can't save encrypted draft but can send encrypted to self
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
When thunderbird tries to auto save ( or I manually save ) a draft, enigmail complains that it can not find a non expired key for me to encrypt the message, yet I can send myself an encrypted mail and it has no trouble finding the key then.
Now this is weird. I poked around in gpg and noticed that my secondary identity had full trust but my primary had unknown ( why can two identities on the same key have different trust? ). I changed them both to ultimate and the problem saving drafts went away. Why does trust matter, and only for saving drafts, but not for sending encrypted mail?
What are your Enigmail preferences, especially in sending: "To send encrypted accept" (Only trusted keys | All usable keys)?
I fixed this on master by unconditionally setting "trust-model always" for drafts. I'm not sure that this option was correctly handled before.
On Sun 2015-05-24 12:16:16 -0400, Patrick Brunschwig wrote:
Out of curiosity, how is the targeted key selected for the draft? is it
by e-mail address or by full key fingerprint? or is it selected based
on the fact that the secret key is available?
If it is by e-mail address, consider the following case:
0) Alice sets up GnuPG and imports Bob's key (he's bob@example.org).
she's uses that to verify a message Bob posted elsewhere, and then
forgets all about GnuPG.
1) time passes:
2) Alice decides she needs a new GnuPG key, so she makes one with her
own e-mail address (she's alice@example.net) and she sets up
enigmail.
3) Bob updates his own key to add a (bogus) alice@example.net user ID.
4) Alice refreshes her keyring from the keyservers, pulling in Bob's
key's new alice@example.net user ID. Since it's earlier in the
keyring, gpg will select it first.
5) Alice starts writing a draft in enigmail (she hasn't even decided who
to send it to yet, so no address is in the To: line). the draft gets
saved in encrypted form.
If the choice of targeted key for the draft is by e-mail address, then
trust-model=always means that Bob can read the draft if he has access to
Alice's IMAP server.
This is not a great outcome.
It depends on how the user specified the key in the account settings. If
a specific key is specified, then that's used; otherwise it's the
sender's email address.
The key ID is automatically set if you use the setup wizard or if you
create a key in Enigmail.
On Thu 2015-05-28 03:40:48 -0400, Patrick Brunschwig wrote:
if it's just the key ID, that sounds like another risky behavior. I've
opened #501 to track this other problem.
--dkg
Alice wouldn't have Bob's private key so it isn't an issue.
It was set to all usable keys.
It may be an issue if Bob manages to create and send Alice a key or subkey containing the same ID. That's not so difficult with the short key ID anymore.