Verifying/decrypt email using PGP signature/public key

0

UPDATED QUESTION:

Using Outlook 2013 64bit on Windows 7 64bit, I have setup GnuPG which allows me to send encrypted emails. To do that, I asked someone for their public key. I sent them an email and cc'ed in another person. The original recipient (the person who sent me their public key) was able to decrypt the message, and the cc'ed person was not able to decrypt the message (as the cc'ed person did not have the private key to match the public key I used to send the email). All good so far.

I installed k9mail on my phone (Android 8.1.1), I tried importing the same persons public key, I selected that person to send an email to them, and when I clicked send, I get a message saying no key configured for this account, check your settings.

I check the key settings for the public key I was sent, and it says confirmed key.

Any idea why the public key I received works from Outlook 2013, but not from Android's k9mail?

ORIGINAL QUESTION:

I've received an email with an attachment:

-----BEGIN PGP SIGNATURE-----

long string goes here
-----END PGP SIGNATURE-----

How do I use this signature to check that the email is truly from the person I assume to have sent it?

I am looking for a Windows/Linux command line method to verify the email.

oshirowanen

Posted 2018-05-24T13:33:50.147

Reputation: 1 858

What email client are you using? What have you already tried? (If I judge your previous question correctly, you may be using Outlook, but that still does not explain whether you have actually tried to install OpenPGP or what steps you have taken.)

– slhck – 2018-05-24T13:58:22.237

I was more looking for a manual way of verifying the signature+email. Can I use something like CertUtil? – oshirowanen – 2018-05-24T14:25:12.633

No, certutil is not the proper tool. Your question would benefit from having more context, e.g., what operating system you're using, what client software, what GPG/PGP package you are using, any constraints you may have. Also, why would you want to manually do it, when there are tools that can automate this process, which integrate into your email client? – slhck – 2018-05-24T14:28:04.807

Eh, that's still not straightforward, as it depends on the client you're using, how you will export the email, what format it is (inline, or multipart), how you encode the contents. Couldn't you just install a PGP/GPG plugin in your client, or is this more of an “academic” exercise? – slhck – 2018-05-24T14:52:33.387

@slhck Added further details to question. – oshirowanen – 2018-05-25T08:29:49.677

For Android, are you using OpenKeychain? – user1686 – 2018-05-25T11:04:06.727

@grawity - Yes I am. – oshirowanen – 2018-05-30T08:55:37.477

Answers

1

I have the impression that you are mixing several questions in your post. I try to separate them

Concerning the Outlook CC person cannot decrypt:

While sending encrypted mails the PGP implementation must ensure that you have for every recipient the right public key. IMHO it makes no sense to make a CC to someone, that you do not have the public key for. He/she won't be able to decrypt that mail.

The general question is which PGP implementation do you use? I can recommend gpg4o which is very friendly to beginners and takes good care in choosing the right keys for outgoing mails.

Concerning the K9 message

I would assume that you have not assigned your own private/public key pair to the account. Normally an PGP implementation also encrypts an outgoing mail also to the sender, so that you can decrypt your own writing in your Sent folder.

Concerning the signature verification

I would recommend to leave the verification to the PGP plugin of you email client. Verification of signatures is quite tricky if you are copy/pasting the message into another application. A single different line break or blank invalidates the signature. And the result is black or white. There is no gray in between ("might be correct with the exception of some blank")

user396309

Posted 2018-05-24T13:33:50.147

Reputation: 66

Asked: 2018-05-24T13:33:50.147

Viewed: 453 times

Active: 2018-05-25T13:38:21.850