<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"/>
<title>Encryption And Signatures</title>
<link rel="stylesheet" href="manpage.css" type="text/css"/>
<link rel="home" href="index.html" title="Cone: COnsole Newsreader And Emailer"/>
<link rel="up" href="cone00index.html" title="Cone mail client"/>
<link rel="prev" href="cone07remoteconfig.html" title="Remote Configuration"/>
<link rel="next" href="cone09masterpassword.html" title="Master Passwords"/>
<link xmlns="" rel="icon" href="icon.gif" type="image/gif"/>
<meta xmlns="" name="MSSmartTagsPreventParsing" content="TRUE"/>
<!--
Copyright 2002 - 2007 Double Precision, Inc. See COPYING for distribution
information.
-->
</head>
<body>
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr>
<th colspan="3" align="center" rowspan="1">Encryption And
Signatures</th>
</tr>
<tr>
<td width="20%" align="left" rowspan="1" colspan="1">
<a accesskey="p" href="cone07remoteconfig.html" shape="rect">Prev</a> </td>
<th width="60%" align="center" rowspan="1" colspan="1">
<span class="application">Cone</span> mail client</th>
<td width="20%" align="right" rowspan="1" colspan="1">
 <a accesskey="n" href="cone09masterpassword.html" shape="rect">Next</a></td>
</tr>
</table>
<hr/>
</div>
<div class="chapter" title="Encryption And Signatures">
<div class="titlepage">
<div>
<div>
<h2 class="title"><a id="cone08gpg" shape="rect" name="cone08gpg"> </a>Encryption And Signatures</h2>
</div>
</div>
</div>
<p><span class="application">Cone</span> includes supports for
encryption and digital signatures. <span class="application">GnuPG</span> (http://www.gnupg.org) must be
installed in order to use encryption and digital
signatures.</p>
<div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p><span class="application">Cone</span> uses a newer
MIME-based format for encrypted and signed messages.
<span class="application">Cone</span> does not recognize or
use the older <span class="quote">“<span class="quote">inline-formatted</span>”</span> messages (this
is where the text messages contain keywords like <span class="quote">“<span class="quote">BEGIN PGP SIGNED
MESSAGE</span>”</span>).</p>
</div>
<div class="section" title="MIME encryption and digital signatures">
<div class="titlepage">
<div>
<div>
<h4 class="title"><a id="id492194" shape="rect" name="id492194"> </a>MIME encryption and digital
signatures</h4>
</div>
</div>
</div>
<p>At this time <span class="application">Cone</span>
provides basic encryption, decryption, signature creation,
and signature verification functionality. Key management
(like creating and signing keys) must still be done with
<span class="application">GnuPG</span>.</p>
<div class="section" title="Signing and encrypting messages">
<div class="titlepage">
<div>
<div>
<h5 class="title"><a id="id492214" shape="rect" name="id492214"> </a>Signing and encrypting messages</h5>
</div>
</div>
</div>
<p>When <span class="application">GnuPG</span> is
installed, two additional options become available after
pressing <span class="keycap"><strong>CTRL</strong></span>-<span class="keycap"><strong>X</strong></span> to send a message:</p>
<div class="variablelist">
<dl>
<dt><span class="term">Sign</span></dt>
<dd>
<p>Pressing <span class="keycap"><strong>S</strong></span> displays a list of
all available secret keys. Highlight the key and
press <span class="keycap"><strong>Enter</strong></span> to select a
key for signing the message. The list of keys is
shown at the bottom of the screen. The top of the
screen shows additional information about the
currently highlighted key.</p>
</dd>
<dt><span class="term">Encrypt</span></dt>
<dd>
<p>Pressing <span class="keycap"><strong>E</strong></span> displays a list of
all known public keys. More than one public key may
be selected. All public keys whose addresses match
any recipient address, or the sender's address, are
selected by default. The message is encrypted by all
chosen public keys. Highlight each key and press
<span class="keycap"><strong>SPACE</strong></span> to
select a public key encryption. Press <span class="keycap"><strong>Enter</strong></span> after
selecting all public keys. A checkmark (or an
asterisk, depending on the console display) is placed
next to each selected key. Press <span class="keycap"><strong>SPACE</strong></span> again in order
to un-select a selected key.</p>
</dd>
</dl>
</div>
<p>The original prompt is updated accordingly, after
selecting either of these two options (the original
<span class="quote">“<span class="quote">Send
message?</span>”</span> prompt changes to a
<span class="quote">“<span class="quote">Sign, then
send message?</span>”</span>, or some other
appropriate variant). The key used for signing a message is
memorized like any other custom message header, and is
automatically selected by default when sending the next
message. Choose <span class="quote">“<span class="quote"><span class="keycap"><strong>S</strong></span>ign</span>”</span>
again to un-select the key. A separate default signing key
exists for every account <span class="application">Cone</span> is logged on to, and a default
signing key is memorized for every open folder. It is
possible to memorize a different key for signing replies to
messages in different folders. However that may prove to be
a bit cumbersome. Each time a message in a different folder
is replied to, <span class="application">Cone</span> will
prompt whether to set that folder's key (or any other
custom header) as the default for the entire mail account.
This feature is probably convenient when most replies are
to messages from the same folder, and messages from other
folders are accessed infrequently.</p>
<div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>The <span class="quote">“<span class="quote">Sign</span>”</span> and/or the <span class="quote">“<span class="quote">Encrypt</span>”</span> option must be used
before selecting <span class="quote">“<span class="quote">Delivery notifications</span>”</span>.
After selecting <span class="quote">“<span class="quote">Delivery notifications</span>”</span>, the
only remaining options shown are the various delivery
notifications options, and <span class="keycap"><strong>Y</strong></span>, which sends the
message.</p>
</div>
<div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>Copies of encrypted sent messages are saved in their
encrypted form. Unless the sender's public key is also
selected for encryption, the sender will not be able to
read a copy of the sender's own message!</p>
</div>
</div>
<div class="section" title="Passphrases">
<div class="titlepage">
<div>
<div>
<h5 class="title"><a id="id492374" shape="rect" name="id492374"> </a>Passphrases</h5>
</div>
</div>
</div>
<p><span class="application">Cone</span> supports
passphrase-protected keys. <span class="application">Cone</span> prompts for a passphrase before
it signs a message. Press <span class="keycap"><strong>Enter</strong></span> without entering
anything if the key does not have a passphrase.</p>
<p><span class="application">Cone</span> remembers the
passphrase, and will not ask for it again. When a master
single-signon password is installed (see <span class="quote">“<span class="quote">Master
Passwords</span>”</span>), passphrase passwords are
also saved together with all other account passwords.
<span class="application">Cone</span> does not
automatically know when, and if, the key's passphrase is
changed. When message signing fails, <span class="application">Cone</span> automatically removes the saved
passphrase. Simply try again to sign the same message, and
<span class="application">Cone</span> will prompt for the
new passphrase.</p>
</div>
<div class="section" title="Decrypting messages, and verifying signatures">
<div class="titlepage">
<div>
<div>
<h5 class="title"><a id="id492432" shape="rect" name="id492432"> </a>Decrypting messages, and verifying
signatures</h5>
</div>
</div>
</div>
<p>Pressing <span class="keycap"><strong>Y</strong></span>
(as in <span class="quote">“<span class="quote">decr<span class="keycap"><strong>Y</strong></span>t</span>”</span>)
attempts to decrypt or verify the signature of a currently
opened message. The message must be opened before it can be
decrypted. A signed message must also be opened, before its
signature can be verified.</p>
<p>An encrypted message will initially be empty, naturally,
except for a single attachment that contains the encrypted
content. The contents of a signed message are displayed
normally. The presence of an additional attachment, that
contains the message's signature, indicates that the
message is signed. After a message is succesfully
decrypted, or its signature is verified, the message's
contents are shown together with the diagnostic messages
from <span class="application">GnuPG</span> which contain
additional information on the message's encryption
status.</p>
<p>Forwarding or replying to a message always ends up
forwarding or replying whatever's currently shown on the
screen. If the message is decrypted, the decrypted contents
are forwarded. If the message is not decrypted, its
original encrypted version is forwarded.</p>
</div>
<div class="section" title="Decrypting messages with a passphrase-protected key">
<div class="titlepage">
<div>
<div>
<h5 class="title"><a id="id492475" shape="rect" name="id492475"> </a>Decrypting messages with a
passphrase-protected key</h5>
</div>
</div>
</div>
<p>Before decrypting a message, <span class="application">Cone</span> prompts for a passphrase. The
passphrase is memorized just like passphrases are memorized
after a message is signed, and <span class="application">Cone</span> will not ask for a passphrase
again. Just like when signing, when a master single-signon
password is installed, the passphrase is saved together
with all other account passwords.</p>
<p>At this time, <span class="application">Cone</span> is
not smart enough to known which private key was used for
encrypting a message. Therefore if multiple private keys
are present, they all should have the same passphrase.
Otherwise, each time an attempt is made to decrypt a
message that's encrypted by different key, the attempt will
fail because the wrong passphrase was memorized. Each time
an attempt to decrypt a message fails, <span class="application">Cone</span> automatically forgets the saved
passphrase, so that the attempt to decrypt the message can
be tried again, this time entering the correct passphrase
(which will now be memorized and used as a default
decrypting passphrase from now on).</p>
</div>
</div>
</div>
<div class="navfooter">
<hr/>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left" rowspan="1" colspan="1">
<a accesskey="p" href="cone07remoteconfig.html" shape="rect">Prev</a> </td>
<td width="20%" align="center" rowspan="1" colspan="1">
<a accesskey="u" href="cone00index.html" shape="rect">Up</a></td>
<td width="40%" align="right" rowspan="1" colspan="1">
 <a accesskey="n" href="cone09masterpassword.html" shape="rect">Next</a></td>
</tr>
<tr>
<td width="40%" align="left" valign="top" rowspan="1" colspan="1">Remote Configuration </td>
<td width="20%" align="center" rowspan="1" colspan="1">
<a accesskey="h" href="index.html" shape="rect">Home</a> | <a accesskey="t" href="bk01-toc.html" shape="rect">ToC</a></td>
<td width="40%" align="right" valign="top" rowspan="1" colspan="1"> Master Passwords</td>
</tr>
</table>
</div>
</body>
</html>
