2015-07-16 Secure Mail, Secure Chat

Harald recently posted these three links on Google+:

on Google+

Operational PGP

Mutt, Gmail, and GPG

Chatting in Secret While We're All Being Watched

on Google+

HowTo: Privacy & Security Conscious Browsing

​#Security

Comments

(Please contact me if you want to remove your comment.)

If someone has a decent writeup for, say, Emacs GNUS, I’ll be happy to add a link to that.

– Harald 2015-07-16 19:00 UTC

---

Well, I do have a setup at the moment, but it doesn’t do any of the hardening. I’m not sure about preventing swap, I’m not sure about making sure that GPG invokations never user temporary files... So If anybody else knows, I’d be interested. 😄

– Alex Schroeder 2015-07-16 19:16 UTC

---

When I tried it just now, it saved a draft on Gmail as cleartext. Clearly, some more settings are required! 🙁 Unfortunately, it seems that mutt will not do that. There is a patch, Add option to encrypt postponed messages. It adds the necessary options. But my Mutt 1.5.23 (2014-03-12) doesn’t recognize them.

Add option to encrypt postponed messages

– Alex Schroeder 2015-07-22 08:52 UTC

---

There’s a bug in the OSX Yosemite context. When attempting to send an email, you’ll get the error “no authenticators available”. Ticket ​#33419 in Homebrew talks about it. The solution:

Ticket ​#33419

set smtp_authenticators = 'login'

Now you’ll need to provide a password for SMTP. In your `~/.mutt/muttpasswd.gpg`:

1. -*- epa-file-encrypt-to: ("...") -*-
1. use app password: https://security.google.com/settings/security/apppasswords
set imap_pass = '...' # your Gmail One Time Password
set smtp_pass = $imap_pass

Remember to use a Google App Password.

Google App Password

The `epa-file-encrypt-to` line at the beginning is for Emacs’ EasyPG Assistant, the user interface to GNU Privacy Guard.

EasyPG Assistant

GNU Privacy Guard

– Alex Schroeder 2015-07-22 10:06 UTC

---

Once I have written a new email, I need to remember to use `pe` – open the PGP menu and choose encrypt. If I don’t, I’ll send plaintext. There is very little warning and nothing to prevent me from doing so. This is terrible. Once I do and answer `y`, mutt asks me for the Key ID of the recipient. Whatever I provide gets ignored. When I just hit enter, mutt starts looking for all the keys matching the empty string and crashes with a sig11. This is also terrible.

– Alex Schroeder 2015-07-23 06:21 UTC

---

I figured that perhaps I’m just not interested enough in learning Vim and mutt... So I decided to write a tutorial on how to setup Gmail, Gnus and GPG. I used a Guest account on my Mac.

a tutorial on how to setup Gmail, Gnus and GPG

– Alex Schroeder 2015-07-24 13:28 UTC