Forum for the FireGPG's extention. (!Don't post too links or wait we unban your, akismet is very aggressive)
You are not logged in. Please login or register.
If i make a signature und than encript everything, the decription of the mail will pop up in a new window where i can not verify the signature.
If i make a signature of the encriptet content the signature becomes verified, but i get an error by clicking on Gmail-integrated decryption link.
btw: thx 4 this extension, I did not use PGP/GPG before
P.S.: a signature inside of another signature makes an error, too.
I have been having this same problem.
I encrypt a portion of text with a friend's public key. Then I sign the entire email (which is just the encrypted output). However, when he gets the email, the signature worked, but the decrypt is not valid. I think I have found what the problem might be. After doing the signing the encrypted portion has 2 extra '-'s.
Example:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: http://firegpg.tuxfamily.org
[encrypted text]
- -----END PGP MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: http://firegpg.tuxfamily.org
[signature]
-----END PGP SIGNATURE-----
Notice the extra '-' at the BEING PGP MESSAGE and END PGP MESSAGE lines. I think that is what is causing the decryption issue. If I copy that block, save it to a text file, take out the extra '-' and then decrypt via the command line, all is good. The workaround isn't terribly difficult, just time consuming.
You have to sign before crypt !
You have to sign before crypt !
If I sign my message before I crypt, then when the message arrives in the other person's inbox it does not have a proper signature. They could decrypt the message and check the signature, but since the message currently pops up in another window there is no way for FireGPG to notify the reader whether or not the signature is correct.
Here's more information on the problem:
This add-on for FIrefox works great, but there is a small problem with it as it currently works. When you send an email to someone, you have to sign it and encrypt it. Now you are supposed to sign the message first, and then encrypt the entire message (signature and all)with the receiver's public key. This means that the receiver won't know who the message is from until he decrypts the message (and is able to view the signature). If this is incorrect let me know.
With FireGPG, once you decrypt a message you receive it pops up in another window. This new window doesn't allow you to have the functionality of the FireGPG add-on, so it can't verify whether or not the signature is correct. Most of the time when you receive a signed email (not encrypted), the add-on shows green text at the bottom of the message saying something along the lines of "Verified signature in message" (yellow if there is no sig, red if the sig has an error). None of this works in the new pop-up that the add-on uses to display a decrypted email.
So if you want to both encrypt and sign an email, you'll have to first write a message, sign the message by highlighting just some dummy text at the bottom, then encrypt the actual body of the message by highlighting that and choosing "Crypt and Send".
Last edited by joshuapurcell (2007-05-24 01:46:57)
We will do this, but we havn't a lot of time !
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 2 official extensions. Copyright © 2003–2009 PunBB.