<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"/>
<title>Encryption And Signatures</title>
<link rel="stylesheet" href="manpage.css" type="text/css"/>
<link rel="start" href="index.html" title="Cone: COnsole Newsreader And Emailer"/>
<link rel="up" href="cone00index.html" title="Cone mail client"/>
<link rel="prev" href="cone07remoteconfig.html" title="Remote Configuration"/>
<link rel="next" href="cone09masterpassword.html" title="Master Passwords"/>
<link xmlns="" rel="icon" href="icon.gif" type="image/gif"/>
<meta xmlns="" name="MSSmartTagsPreventParsing" content="TRUE"/>
<!--
Copyright 2002 - 2007 Double Precision, Inc. See COPYING for distribution
information.
-->
</head>
<body>
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr>
<th colspan="3" align="center" rowspan="1">Encryption And
Signatures</th>
</tr>
<tr>
<td width="20%" align="left" rowspan="1" colspan="1">
<a accesskey="p" href="cone07remoteconfig.html" shape="rect">Prev</a> </td>
<th width="60%" align="center" rowspan="1" colspan="1">
<span class="application">Cone</span> mail client</th>
<td width="20%" align="right" rowspan="1" colspan="1">
 <a accesskey="n" href="cone09masterpassword.html" shape="rect">Next</a></td>
</tr>
</table>
<hr/>
</div>
<div class="chapter" lang="en" xml:lang="en">
<div class="titlepage">
<div>
<div>
<h2 class="title"><a id="cone08gpg" shape="rect" name="cone08gpg"> </a>Encryption And Signatures</h2>
</div>
</div>
</div>
<p><span class="application">Cone</span> includes supports for
encryption and digital signatures. <span class="application">GnuPG</span> (http://www.gnupg.org) must be
installed in order to use encryption and digital
signatures.</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p><span class="application">Cone</span> uses a newer
MIME-based format for encrypted and signed messages.
<span class="application">Cone</span> does not recognize or
use the older “<span class="quote">inline-formatted</span>” messages (this is
where the text messages contain keywords like
“<span class="quote">BEGIN PGP SIGNED
MESSAGE</span>”).</p>
</div>
<div class="section" lang="en" xml:lang="en">
<div class="titlepage">
<div>
<div>
<h4 class="title"><a id="id528975" shape="rect" name="id528975"> </a>MIME encryption and digital
signatures</h4>
</div>
</div>
</div>
<p>At this time <span class="application">Cone</span>
provides basic encryption, decryption, signature creation,
and signature verification functionality. Key management
(like creating and signing keys) must still be done with
<span class="application">GnuPG</span>.</p>
<div class="section" lang="en" xml:lang="en">
<div class="titlepage">
<div>
<div>
<h5 class="title"><a id="id528995" shape="rect" name="id528995"> </a>Signing and encrypting messages</h5>
</div>
</div>
</div>
<p>When <span class="application">GnuPG</span> is
installed, two additional options become available after
pressing <span class="keycap"><strong>CTRL</strong></span>-<span class="keycap"><strong>X</strong></span> to send a message:</p>
<div class="variablelist">
<dl>
<dt><span class="term">Sign</span></dt>
<dd>
<p>Pressing <span class="keycap"><strong>S</strong></span> displays a list of
all available secret keys. Highlight the key and
press <span class="keycap"><strong>Enter</strong></span> to select a
key for signing the message. The list of keys is
shown at the bottom of the screen. The top of the
screen shows additional information about the
currently highlighted key.</p>
</dd>
<dt><span class="term">Encrypt</span></dt>
<dd>
<p>Pressing <span class="keycap"><strong>E</strong></span> displays a list of
all known public keys. More than one public key may
be selected. All public keys whose addresses match
any recipient address, or the sender's address, are
selected by default. The message is encrypted by all
chosen public keys. Highlight each key and press
<span class="keycap"><strong>SPACE</strong></span> to
select a public key encryption. Press <span class="keycap"><strong>Enter</strong></span> after
selecting all public keys. A checkmark (or an
asterisk, depending on the console display) is placed
next to each selected key. Press <span class="keycap"><strong>SPACE</strong></span> again in order
to un-select a selected key.</p>
</dd>
</dl>
</div>
<p>The original prompt is updated accordingly, after
selecting either of these two options (the original
“<span class="quote">Send message?</span>”
prompt changes to a “<span class="quote">Sign, then
send message?</span>”, or some other appropriate
variant). The key used for signing a message is memorized
like any other custom message header, and is automatically
selected by default when sending the next message. Choose
“<span class="quote"><span class="keycap"><strong>S</strong></span>ign</span>” again
to un-select the key. A separate default signing key exists
for every account <span class="application">Cone</span> is
logged on to, and a default signing key is memorized for
every open folder. It is possible to memorize a different
key for signing replies to messages in different folders.
However that may prove to be a bit cumbersome. Each time a
message in a different folder is replied to, <span class="application">Cone</span> will prompt whether to set that
folder's key (or any other custom header) as the default
for the entire mail account. This feature is probably
convenient when most replies are to messages from the same
folder, and messages from other folders are accessed
infrequently.</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>The “<span class="quote">Sign</span>”
and/or the “<span class="quote">Encrypt</span>” option must be used before
selecting “<span class="quote">Delivery
notifications</span>”. After selecting
“<span class="quote">Delivery
notifications</span>”, the only remaining options
shown are the various delivery notifications options, and
<span class="keycap"><strong>Y</strong></span>, which
sends the message.</p>
</div>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>Copies of encrypted sent messages are saved in their
encrypted form. Unless the sender's public key is also
selected for encryption, the sender will not be able to
read a copy of the sender's own message!</p>
</div>
</div>
<div class="section" lang="en" xml:lang="en">
<div class="titlepage">
<div>
<div>
<h5 class="title"><a id="id529155" shape="rect" name="id529155"> </a>Passphrases</h5>
</div>
</div>
</div>
<p><span class="application">Cone</span> supports
passphrase-protected keys. <span class="application">Cone</span> prompts for a passphrase before
it signs a message. Press <span class="keycap"><strong>Enter</strong></span> without entering
anything if the key does not have a passphrase.</p>
<p><span class="application">Cone</span> remembers the
passphrase, and will not ask for it again. When a master
single-signon password is installed (see
“<span class="quote">Master Passwords</span>”),
passphrase passwords are also saved together with all other
account passwords. <span class="application">Cone</span>
does not automatically know when, and if, the key's
passphrase is changed. When message signing fails,
<span class="application">Cone</span> automatically removes
the saved passphrase. Simply try again to sign the same
message, and <span class="application">Cone</span> will
prompt for the new passphrase.</p>
</div>
<div class="section" lang="en" xml:lang="en">
<div class="titlepage">
<div>
<div>
<h5 class="title"><a id="id529212" shape="rect" name="id529212"> </a>Decrypting messages, and verifying
signatures</h5>
</div>
</div>
</div>
<p>Pressing <span class="keycap"><strong>Y</strong></span>
(as in “<span class="quote">decr<span class="keycap"><strong>Y</strong></span>t</span>”) attempts
to decrypt or verify the signature of a currently opened
message. The message must be opened before it can be
decrypted. A signed message must also be opened, before its
signature can be verified.</p>
<p>An encrypted message will initially be empty, naturally,
except for a single attachment that contains the encrypted
content. The contents of a signed message are displayed
normally. The presence of an additional attachment, that
contains the message's signature, indicates that the
message is signed. After a message is succesfully
decrypted, or its signature is verified, the message's
contents are shown together with the diagnostic messages
from <span class="application">GnuPG</span> which contain
additional information on the message's encryption
status.</p>
<p>Forwarding or replying to a message always ends up
forwarding or replying whatever's currently shown on the
screen. If the message is decrypted, the decrypted contents
are forwarded. If the message is not decrypted, its
original encrypted version is forwarded.</p>
</div>
<div class="section" lang="en" xml:lang="en">
<div class="titlepage">
<div>
<div>
<h5 class="title"><a id="id529256" shape="rect" name="id529256"> </a>Decrypting messages with a
passphrase-protected key</h5>
</div>
</div>
</div>
<p>Before decrypting a message, <span class="application">Cone</span> prompts for a passphrase. The
passphrase is memorized just like passphrases are memorized
after a message is signed, and <span class="application">Cone</span> will not ask for a passphrase
again. Just like when signing, when a master single-signon
password is installed, the passphrase is saved together
with all other account passwords.</p>
<p>At this time, <span class="application">Cone</span> is
not smart enough to known which private key was used for
encrypting a message. Therefore if multiple private keys
are present, they all should have the same passphrase.
Otherwise, each time an attempt is made to decrypt a
message that's encrypted by different key, the attempt will
fail because the wrong passphrase was memorized. Each time
an attempt to decrypt a message fails, <span class="application">Cone</span> automatically forgets the saved
passphrase, so that the attempt to decrypt the message can
be tried again, this time entering the correct passphrase
(which will now be memorized and used as a default
decrypting passphrase from now on).</p>
</div>
</div>
</div>
<div class="navfooter">
<hr/>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left" rowspan="1" colspan="1">
<a accesskey="p" href="cone07remoteconfig.html" shape="rect">Prev</a> </td>
<td width="20%" align="center" rowspan="1" colspan="1">
<a accesskey="u" href="cone00index.html" shape="rect">Up</a></td>
<td width="40%" align="right" rowspan="1" colspan="1">
 <a accesskey="n" href="cone09masterpassword.html" shape="rect">Next</a></td>
</tr>
<tr>
<td width="40%" align="left" valign="top" rowspan="1" colspan="1">Remote Configuration </td>
<td width="20%" align="center" rowspan="1" colspan="1">
<a accesskey="h" href="index.html" shape="rect">Home</a> | <a accesskey="t" href="bk01-toc.html" shape="rect">ToC</a></td>
<td width="40%" align="right" valign="top" rowspan="1" colspan="1"> Master Passwords</td>
</tr>
</table>
</div>
</body>
</html>
