@tempest @Patrick
I’ve done a successful full test of the encrypted email wiki instructions using cadamail and sent a key test encrypted email.
Identified issues:
1. Changed TorBirdy steps back to “wget” instead of “scurl --remote-name”, since the latter never works at the gpg --verify step. No idea why.
@BubonicChronicWhonix
If the .asc file won’t verify correctly, remove them and download them again with wget. Re-run the verify step, and it should have a good signature.
2. The lightning add-on does not appear in the add-ons manager any more (at least in Qubes-Whonix, so doesn’t need to be disabled).
3. When doing “Mail Account Setup”, your guide has “youranonemail@vfemail.net”.
Not sure why you don’t have the .onion in the email address line? Works for cadamail i.e. blahblah@cadamailgxsy6ykq.onion
4. Ditto POP Mail Server options, you have username@vfemail.net, but cadamail works with the .onion extension for the user name.
Also note cadamail has the server name as:
“pop.cadamailgxsy6ykq.onion”.
The “pop” part doesn’t appear in your guide. Don’t know if it matters.
5. In cadamail for SMTP settings, cadamail port comes up as 465, not 587.
I changed it manually to 587. I think we should add a step for users to do the same (if necessary), since the web tells me that mail clients and proper mail servers should always use this port i.e. when coupled with TLS encryption ensures that email is submitted securely and follows guidelines set out by the IETF.
6. At the mkdir storage/gpg-revoke step →
Doesn’t work in Qubes. Needs to be done in two separate steps->
mkdir storage
mkdir storage/gpg-revoke
7. After encrypting the revocation certificate, and moving the .gpg file to the storage directory, there is still the normal blahblah.rev.asc sitting in the user’s home directory.
I presume this should be securely shredded and we should add an explicit step there to do that?
8. TODO: Add tempest’s steps for copying public key from website to clipboard etc when no public key on keyserver.
SUMMARY
This goddamn thing works - great. cadamail doesn’t require JavaScript to register either, so screw VFEmail.
Please respond to my test email (so I can check I can read your encrypted email reply correctly) and comment on the above issues, and we’ll get this thing published very soon after some minor edits.