Feature Request: Auto-import of public keys for all my Contacts

olivier.debroqueville's Avatar

olivier.debroqueville

09 Nov, 2013 05:09 PM

GPG Keychain Access 1.1.3 (601)
10.9

Please describe your problem. Add as much detail as possible.

Currently, there is no way to automatically and frequently verify which of all of my contacts have a public key by searching a key server and automatically importing the public keys of all my contacts in GPG Keychain Access, thereby always keeping the public keys database for all my contacts up-to-date.

Please describe what you did expect instead

If GPG Keychain Access would start at login and automatically update the public keys database for all of my contacts, then encrypting an email would merely require clicking on the lock. Everything else would be handled in the background.

If you remember, please describe the steps leading up to the problem

I understand that, currently, the import of a public key is a manual process. I'm not sure whether you can import more than one public key at a time because I haven't tried it yet!

  1. Support Staff 1 Posted by Steve on 10 Nov, 2013 06:15 PM

    Steve's Avatar

    Hi Olivier,

    we've a ticket for this problem:

    https://gpgtools.lighthouseapp.com/projects/65684/tickets/153

    If this discussion get's closed, it will be re-opened as soon as the ticket is closed so you'll receive a notification. Feel free to open a new discussions should you run into further problems or need assistance.

    "import of a public key is a manual process" That is true but not 100% correct. In system preferences > GPGPreferences you can enable "Auto-retireve keys". That will search the key servers for any incoming signed mail for which you don't have a matching pub key. So if a friend who never used gpg gets his setup done and send an initial encrypted and signed or signed only mail, and the public key is on the key servers you won't have to do anything. GPG Keychain Access will have the key if you look once that mail is clicked.

    So that's where we at. The address book suggestions is great and we have it on our list.

    Best, steve

  2. 2 Posted by olivier.debroqu... on 10 Nov, 2013 08:46 PM

    olivier.debroqueville's Avatar

    Great stuff, Steve!

    Keep up the great work.

    May I kindly also suggest that you team up with email service
    providers such as Neomailbox and create a web page where we can find
    all your partners. This is just to help us users - via a one stop shop
    - know where we may find reliable and secure email service providers
    and tools. The problem today is that too few people are aware that
    encrypted emails aren't just for rocket scientists any more and that
    solutions such as the GPG Suite make it a lot easier to use secured
    emails. What is now required is wider adoption through awareness.
    Perhaps, when we import all the contacts from our Address Books into
    GPG Keychain Access, we could check a box if we want to invite our
    contacts who don't possess public/private keys to visit a page on your
    website that takes them through the steps of creating them and would
    explain how to use them with your tools. Thus, GPG Keychain Access
    would generate an email destined to all those contacts in the BCC:
    field and we would then only have to click the send button. (It's just
    an idea to spread the word.) You also want to have a web page we can
    easily share on the main social networks: Facebook, Google+ and
    Twitter.

    We're all tired of having the NSA, as well as other eavesdroppers &
    spammers, and their likes snooping around and sniffing all our emails!
    It's time we get our Privacy back!

  3. Support Staff 3 Posted by Steve on 12 Nov, 2013 10:45 AM

    Steve's Avatar

    Olivier, nice suggestions!

    I definitely feel your pain. Went through the same process: convincing family and friends can be a hard task. A single entry point webpage would be great but needs to be thought through and we will need a lot of time for this.

    Maybe we can come up with something but as always: can't promise anything :)

    steve

  4. 4 Posted by Scott Walters on 08 Dec, 2013 12:43 AM

    Scott Walters's Avatar

    It's quick a hack, but if you are OK with unix command line, worked pretty well for me.

    Assuming you have all of your contacts in OSX Contacts.

    1) Open Contacts
    2) Select All
    3) Right-mouse click and Export vCard
    4) Change "Save As:" to just be "Contacts.txt"
    4) Click Save (should go into your Documents Folder)
    5) Open a Terminal window
    6) Type "cd Documents"
    7) Cut and paste this into the terminal window:

    for email in grep EMAIL "Contacts.txt" | awk -F: '{print $2}' | sed 's/.$//';do gpg --search-keys $email;done

    8) This should do a search for each e-mail address. If it finds one, you'll need to enter the number of the key (typically 1) you want to import.

    HTH

    -Scott

  5. 5 Posted by olivier.debroqu... on 08 Dec, 2013 08:03 PM

    olivier.debroqueville's Avatar

    Thanks, Scott.

    It’s a clever fix, albeit a bit of a DIY job rather than the well integrated feature I’m hoping gpgtools will come up with. I think gpgtools should automatically request to access all of our Contacts (Address Book) and import the email addresses.

    Unfortunately, your fix won’t be of much help to me, because none of my friends or family are using the gpg suite. I’m guessing that it’s either too complicated to use or takes too much time and effort to understand!

    Btw, what happens when you import in gpgtools an email address of a friend that doesn’t have any public key?

    Ideally, I think there should be an option in gpgtools to automatically send an email to all our contacts who don’t have a public key to invite them to create one and use gpg suite (with instructions included).

  6. 6 Posted by Scott Walters on 09 Dec, 2013 01:42 AM

    Scott Walters's Avatar

    This procedure checks to see if a key exists for an e-mail address. If it doesn't find one, it won't import it. I see now that's not exactly what you are trying to do.

    Agreed an "invite" button would be an interesting feature to add, but as the saying goes, "Security is inversely proportionate to convenience."

    -Scott

  7. Steve closed this discussion on 12 Jan, 2014 10:18 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac