Tempests email guide -> Whonix wiki

torjunkie · April 15, 2018, 10:16am

@tempest (@BubonicChronicWhonix for TorBirdy or other config issues/testing)

All the wiki text is done, I just have to get around to the 95 screenshots. Link to unpublished text →

http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=Encrypted_Email_with_Thunderbird_and_Enigmail&oldid=33449&diff=cur

I’ve modified it here and there for phrasing, Whonix wiki references, external references etc, but the material is clearly credited as coming from your guide, with permission.

Changed the numbering to fit with sections, thus we don’t end up with “Step 100” to intimidate users.

Once the pics are done, I’ll give this a run through to check everything is correct and working (at least with one email provider).

Then, when everyone’s happy with the text and pics, it can be published on the main documentation page (and I’ll clean up the email pages that already exist in that section).

Cheers

tempest · April 15, 2018, 8:34pm

@torjunkie thank you. btw, do we need to specify a pw manager for this section? it could be any pw manager a user chooses, so long as they use a pw manager.

also, cadamail is working fine for me on the v3 onion, @BubonicChronicWhonix. here’s what may have been causing auth issues for you.

user names for both the pop and the smtp server must be full email address. "myaddress@cadamail.com"
smtp server must be set to starttls.

BubonicChronicWhonix · April 15, 2018, 8:36pm

Thank you so much for this. I’m about to try it. Have you tried using Username@v2.onion or Username@v3.onion?

tempest · April 15, 2018, 8:38pm

i only tried the v3 onion for the servers. for the usernames, i only used the clearnet domain as the user name.

BubonicChronicWhonix · April 15, 2018, 9:03pm

v3 for the server names is good + v2 for the username is good.

No need for any clearnet (cadamail.com).

Edit: Under further testing, this may not be working properly.

Will update as I test more. Need to send mail from other hidden service, to cadamail.

0brand · April 15, 2018, 10:03pm

Please excuse my German but thats füken awesome! Great work!

There is an older thread that discusses adding a password manager by default.

If anyone is intersted.

https://forums.whonix.org/t/add-password-manager-by-default/

BubonicChronicWhonix · April 16, 2018, 5:41am

Regarding Cadamail:

Username@Cadamail.com for username, on email and XMPP.

v3 server

Doesn’t seem like you can send IMs or emails to Username@v2.onion, or Username@v3.onion.

torjunkie · April 16, 2018, 9:50am

No problem & thanks!

I think the KeePassX stuff is fine, since we note it is optional. We should just add a sentence somewhere re: any PW manager can be used.

It’s all tempest’s hard work that we’ve copied. I’ve got to test it from start to finish myself. Looks like the v3 is working perfectly for tempest with cadamail. I’ll try both v2 and v3 for completeness.

Thanks!

Further edits

I’ve uploaded 94 screenshots and linked them in the relevant sections & done further edits →

http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=Encrypted_Email_with_Thunderbird_and_Enigmail&oldid=33449&diff=cur

So apart from final minor edits (e.g. figure titles/spacing perhaps) and test from start to finish, it is ready for publication.

tempest · April 16, 2018, 12:54pm

@torjunkie thank you for all the work. when i do the updated images for cadamail, i will let you know.

torjunkie · April 17, 2018, 3:57am

OK - thanks. Hope to have this published soon after I give it a test.

tempest · April 17, 2018, 5:48am

excellent. give me a little time. work is a little rough right now. but, i expect i can have this amended for cadamail in the next 2 weeks.

torjunkie · April 17, 2018, 11:53am

No problem. Just edit the text if you like and upload a couple of changed pics for cadamail when you’re ready.

tempest · April 19, 2018, 2:43am

ok. changes should be minimal. more images than text. i did create a “tempest” wiki account. i’ll let you know if i have any issues.

torjunkie · April 21, 2018, 4:06am

Patrick asked us to footnote/justify the following in the wiki entry:

Some footnotes for justification required:
--torbirdy from web rather than Debian package
–display-charset utf-8
–keyserver-options

I gather the TorBirdy version is much later than what is available from Debian. It isn’t clear to me why the charset and keyserver options are modified? If you let me know, I’ll footnote it.

tempest · April 23, 2018, 7:41am

without the modifications, enigmail cannot fetch gpg keys because torbirdy points to a local proxy running on port 8118. yet, no such proxy is running in the whonix workstation. the modifications of the “–display-charset” and “–keyserver-options” lines allow for the fetching or uploading of gpg keys with engimail and thunderbird.

edit: actually, good news. it appears that version 0.2.4, which is the latest version, no longer requires this edit. so the steps on unpacking the torbirdy.xpi file and editing it is no longer required.

torjunkie · April 23, 2018, 8:15am

Great! So I can remove steps 7 - 14 from here?:

http://kkkkkkkkkk63ava6.onion/w/index.php?title=Encrypted_Email_with_Thunderbird_and_Enigmail&oldid=33693&diff=cur#Install_the_Torbirdy_Plugin_in_Thunderbird

tempest · April 23, 2018, 9:40am

@torjunkie yes they can be removed. they will be gone from next version of guide.

BubonicChronicWhonix · April 23, 2018, 10:41pm

user@host:~/Downloads$ gpg --recv-key E4ACD3975427A5BA8450A1BEB01C8B006DA77FAA
gpg: key 0xB01C8B006DA77FAA: "Sukhbir Singh <azadi@riseup.net>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
user@host:~/Downloads$ gpg --verify torbirdy-current.xpi.asc 
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc) should be the first file given on the command line.

torjunkie · April 24, 2018, 10:49am

Thanks Bubonic for the feedback. Will do a full test shortly and fix this if needs be, but I see the commands match previous instructions found elsewhere.

Actually I left them in there for those that want to use Debian stable (jessie or stretch) versions of TorBirdy, since those steps are still needed.

Other than the snapshot for cadamail instead of VFEmail and minor changes to the text in that section, I think we should also have a section somewhere on how to email someone who hasn’t uploaded their public key to a key server, but announces their email address and PGP public key block on their website (you see this from time to time).

You know, annoying shit like this below, which assumes people know what to do with it - a very big assumption:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFUq2IoBEADmtlJ+yoHlq+tVxS34HzuGqGrGDCspDNZq8B5he25FR+3qxVANHAfb201odraTcbqW+K5WqtJJXKkZSdRbtn8ENpQp8SPnR+WamT/V1WTxJPLuEqb9uFOjHZvKEmWRlMomTcWBKlEPxaIZX9ykNNJNSJF0U4BorJSXRy0TmjQ6ST5o2LVMTVH8pRoC4LrON19tEv+bquRDmHuUAgIzeyv0tMRBZ6e4l1epWDC+6NJkG6elgzIFqx3pg33wNIQJaCnju7MwWDKfYA86UjEMeGOJBpIkAuPCqauDYLtvliJE4PLQ0wHtv1cyeWoJFCJiPV1OzAx8JHsFLP4subgOaNCSug5VCoOI62kJHMqRR0QNH4l06XTcKVUStw+LSEzuXhK+nXYm5KBA+WiR3IGzKM32JeElyhI7kHwFAcVXe4ELZbZFXqGoC1RMz3Tj9vK0bfGgiK5t5ku4cSH+hafRHYX+M4jfWOB8W807AqEhMUGMZkm1LEHmd1xRGpqJejeXJlimAhcDmPu4DJV5TMGWdSrfW7opKzCxKlEX5GWfE54R0RkgBUQZ5IiGe+lZk88XkSBTnToWo8SQRSm0vBCpYKPc0Z49EeUKWs26vhKlnocHGVPr7xr2lae6elnlmyGJBRDUhQTil4ckuJ0O8wRknJwbWPld2y6aRqISYSwARAQABtCdCb2IgQ3JvbXdlbGwgPGJvYi5jcm9td2VsbEBjb21jYXN0Lm5ldD6JAjgEEwECACIFAlUq2IoCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEINEbupB4akpBtUQAMYFiSUKaxYq0ggqVTZ2f+3PqFlF9nM8RFQRmtgcW89xS5EV0tFklu4U6N+o6Zhq+6DVXXRucI5J5bgTbwct4fEIKLFlFBejmc9d5CZYoekKknxxHl2+raS0mjF+JQaMEsRsB4CDueB2nFgWB6dskggDddCkzAMGzeycXfqYdzTBYFdqXAfzg3BiAnWIfemIkmWM4Lxr8ov14Ej5rTlIjOIcTldBZyv+OP+vMMAJnmJW4PaLY0+KHVT8uKanP7fLvDhxnorCspUXeIrr8sbJp8jFnwvS64XQYuz2LR0CoB0WjzJiJs+QifmWavDQ4FNQu97gVOTpFes1OM7qd0Ja24DLEIcGr+3h3ruBLZoyEANDQg5jK6gffeWRXkxNi2cU4WfUArs86QyjDwSoe2UTnmW+y6ilHbEasj0TZ3KN26DlpYkcTzmQe46oznpnoMZbkdqCI55tZCdHpGqiSmMx5PqjR9AIKM6T0gxlCvGajMthfbsbdOwDYo3OJ8YWQFGhuzs6b8I91QTrbInVZocIaiLGhdofCDygaSQks3UpoMJJLuiMy127GbKTwdeIEBYn0idLog5FMPxpxZel51Bbi3a3p3YE7J5Zw5pKPHCo167VlzygUpg1d5mcWq7ExwPwORloEm+Oj7uV30AXT5O1f2chUnvQqGxQkVvOMd7f0hFnSRgplh3xRHhboGuJwSlcJiAvLfTLLKXyKWsOsLiydUcJrCjo7bOMP18Yn8omJNemqjnvC5AI9zZ6j2S8uxyL1+0AMVUU6vNqIIc+EXu8xDEM1tGZIh63FikZoeWBp4HBkMQB4zaU79gTdLeTueuVILxHhpV6ObajsFkR83VlUYwxU+fSYFgqhXP=Tzwq
-----END PGP PUBLIC KEY BLOCK-----

I assume the correct method is (never tried it):

1. Cut and paste entire HTML PGP public key block from the browser into a file, including line of text at top and bottom.

2. Save as a plain text file e.g. “newkey.txt”

3. On the command line, run:

gpg --import newkey.txt

4. If successful, user should get a message like the following:

gpg: key F78FFE84: public key imported
gpg: Total number processed: 1
gpg: imported: 1

5. User can then check the newly imported key is listed on the keyring:

gpg --list-keys

tempest · April 25, 2018, 1:32am

@torjunkie it’s even simpler. they can copy the public key from the website to the clipboard. then, in the enigmail “key management” program, go to menu “edit -> import keys from clipboard.”

@BubonicChronicWhonix just verified the download without issue. did you import the key?