Hi everyone,
I was wondering if you know a way to use the generated OpenPGP key created trough Thunderbird to sign PDF’s ?
(Devuan distro)
Thanks.
That would be a perfect place for a Thunderbird addon. Add as attachment, sign with pgp key, send
Isn’t that already done when sending a signed email? Or other types of sent that I’m not aware?
I have no idea, is the attachment encrypted and signed? I suppose?
But this would allow signing only, which is also important if you trust the server.
Yes, attachments and subject lines are encrypted in the latest version of Thunderbird
Nice!
You can. I’m not particularly familar with Thunderbird, but you can export your key to system/user keyring then you can sign any data you want using GPG. However, I doubt tool exists for you to embed the signature to a PDF like x.509 signing would.
https://superuser.com/questions/653231/embed-a-gpg-signature-in-a-pdf-file#1361205
Do you mean using PDF’s built-in signature mechanisms? I don’t think so.
If you want to do regular PGP file signing you can export the key from Thunderbird and do whatever you want with it.
https://portablesigner.sourceforge.net/index.html
You may need to use your key to generate a full cert: http://wiki.cacert.org/ConvertingPgpKeyToCertificate
Thank you all for your quick reactions !!
To summarize if I want to use the PDF built-in signing I will need to convert my OpenPGP into a X.509 cert otherwise I can simply use the OpenPGP file signing
I want to stick to the UNIX Philosophy especially:
Write programs that do one thing and do it well.
So I will use the OpenPGP signing tool :)
Thanks !
Please edit the OP instead of making a comment
OpenPGP is kind of like the opposite of that - it does a lot of things, and none of them particularly well. To quote:
PGP does a mediocre job of signing things, a relatively poor job of encrypting them with passwords, and a pretty bad job of encrypting them with public keys. PGP is not an especially good way to securely transfer a file. It’s a clunky way to sign packages. It’s not great at protecting backups. It’s a downright dangerous way to converse in secure messages.
minisign is more in the UNIX spirit.