Activity for Rob
-
Rob posted a comment on discussion Enigmail Support
What if this is an e-mail I didn't sign? Your correspondents -- at least those using an Autocrypt-capable client -- will still benefit from seeing that you're using Autocrypt, and that they may use it to communicate back to you. Does Enigmail have to touch everything, regardless of being asked to stand down? 😕 I don't understand why you're so concerned that an Autocrypt-conformant email client is going to behave like, well... an Autocrypt-conformant email client. If you don't like Autocrypt, that's...
-
If you don't want to advertise that, don't use Enigmail. The moment anyone sees an Enigmail header in your email they're going to know you're Autocrypt-capable. Then they're going to start wondering why you've taken pains to hide the Autocrypt headers. :)
-
Autocrypt is a proposed standard for email cryptography. Software conforming to the Autocrypt standard agrees to package emails in a specific way, to handle key distribution a specific way, and so on, in order to make the experience as painless as possible for the end-user. Part of the Autocrypt standard involves putting in the header a line about Autocrypt. By putting it in the header, the people with whom you correspond never have to care about Autocrypt -- but if they're using an Autocrypt-enabled...
-
Now, when I open Thunderbird on ubuntu 20.04, I get this message from Enigmail: "Your secret key (...) has missing trust. We recommend you set "You rely on certifications" to "Ultimate" in key properties." This isn't an Enigmail problem. This is a GnuPG problem. How did you migrate your Ubuntu 18.04 GnuPG environment over to your Ubuntu 20.04 environment?
-
Is it true that Enigmail is vulnerable to the Efail attack??? At one point an older version of Enigmail was, in fact, vulnerable. Once the attack was discovered Patrick patched it very quickly. Recent versions of Enigmail are not susceptible to Efail. Does using PGP/MIME prevent this attack?? For older versions of Enigmail, PGP/MIME actually facilitates it. 3. Does the fact that Enigmail does not automatically decrypt attachments protect attachments against this attack??? Not particularly. It's possible...
-
How does the signature technical works? As the encryption with pgp(asyemtric encryption)? Full details can be found in RFC4880: https://tools.ietf.org/html/rfc4880 But if you want a short answer, then yes, it works the same as with PGP. How save is this signature? It's impossible to say without knowing what your threat model is. I can say that the sort of signatures Enigmail is commonly used to generate (2048-bit RSA) is believed safe until 2030, and that everything from Amazon to DNS roots uses...
-
I tried to send msgs to myself with the following results: /unencrypted and unsigned: ok / unencrypted and signed: ok * encrypted and signed: would not send I would start by checking to see if your encryption subkey has expired. You can discover this by "gpg --edit-key [your key ID]". Look for a section like this: sec rsa3072/1DCBDC01B44427C7 created: 2015-07-16 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa3072/DC0F82625FA6AADE created: 2015-07-16 expires: never usage: E ssb...
-
Rob Thanks ... so if I foillow your advice to just create new one for my email, and an old one is saved, what will keep people from trying to verify me, but finding an old copy saved on a public key server and failing since it doesn't match the new one? They'll send you a follow-up email with, "Did you change your certificate?" and you'll tell them, "yes, I forgot the passphrase for the old one. Here, have a copy of a revocation certificate for the old one. In the future, please use my new certificate,...
-
Is there anyway to ask the public "KeyVerse" if there is anything still saved out there for my email? Will making a new one erase any existing ones automatically? There is not, and it will not.
-
On 2020-01-02 11:39, ClaBrown wrote: the gist of it. I still have the revocation file. I wonder if I can try to enter passphrases to recover the one I originally used originally used? Verify it against something? Thanks from an encryption nubee. You can certainly try, but it may be easier and better to just write off the old certificate as a lost cause and start over with creating a new one. :)
-
"Error - message was not integrity protected" In the wake of the Efail attacks, Enigmail began treating lack of an MDC (what that error message is about) as a fatal error. Without an MDC it's possible for a skilled attacker to play serious games with your encrypted traffic.
-
Is there a way to output my public key in that format or convert the key once the ASC has been created? .p12/.pfx certificates are used with the S/MIME cryptography standard. Enigmail uses the OpenPGP cryptography standard.
-
Is it possible to use gpg -R (--hidden-recipient) option with enigmail? Generally speaking, any option you'd normally pass on the command line you can add to your gpg.conf file and it'll work fine with Enigmail. Try adding the line "hidden-recipient" (no dashes in front!) to gpg.conf and see how that works for you.
-
I am using enigmail 1.7.2 at some Thunderbird clients. Please upgrade immediately. 1.7.2 is very very old and Enigmail has had a number of security fixes since then.
-
Am I right? No. If a good signature from a validated key is present, you can be sure the message wasn't tampered with in transit. But if any of those fail to hold true, it doesn't mean the message is bad or unauthentic: it just means there's no assurance of integrity. There's no difference between an unsigned message and a message with a bad signature, or a good signature from an unvalidated key: all of them mean "there is no promise of message integrity". But the message could still be good! An...
-
So I will be as clear to you: your attitude is highly ignorant. And I will be as clear as possible to you: we will not hold today's users hostage to your specific needs. There is nothing preventing you from storing your emails and decrypting them from the command line. You can invoke GnuPG and pass "--no-mdc-warning" and everything will work fine. The only thing we are saying is that you can no longer use Enigmail to do this, because we choose to no longer support using old and broken crypto with...
-
unsecure ones - but in my own experience, this new and surprising behaviour of enigmail has totally killed off encrypted communication for me, all my family, and a bunch of users whom I just so had brought to start using encyrypted e-mails in the last few months - all operating Then we encourage you to use something else. The time for holding all users hostage to the backwards compatibility desires of a few is long, long past. That's like pushing back the progress of encrypted e-Mail use by some...
-
--> Do I really need to decrypt them and store them unencrypted? Should we then state as a consequence "enigmail w/ PGP is not for archiveing mails - its just for transfer, since tooling will change and you might not be able to access your PGP-encrpyted mails later". You could decrypt them and re-encrypt them under a new certificate; that's possible. (Recommended, in fact.) 1) Could enigmail just raise a warning popup if a non-MDC mail is about to be decrpyted? This would be a bad idea. It would...
-
Folks, I know this is probably going to have to wait 24 hours till the official release in order to see the details of the supposed break in PGP but EFF is telling those who use PGP and S/MIME to send secure emails are being advised to cease using and disable the tools with immediate effect following a major security scare. Can someone please explain what is actually broken, and if there is a current work around, or if we have to go all the way back to development to fix whatever the actual issue...
-
What's the status about the Efail gap? tl;dr -- don't panic, and especially don't overreact. There are two different attacks outlined in the Efail paper. One targets OpenPGP directly, and GnuPG has had mitigations against it for almost twenty years. (Literally. Almost twenty years. No, I am not kidding.) The other one targets buggy MIME parsing by email clients. Enigmail previously had some susceptibility to it, but as of Enigmail 2.0 we've closed up all the leaks on our side of things. There is...
-
Hello there, I would like to ask a differene between creating keys in Enigmail, KGpg/gpg via shell. There isn't one. When I --gen-key via shell, Enigmail will not see it in Key Management Enigmail parses your keyring when Thunderbird starts. If you generate a key after Thunderbird starts, Enigmail won't know about it until you restart Thunderbird. (You can also go into the key management screen and tell it to refresh its keyrings.) You may also be using two different GnuPGs. Enigmail uses GnuPG 2.0...
-
Hello. Well apparently I have forgotten my passphrase and unable to open encrypted E mail. I suppose I can chalk this up under the category of Old Fart Disease or something similar. Is there a way around this or to change it with out knowing the passphrase ? There isn't, I'm sorry to say.
-
you probably have configured Enigmail to use 0x9A3CF831 as your key for whatever reason. Please go to: Tools -> Account setting. Select "OpenPGP security" below your account. You should select "Use specific OpenPGP key ID:" Do you see 0x9A3CF831 or another key Id? Don't forget the possibility of having this set up in gpg.conf as well. Martin, if you don't see it in your Enigmail configuration, it's probably set up in GnuPG's configuration file. You can find it in $HOME/.gnupg/gpg.conf.
-
If my laptop get stolen (happened once before, btw) somebody would have access to...
-
Anyway to remove the second line? Thanks! Why would you want to? That header contains...
-
I'm entering a password from a password manager (Keepass) usingautotype http://blog.philippbeck.net/security/enigmail-pinentry-paste-problem-thunderbird-gpg-gnupg-163...
-
Thanks for your quick reply. Oh wonderful! So every time I receive a message I've...
-
I've just sent myself a test message and again, on receipt I can't paste the key...
-
Enigmail on Windows does not recognize Linux-style path separators for GNUPGHOME,...
-
Try importing it at the command line. $ gpg --import keyfile.asc What error is GnuPG...
-
Is it in the .thunderbird folder? Or somewhere else? There is this Thunderbird-passwordmanager,...
-
I think I've got a similar problem. Before reinstalling my operating system I exported...
-
This may happen if the following three conditions are met: (a) You have both GnuPG...
-
I'd just like to ask whether Enigmail is compatible with GPG 2.1; I'm using Ubuntu...
-
Very annoyingly, as I'm deep in concentration and composing a beautifully crafted...
-
I am getting this error on my Thunderbird 45.x With enigmail 1.9 and GnuPG 2.3.x...
-
Thank you, Rob. That seemed to do the trick. Now all I have to do is figure out how...
-
First, Is there some way to turn off HTML formatting and write in plain text? This...
-
Install the package "gnupg2". Enigmail requires GnuPG 2.0 or later. GnuPG 1.4 is...
-
My question is - the Modern version of GPG, available on http://sourceforge.net/projects/gpgosx/...
-
Yet my version is 3.10.2 Seahorse on Ubuntu Trusty Thar Seahorse is not the same...
-
Could someone please explain, why is there another layer of containers used for signing...
-
Due to the problem that Spammers are using the email addresses from keyserver for...
-
My email is the sam email. Can someone explain to me what the user is doing different...
-
In theory ... Engimail could bypass the restriction ... but I was entirely undecided...
-
I found I was presented with a Pinentry form that does not allow pass phrase pasting....
-
I've tried re-installing thunderbird with no luck. Ideas? First, this is not a Thunderbird...
-
Will enigmail let me see my cipher text for an encoded email? How? Sure. Just go...
-
Symmetric selection is done by GnuPG, not Enigmail, and follows a really convoluted...
-
Enigmail tends to get used in one of two ways: POP mail or IMAP mail. In POP mail...
-
Unfortunately, this is a problem with the Gnome desktop environment, not a problem...
-
Keep in mind that gpg-agent is part of GnuPG, not part of Enigmail. While we're happy...
-
The first question is, have you uploaded this key to a keyserver? If you have then...
-
Enigmail 1.8 was shipped with a bug connected to this. A fix has been made and will...
1