I recently sent an email to somebody and got back an encrypted reply. That’s amazing! This is great! 😍
But wait a minute… How do I write them back? Like many people (like me!) they didn’t include their public key in their reply. Evolution told me that the mail was signed and encrypted, so I wondered. How was Evolution able to verify the signature without having their public key? But then I spotted that little help text: “This message is signed, but the public key is not in your keyring.” (I am using a dark theme and that particular help text uses black on nearly black…)
OK. I saved the email in mbox format and opened it in my favourite text editor. And there, on line 16:
Received: from mail-40131.protonmail.ch …
Right, so they have a ProtonMail account. But surely ProtonMail makes the public keys of their users … public? I found an answer on Reddit: use `hkps://api.protonmail.ch`.
Answer on Reddit by u/Rafficer
Introducing Address Verification and Full PGP Support, by ProtonMail
How does that work?
gpg --keyserver hkps://api.protonmail.ch --search-key foo@bar
Remember that the reply I had received didn’t use the protonmail.ch domain for their email address. This is therefore still an absolute usability nightmare. But at least now I know. 😁
#Cryptography #Mail
(Please contact me if you want to remove your comment.)
⁂
Nice! Do you use proton mail yourself?
– Josh Rollins 2020-08-09 19:41 UTC
---
I switched my mail to Migadu because I wanted to use regular email clients.
– Alex Schroeder 2020-08-10 04:26 UTC
---
@sheogorath said that WKD should take care of key discovery:
gpg --locate-keys foo@bar
I’ll have to try it. If it works I’ll hate the fact that there are now two commands: search keys, which I have used for years, and locate keys.
– Alex Schroeder 2020-08-10 04:28 UTC