Project

General

Profile

Feature #11240

Feature #6338: User-friendly keysigning that verifies that key belongs to the recipient

Document monkeysign

Added by sajolida almost 4 years ago. Updated 6 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
03/15/2016
Due date:
% Done:

20%

Feature Branch:
emmapeel:docs/11240-monkeysign
Type of work:
End-user documentation
Blueprint:
Starter:
Affected tool:

Description

I managed to send monkeysign emails doing:

torsocks monkeysign --user=sajolida@pimienta.org --smtp=mssatgg2rwa4aytk.onion:587 --smtpuser=sajolida@pimienta.org 0x66c8c2d7c5aa446d

So it works and we should document this briefly as an "advanced topics".


Related issues

Related to Tails - Feature #8401: Improve monkeysign integration in Tails Rejected 12/06/2014

History

#1 Updated by muri almost 4 years ago

when i try to sign the tails signing key with monkeysign i get:

monkeysign 0xDBB802B258ACD84F
Traceback (most recent call last):
  File "/usr/bin/monkeysign", line 41, in <module>
    u.main()
  File "/usr/lib/python2.7/dist-packages/monkeysign/cli.py", line 64, in main
    self.copy_secrets()
  File "/usr/lib/python2.7/dist-packages/monkeysign/ui.py", line 256, in copy_secrets
    keys = self.keyring.get_keys(None, True, False)
  File "/usr/lib/python2.7/dist-packages/monkeysign/gpg.py", line 385, in get_keys
    key = OpenPGPkey(keydata)
  File "/usr/lib/python2.7/dist-packages/monkeysign/gpg.py", line 656, in __init__
    self.parse_gpg_list(data)
  File "/usr/lib/python2.7/dist-packages/monkeysign/gpg.py", line 698, in parse_gpg_list
    (null, self.trust, self.length, self.algo, keyid, self.creation, self.expiry, serial, trust, uid, sigclass, purpose, smime, wtf, wtf, wtf) = record
ValueError: too many values to unpack

i think the tool we choose should be able to sign our own key ;)

#2 Updated by intrigeri almost 4 years ago

It might be that by design, monkeysign needs the key that will be certified to have an encryption subkey, so that the certification can be sent encrypted to the signee?

#3 Updated by sajolida over 3 years ago

I think it's this bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736548.

This is slightly off topic here, unless we're discussing whether monkeysign is good enough to be documented and thus get more audience, generate more user support requests, etc.

#4 Updated by emmapeel over 3 years ago

  • Assignee set to emmapeel

#5 Updated by emmapeel over 3 years ago

  • Status changed from Confirmed to In Progress
  • Assignee deleted (emmapeel)
  • QA Check set to Ready for QA
  • Feature Branch set to emmapeel:docs/11240-monkeysign

#6 Updated by intrigeri over 3 years ago

  • Assignee set to sajolida

(Sorry if I guess wrong, in which case reassign to me and I'll try to find someone else :)

#7 Updated by emmapeel over 3 years ago

  • Assignee changed from sajolida to emmapeel
  • QA Check changed from Ready for QA to Dev Needed

Asked on the monkeysign forum, at

https://0xacab.org/monkeysphere/monkeysign/issues/5

Developer says it looks good, although better to sign with the fingerprint (silly me!), specially when using Tor.

#8 Updated by emmapeel over 3 years ago

  • Assignee deleted (emmapeel)
  • QA Check changed from Dev Needed to Ready for QA

#9 Updated by intrigeri over 3 years ago

  • Assignee set to intrigeri
  • Target version set to Tails_2.7

Thanks! I'll have a look for technical correctness, and then will reassign to sajolida for tech writing review.

#10 Updated by intrigeri about 3 years ago

  • Assignee changed from intrigeri to emmapeel
  • QA Check changed from Ready for QA to Dev Needed
  • Does it really work to pass a fingerprint with spaces? I would be somewhat surprised. The upstream doc has examples without space.
  • Please use HTTPS when pointing to the upstream doc.
  • Please use consistent terminology wrt. "key ID". I see "key id" and "keyid", the gpg manpage uses "key ID".
  • I'm sad that we're reinforcing the "signing" vs. "certifying" confusion here, but I understand that it's probably more important to be consistent with upstream's terminology :/ Not your fault, of course.
  • Pointing to "learn more" at the beginning of the doc feels wrong to me, but I'll let sajolida handle this part of the review.
  • The commands must not be split over multiple lines: it won't work as-is. Worst case, if web formatting/layout requires it, use backslash to indicate line break in the middle of the command (even though it will make it harder to edit the command line for many users).
  • --smtpuser=amnesia in the template command feels wrong given the other bits that the user must replace are provided between brackets.
  • "specially when using it through the Tor network" is disputable and add little information (in Tails you're always using Tor anyway), so I would simply drop it.
  • "With your `` OpenPGP key" is not consistent with the use of Riseup's SMTP.
  • Does it really work to sign Tails' signing key this way? At least "an encrypted and signed message will be sent" seems strange, given our signing key has no encryption subkey. If it really works, then I'm curious to what key the outgoing message will be encrypted: (just guessing:) any pubkey with an encryption subkey and a matching email address? If yes, this would be a minor security flaw in Monkeysign.

#11 Updated by intrigeri about 3 years ago

  • % Done changed from 0 to 20

Also:

  • https://monkeysign.readthedocs.io/en/2.x/usage.html has an example using Thunderbird (that likely most people using OpenPGP for email in Tails use); how about using it instead of manually passing SMTP info, that many people will have a hard time figuring out, on the command-line? Our Icedove now has the account configuration wizard, so it will autodetect these settings :)
  • I would assume that people using Monkeysign in Tails won't do it only once, and have persistence enabled (to store their private key). So what about documenting how to write all required settings in a config file (+ how to make it persistent), or pointing to the upstream doc that already explains that? Maybe it's too much work on our side, for little benefit, I don't know. What do you think?
  • In general I'm glad that you worked with upstream on this one! The linking to it might need improvements, but I'm glad that the proposed branch does not attempt to duplicate all the info that upstream doc already has!

#12 Updated by emmapeel about 3 years ago

intrigeri wrote:

  • Does it really work to pass a fingerprint with spaces? I would be somewhat surprised. The upstream doc has examples without space.

It does now. Tested it in Tails.

  • Please use HTTPS when pointing to the upstream doc.

Ack!

  • Please use consistent terminology wrt. "key ID". I see "key id" and "keyid", the gpg manpage uses "key ID".
  • I'm sad that we're reinforcing the "signing" vs. "certifying" confusion here, but I understand that it's probably more important to be consistent with upstream's terminology :/ Not your fault, of course.
  • Pointing to "learn more" at the beginning of the doc feels wrong to me, but I'll let sajolida handle this part of the review.
  • The commands must not be split over multiple lines: it won't work as-is. Worst case, if web formatting/layout requires it, use backslash to indicate line break in the middle of the command (even though it will make it harder to edit the command line for many users).
  • --smtpuser=amnesia in the template command feels wrong given the other bits that the user must replace are provided between brackets.
  • "specially when using it through the Tor network" is disputable and add little information (in Tails you're always using Tor anyway), so I would simply drop it.
  • "With your `` OpenPGP key" is not consistent with the use of Riseup's SMTP.

The thing is: there tends to be more than one GPG key on our key ring in Tails. So I wanted to show how you can choose the gpg key to sign the message to, and a different mailbox to send... maybe I should be more explicit.

  • Does it really work to sign Tails' signing key this way? At least "an encrypted and signed message will be sent" seems strange, given our signing key has no encryption subkey. If it really works, then I'm curious to what key the outgoing message will be encrypted: (just guessing:) any pubkey with an encryption subkey and a matching email address? If yes, this would be a minor security flaw in Monkeysign.

TBH, I tested it with other fingerprint... copied that one but I cannot sign it anyway because it is already signed with my key...

#13 Updated by emmapeel about 3 years ago

intrigeri wrote:

Also:

  • https://monkeysign.readthedocs.io/en/2.x/usage.html has an example using Thunderbird (that likely most people using OpenPGP for email in Tails use); how about using it instead of manually passing SMTP info, that many people will have a hard time figuring out, on the command-line? Our Icedove now has the account configuration wizard, so it will autodetect these settings :)

I know! But this is not working in our monkeysign version shipped in Tails. Will be working with monkeysign 2.1 https://0xacab.org/monkeysphere/monkeysign/milestones/1

  • I would assume that people using Monkeysign in Tails won't do it only once, and have persistence enabled (to store their private key). So what about documenting how to write all required settings in a config file (+ how to make it persistent), or pointing to the upstream doc that already explains that? Maybe it's too much work on our side, for little benefit, I don't know. What do you think?

Actually the config file was my next goal. We had some issues with the readthedocs implementation but now it is easier to work on monkeysign docs :)

I asked monkeysign people for review, and offered to document it upstream. Then we could point our users there.

https://0xacab.org/monkeysphere/monkeysign/merge_requests?scope=all&state=merged#

  • In general I'm glad that you worked with upstream on this one! The linking to it might need improvements, but I'm glad that the proposed branch does not attempt to duplicate all the info that upstream doc already has!

(wax on, wax off!)

#14 Updated by intrigeri about 3 years ago

I know! But this is not working in our monkeysign version shipped in Tails. Will be working with monkeysign 2.1 https://0xacab.org/monkeysphere/monkeysign/milestones/1
[...]
Actually the config file was my next goal. We had some issues with the readthedocs implementation but now it is easier to work on monkeysign docs :)

Excellent, thanks!

#15 Updated by intrigeri about 3 years ago

  • Does it really work to pass a fingerprint with spaces? I would be somewhat surprised. The upstream doc has examples without space.

It does now. Tested it in Tails.

Cool :)

  • "With your `` OpenPGP key" is not consistent with the use of Riseup's SMTP.

The thing is: there tends to be more than one GPG key on our key ring in Tails. So I wanted to show how you can choose the gpg key to sign the message to, and a different mailbox to send... maybe I should be more explicit.

I see. But presumably, in general one should use the SMTP server corresponding to the signing key's UID, in order to avoid linking identities together, no? So perhaps it's actually better to not suggest that anyone does differently.

TBH, I tested it with other fingerprint... copied that one but I cannot sign it anyway because it is already signed with my key...

OK, so let's play it safe and not pretend that this thing will work, since it's unlikely to.

#16 Updated by bertagaz about 3 years ago

  • Target version changed from Tails_2.7 to Tails_2.9.1

#17 Updated by anonym almost 3 years ago

  • Target version changed from Tails_2.9.1 to Tails 2.10

#18 Updated by anonym almost 3 years ago

  • Target version changed from Tails 2.10 to Tails_2.11

#19 Updated by anonym almost 3 years ago

  • Target version changed from Tails_2.11 to Tails_2.12

#20 Updated by intrigeri over 2 years ago

  • Target version deleted (Tails_2.12)

No progress since 7 months => dropping target version for now. Feel free to re-add a (realistic) one if it helps you organize your work!

#21 Updated by sajolida almost 2 years ago

  • Description updated (diff)

#22 Updated by sajolida almost 2 years ago

  • Description updated (diff)

#23 Updated by u almost 2 years ago

So it seems that the last thing to do on this ticket is to write a documentation for the working command?

#24 Updated by u over 1 year ago

  • Assignee changed from emmapeel to sajolida

assigning to doc writers.

#25 Updated by intrigeri over 1 year ago

Monkeysign is dead upstream and it's unclear whether it'll make it into Buster, so if I were you I would not spend time on it right now.

#26 Updated by u over 1 year ago

  • Related to Feature #8401: Improve monkeysign integration in Tails added

#27 Updated by sajolida over 1 year ago

  • Target version set to Tails_4.0
  • QA Check deleted (Dev Needed)

#28 Updated by intrigeri 11 months ago

sajolida wrote:

Though I see a release in June 2018:

This was some kind of "wrap things up and ship fixes that are ready" release, announced by the upstream author at the same time he announced on some mailing list that he was mostly giving up on this project. Sorry I can't find the reference to that announcement.

#29 Updated by muri 11 months ago

intrigeri wrote:

This was some kind of "wrap things up and ship fixes that are ready" release, announced by the upstream author at the same time he announced on some mailing list that he was mostly giving up on this project. Sorry I can't find the reference to that announcement.

FTR: https://lists.riseup.net/www/arc/monkeysphere/2018-06/msg00004.html

#30 Updated by intrigeri 10 months ago

See "Monkeysign alternatives testing" on https://anarc.at/blog/2019-02-06-report/, whose conclusion is "So, surprisingly, Monkeysign might survive a bit longer, as much as I have come to dislike the poor little thing...".

#31 Updated by intrigeri 9 months ago

  • Target version deleted (Tails_4.0)

Let's see if we remove it it #15291.

#32 Updated by sajolida 6 months ago

  • Status changed from In Progress to Rejected

We removed monkeysign in 3.14.

Also available in: Atom PDF