGP milieu trades away anonymity and privacy just to get authenticity and secrecy. OTR for example makes trade-offs that are more suitable for communicating with friends, but it's specific to IM and is slightly hacky and fragile. PGP can be used without keyservers, but that can be a nuisance and still involves certain tradeoffs.



January 2014


Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 24th, 2017 04:16 am
Powered by Dreamwidth Studios