Alex's Adventures on the Infobahn » gpg http://www.bennee.com/~alex/blog the wanderings of a supposed digital native Mon, 06 Sep 2010 12:40:04 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Adding Google Juice to mutt http://www.bennee.com/~alex/blog/2010/03/17/adding-google-juice-to-mutt/ http://www.bennee.com/~alex/blog/2010/03/17/adding-google-juice-to-mutt/#comments Wed, 17 Mar 2010 07:35:42 +0000 Alex http://www.bennee.com/~alex/blog/?p=1789 As I’ve been mailing out invites I discovered a minor problem with my data.

My main email client is the fantastically functional mutt. It’s terminal based but incredibly flexible. When it comes to mass sorting/searching your email it leaves GUI based clients standing. However now I’m a roving around with a Google Phone the majority of my contact data is in the cloud. While I have a small address file used by mutt it only has a few oft-mailed addresses in it.

Luckily thanks to Google’s data APIs your information is only a few RESTful requests away. The goobook program provides a handy mutt compatible address book interface to this cloud data.

There is one wrinkle however. The configuration of the script involves putting some rather valuable login details in a plain text file on your home partition. While I like to think my machines are pretty secure and maintained you can always do more. Good security is defence in depth. A quick patch later and I can store those details in an GPG encrypted file that can be decrypted on the fly when required.

The final piece of the puzzle is creating these encrypted config files in the first place. Although you can do this by hand from the command line I find the best method is using EasyPG (now part of Emacs 23). This will automatically cause any files with a .gpg extension to be encrypted. You can control the Emacs mode selection and default encryption key to use by using file variables in the header comments of the file.

It’s not all perfect though, when enabling EasyPG I had to do the following:

(if (maybe-load-library "epa-file")
    (progn
      (setenv "GPG_AGENT_INFO" nil) ; gpg-agent confuses epa when getting passphrase
      (epa-file-enable)))

The problem seems to be that when GPG agent runs in terminal mode it confuses Emacs/EasyPG. By suppressing the GPG_AGENT_INFO environment variable EasyPG will fall back to requesting your passphrase in the mode line. While it takes care to flush the value as soon as possible it does open a small window of attack if an attacker can cause emacs to crash and dump core.

]]> http://www.bennee.com/~alex/blog/2010/03/17/adding-google-juice-to-mutt/feed/ 0 New Keys Please http://www.bennee.com/~alex/blog/2010/03/08/new-keys-please/ http://www.bennee.com/~alex/blog/2010/03/08/new-keys-please/#comments Mon, 08 Mar 2010 11:25:22 +0000 Alex http://www.bennee.com/~alex/blog/?p=1780 I’ve finally gotten around to updating my personal GPG key. At the same time I’ve plumbed in the various bits I need into my mail client so it’s a little easier to sign, encrypt, and verify GPG enabled email. Of course the super paranoid will want to check the public key linked to is in fact mine and not some evil twin clone of me. Contact me by some other means (any of my XMPP accounts* will do although to be safe I recommend using a Off the Record plugin).

If you show me your cryptographic fingerprint I’ll show you mine ;-)

* That would be LJ chat, Google Talk or the new Facebook chat

]]> http://www.bennee.com/~alex/blog/2010/03/08/new-keys-please/feed/ 0