Can't send encrypted email in Thunderbird

[Brian Rohan]

I installed Thunderbird and Enigmail about 2 months ago. I tested the install and encrytpion with adele-en@gnupp.de and all worked well. Since then I have merely been signing my emails as I do not yet have others who use GPG. All has been well, when I send a message it asks for my passphrase. Today I tried to send an encrypted email to adele-en just to make sure it works well, and alas it does not. When I hit the send key on a plain text email A dialog box is shown with the key already checked, I select okay and then I receive this error message:

USERID_HINT BE7228BBF0559C39 Brian J. Rohan (Pacific Northest USA) BrianJRohan@gmail.com
NEED_PASSPHRASE BE7228BBF0559C39 9B10F996AB5AA155 1 0
GOOD_PASSPHRASE
INV_RECP 0 74B9151E2DFEBDD6

I am not prompted for my passphrase as I would be if I were merely signing the email. Any suggestions would be appreciated. I am running Ubuntu 13.04, Thunderbird 17.0.6, enigmail 1.4.6, and gnupg2

[Patrick Brunschwig]

You're not prompted for your passphrase because GnuPG already got it (I
assume gpg-agent already has it in memory).

You're trying to encrypt your message to the key 74B9151E2DFEBDD6 (which
is equal to 0x2DFEBDD6). However, GnuPG cannot use that key. It might
not be in your keyring, or it is expired, disabled, invalid or similar.

I cannot tell you much more as I cannot find that key on the key servers.

[Ludwig Hügelschäfer]

0x2DFEBDD6 is your own revoked key. http://keyserver.serviz.fr:11371/pks/lookup?search=0x2DFEBDD6 As it is revoked, gnupg will not encrypt to this key, complaining with "INV_RECP".

Somehow you did specify this key as a recipient. Please check your settings!

[Brian Rohan]

Thanks Ludwig, I now see how the key lines up with the error message. I removed the revoked key from my ring in GPG, however I am not seeing where in Enigmail on in GPG that I can get it to stop referencing the bad key for signatures, and use the valid one. Any suggestions?

[Ludwig Hügelschäfer]

Hi Brian,

check the following locations:

1. Thunderbird account settings -> OpenPGP Security
2. Thunderbird account settings -> Manage identities (bottom right), select each identity, "Edit", then select "OpenPGP Security"
3. Scan the settings in gpg.conf (location depends on operation system). The use and existence of this file is optional, so maybe you don't have it.

HTH

Ludwig

[Brian Rohan]

Thank you very much Ludwig for the patience and reply. Per your previous response I checked all settings in Thunderbird/Enigmail/OpenPGP, and all was correct. Checking my gpg.conf at the bottomw showed that I had a default key that was the revoked key. That led me to going to my application kgpg checking on all of the settings and unchecking the "Always sign with this key" option.

Thanks again!