Thanks for this suggestion Patrick. This also worked for me on MacOS 10.14.2 and Postbox 7.0.60. I might suggest putting this more prominently in the wizard for Enigmail installation or in the instructions for dealing with Postbox. I hope GnuPG fixes this soon.
Yes. Sorry for any confusion. I understand how decrypting works locally. Both Postbox and Thunderbird are using their respective key rings and necessary keys are in both. The local testing was just ... testing. The reported problem happens with other users where I have sent them an email using their public key. From what I've been able to tell, this looks like a Thunderbird problem since ProtonMail and other users have no problems decrypting emails. Thanks, Sent from ProtonMail, Swiss-based encrypted...
Yes, I understand how the keys work. :) The local testing was just for testing. All keys were in their expected keyrings. The main issue is with other (human) clients using Thunderbird. Note that if I send an email to a ProtonMail user or another (email) client using Enigmail (in Postbox, in my case), the decrypt works OK. No problems. If I use GPGTools to encrypt a message and just send that to Thunderbird w/o encrypting it (it's already encrypted), Thunderbird can decrypt that too. Again, no problem....
Yes, I understand how the keys work. :) The local testing was just for testing. All keys were in their expected keyrings. The main issue is with other (human) clients using Thunderbird. Note that if I send an email to a ProtonMail user or another (email) client using Enigmail (in Postbox, in my case), the decrypt works OK. No problems. If I use GPGTools to encrypt a message and just send that to Thunderbird w/o encrypting it (it's already encrypted), Thunderbird can decrypt that too. Again, no problem....
Yes, I understand how the keys work. :) The local testing was just for testing. All keys were in their expected keyrings. The main issue is with other (human) clients using Thunderbird. Note that if I send an email to a ProtonMail user or another (email) client using Enigmail (in Postbox, in my case), the decrypt works OK. No problems. If I use GPGTools to encrypt a message and just send that to Thunderbird w/o encrypting it (it's already encrypted), Thunderbird can decrypt that too. Again, no problem....
Yes, I understand how the keys work. :) The local testing was just for testing. All keys were in their expected keyrings. The main issue is with other (human) clients using Thunderbird. Note that if I send an email to a ProtonMail user or another (email) client using Enigmail (in Postbox, in my case), the decrypt works OK. No problems. If I use GPGTools to encrypt a message and just send that to Thunderbird w/o encrypting it (it's already encrypted), Thunderbird can handle that too. Again, no problem....
If you want to decrypt a message sent to yourself you need the same private key in both email clients. Did you import they OpenPGP key you're using in Postbox to Thunderbird?
Follow up -- when I encrypt a test message Not Using Enigmail and send that encrypted text to Thunderbird for the appropriate email account, Thunderbird has no problems decrypting the message. But, WITH Engimail, Thunderbird cannot decrypt and throws the message above. Hope this extra info helps.
Using the latest Enigmail version as of Thursday, January 11, 2024, when I encrypt + sign a message in Postbox and then send it, Thunderbird fails to open it with the error below. Messages decrypt fine in Postbox itself. I've tried using the GPGSuite that was recommended and the new beta 2 version, but neither will work when trying to decrypt a received email in Thunderbird that was encrypted in Postbox using Enigmail. (Note: If I encrypt + send an email in Thunderbird, that works fine in both Postbox...
Please don't forget SeaMonkey! We still need Enigmail. I kick myself now for not using it sooner and I'd hate to lose it's functionality now.
Sender's Autocrypt key is not imported
I released Enigmail 3.1.8, which fixes the issue. Autocrypt keys are now automatically imported again when needed. Using Enigmail -> Sender's Key -> Import Public Key will not work - such functionality is not intended.
I debugged this and found that Autocrypt doesn't work indeed on SeaMonkey. I'll fix this.
Sender's Autocrypt key is not imported
It doesn't work as you describe. When I reply to the e-mail I get the error message "Enigmail Key Selection: Recipients not valid, not trusted or not found. No valid key." The key is not imported.
Sender's Autocrypt key is not imported
That's not how Autocrypt works. When you read a mail with an Autocrypt header, Autocrypt keys are automatically imported to a separate database, and assigned to the sender's email address. The key is only imported to GnuPG once you try to send an encrypted mail to the recipient.
Sender's Autocrypt key is not imported
Apologies, Patrick, for not replying - I didn't see the post in January.
gpgme-json looked for even when settings do not require it
Encryption/signing broken, when using GnuPG engine
3.1.7 fixed it for me
Please upgrade to Enigmail 3.1.7. As I said, I fixed quite a few things that are broken in 3.1.5
Enigmail version 3.1.5 OS/CPU=Linux x86_64 Platform=X11 Non-default preference values: keyCheckResult: {"expiredList":[],"lastCheck":1700548217638} configuredVersion: 3.1.5 juniorMode: 0 cryptoAPI: 1 advancedUser: true displaySignWarn: false lastUpdateCheck: 1700548271 agentPath: /usr/bin/gpg2 protectedHeaders: 0 dom.workers.maxPerDomain: 512
The (calculated) trust in Enigmail should not be confused with GnuPG's owner trust. Just setting ultimate trust won't help usually. From the log provided it's difficult to tell what could be wrong because it doesn't contain much relevant information. I'd need to know the exact version of Enigmail you're using, because I recently made some relevant changes. I'd also need to know you settings. It would help a lot if you could add the 1st part of the log file containing version info and settings.
Enigmail processes Autocrypt headers and stores them in the same sqlite database. Can you have file on a tmpfs that are simply in RAM?
edited my previous post - a sample key and more information from the log
I just encountered the same problem. The debug log (and console) shows Enigmail looks up the email address from the keyring just fine BUT then says that no key with enough trust was found .. so the encryption/signing fails ... A work around for urgent individual addresses is to use the Enigmail preferences. Choose the Key Selection tab, then 'Edit Rules'. This is where you can Add a rule for the target email address to match a selected PGP public key.. It looks like this creates a config (json) entry...
I just encountered the same problem. The debug log (and console) shows Enigmail looks up the email address from the keyring just fine BUT then says that the ID has no public key .. so the encryption/signing fails ... A work around for urgent individual addresses is to use the Enigmail preferences. Choose the Key Selection tab, then 'Edit Rules'. This is where you can Add a rule for the target email address to match a selected PGP public key.. It looks like this creates a config (json) entry which...
I just encountered the same problem. The debug log (and console) shows Enigmail looks up the email address from the keyring just fine BUT then says that the ID has no public key .. so the encryption/signing fails ... A work around for urgent individual addresses is to use the Enigmail preferences. Choose the Key Selection tab, then 'Edit Rules'. This is where you can Add a rule for the target email address to match a selected PGP public key.. It looks like this creates a config (json) entry which...
I come back ;-) Same result with GNUgpg. Seamonkey eats a lot of CPU and load average of my workstation is height (between 7 and 8). nfs requests show that enigmail opens and closes enigmail.sqlite-journal: length 188: NFS request xid 3247383850 184 create fh 168 0/645379787 "enigmail.sqlite-journal" length 156: NFS request xid 3398378794 152 remove fh 168 0/645379787 "enigmail.sqlite-journal" length 188: NFS request xid 3616482602 184 create fh 168 0/645379787 "enigmail.sqlite-journal" length 156:...
I come back ;-) Same result with GNUgpg. Seamonkey eats a lot of CPU and load average of my workstation is height (between 7 and 8). nfs requests show that enigmail opens and closes enigmail.sqlite-journal: length 188: NFS request xid 3247383850 184 create fh 168 0/645379787 "enigmail.sqlite-journal" length 156: NFS request xid 3398378794 152 remove fh 168 0/645379787 "enigmail.sqlite-journal" length 188: NFS request xid 3616482602 184 create fh 168 0/645379787 "enigmail.sqlite-journal" length 156:...
I have verified that my keys were imported in gpg configuration: hilbert:[~] > gpg --list-secret-keys /home/bertrand/.gnupg/pubring.kbx ... sec rsa4096 2023-10-03 [SC] 1BCD8FB69B281E1D0F6E5C1BD69838D31BF166C2 uid [ ultime ] BERTRAND Joël (OpenPGP systella.fr) <joel.bertrand@systella.fr> ssb rsa4096 2023-10-03 [E] ... But enigmail complains as its configuration is not done. I have restarted Seamonkey with default locale and I have seen that gpgme-json was missing on my system. Thus, I have built gpgme-json...
I would recommend that you do the key importing on the command line, and then restart Enigmail: gpg --import /path/to/your/keyfile
Yes, this workstation is pure diskless. I have tried to replace OpenPGP.js by GnuPG. First stage of reconfiguration runs fine as Enigmail finds GnuPG, but key restoration stalls. I have created a file 'Enigmail-exportation.zip' from my old configuration I try to restore. Enigmail console shows: Initializing Enigmail service ... Initializing Enigmail service ... Initializing Enigmail service ... enigmail> --no-verbose --status-fd 2 --no-auto-check-trustdb --import enigmail> --no-verbose --status-fd...
It seems that ~/.enigmail is on an NFS share? You have 2 options: 1. move ~/.enigmail to some local directory, and create a symlink from ~/.enigmail to the local directory 2. use GnuPG as crypto-engine instead of OpenPGP.js (menu Enigmail > Preferences > Crypto-Engine)
Hello, I use Enigmail on Seamonkey on a diskless workstation (/home and, of course, .mozilla/seamonkey/profiles are on NFSv3/TCP disks). Regulary, seamonkey takes a lot of CPU. For example: top - 14:54:19 up 16 days, 1:31, 33 users, load average: 49,90, 49,76, 49,54 Tâches: 458 total, 4 en cours, 454 en veille, 0 arrêté, 0 zombie %Cpu0 : 9,1 ut, 38,4 sy, 0,0 ni, 4,0 id, 48,5 wa, 0,0 hi, 0,0 si, 0,0 st %Cpu1 : 10,8 ut, 36,3 sy, 0,0 ni, 1,0 id, 52,0 wa, 0,0 hi, 0,0 si, 0,0 st %Cpu2 : 17,8 ut, 38,6...
Hi Patrick, I tried the new release but the effect has changed. It gives me a warning that: Recipients invalid, untrusted, or not found. If I try to send the email anyway it is sent correctly but the recipient cannot read it. I am attaching the debug file
I just created a new release that should fix the issue. You can update to the new version via the update check in the Labs Screen (Menu Tools > Labs).
Hi Patrick, I am not very happy that I found a bug. Thank you for your support.
Thanks, I found a bug in Enigmail. I'll fix it and create a new release, probably on Thursday
Hi Patrick, this is the public key. Consider that the same problem occurs with all public keys included in the keyring. (replace beta@com.com with the correct user email)
Hi Patrick, this is the public key. Consider that the same problem occurs with all public keys included in the keyring. (replace beta@com.com with the correct user email)
can you attach the key for beta@com.com? It seems that the key is not valid or no longer valid.
Hi, I am using Mac Os Sonoma and the latest version of PostBox as my mail client. I installed Enigmail following the procedure described in the manual. I can see the public keys associated with the mail addresses beta@com.com but if I try to send an encrypted mail to the addres beta@com.com I get the message: Error in Enigmail: encryption/signature failed. Do you want to send the unencrypted message? Below I submit the debug of the send attempt, apparently the associated mail (from what I understand)...
Hi, I am using Mac Os Sonoma and the latest version of PostBox as my mail client. I installed Enigmail following the procedure described in the manual. I can see the public keys associated with the mail addresses beta@com.com but if I try to send an encrypted mail to the addres beta@com.com I get the message: Error in Enigmail: encryption/signature failed. Do you want to send the unencrypted message? Below I submit the debug of the send attempt, apparently the associated mail (from what I understand)...
Thanks Patrick! I appreciate all your help and kind replies. :)
You don't need to uninstall GPG Suite
Wanted to THANK YOU for the GNUPG OSX idea. That worked!!! I didn't uninstall the existing GnuPG during the install (from the prompt) since I didn't want to risk the GPGKeychain data being lost. Probably would have been OK. I can always run the install again if you think there could be problems having both installed. Anyway....Thanks man!! :)
Thanks Patrick! It's odd that Postbox company wasn't aware of this, right? So, my only recourse is to install the gpgOSX as you posted above or will these companies have a fix at some point soon (or at least say the same thing is needed)?
The relevant piece that changed was Enigmail. The latest (major) update from earlier this week requires that file now.
Engimail has been working with Posbox perfectly for many years; I've never needed the json file. The only thing that's changed is installing Sonoma. Thanks.
Engimail has been working with Posbox perfectly for many years; I've never needed the json file. The only thing that's changed is installing Sonoma. Thanks.
I don't know what you're using on macos, but if you're using the GPG Suite then that would explain why Enigmail doesn't work. Unfortunately GPG Suite doesn't provide a component that Enigmail requires (gpgme-json). I'd recommend you install gpgOSX, which is compatible with Enigmail.
I just spoke to the GPG Suite developers. Unfortunately they don't provide a component that Enigmail requires (gpgme-json). I'd recommend you install gpgOSX, which is compatible with Enigmail.
Yes, you're right. Sorry. The binary distribution I downloaded and installed, the latest, is: "GPG_Suite-2023.3.dmg". Thanks again.
Yes, you're right. Sorry. The binary distribution I downloaded and installed, the latest, is: "GPG_Suite-2023.3.dmg". Thanks again.
OK, but GnuPG downloaded from gnupg.org is source code only - you can't run that. I'm interested in the distribution (e.g. gpgOSX, GPG Suite or GPG Tools, brew, etc).
It was the latest version, I believe that's 2.4.3. https://gnupg.org/download/index.html Thanks
It was the latest version, I believe that's 2.4.3. Thanks
Which distribution of GnuPG did you install?
Ever since I installed Sonoma (Mac OSX 14), my Enigmail plug-in stopped working in Posbox. I've tried to re-install enigmail several times in Posbox, but I cannot resolve the problem. When I try to re-configure an email account in Postbox to use Encryption (after installing the latest GnuPG), I get: "Support for OpenPGP encryption and signing messages is provided by Enigmail. You need to have GnuPG (gpg) installed in order to use this feature." But, when I remove the enigmail plug-in and start over,...
Ever since I installed Sonoma (Mac OSX 14), my Enigmail plug-in stopped working in Posbox. I've tried to re-install enigmail several times in Posbox, but I cannot resolve the problem. When I try to re-configure an email account in Postbox to use Encryption (after installing the latest GnuPG), I get: "Support for OpenPGP encryption and signing messages is provided by Enigmail. You need to have GnuPG (gpg) installed in order to use this feature." But, when I remove the enigmail plug-in and start over,...
Ever since I installed Sonoma (Mac OSX 14), my Enigmail plug-in stopped working in Posbox. I've tried to re-install enigmail several times in Posbox, but I cannot resolve the problem. When I try to re-configure an email account in Postbox to use Encryption (after installing the latest GnuPG), I get: "Support for OpenPGP encryption and signing messages is provided by Enigmail. You need to have GnuPG (gpg) installed in order to use this feature." But, when I remove the enigmail plug-in and start over,...
You can send me an (encrypted) mail to patrick AT enigmail DOT net. My key is on keys.openpgp.org.
Well, of course i would share parts of the log. however, it contains a lot of sensitive data that i don't want to share in public/on sourceforge. If you're willing to debug this issue together with me, i'd appreciate if we could find a private channel and discuss debugging there, and get back to this tracker with results. lmk if this works for you and drop me a DM with preferred channels (e.g. matrix, signal, ...). thanks!
Can you attach a debug log file? (https://www.enigmail.net/index.php/en/faq-en/usage)
As i mentioned above, the components are installed with their latest version, including gpg4win and gnupg. gpgme-json.exe is available, and also included in PATH.
Encryption/signing broken, when using GnuPG engine
In order to use GnuPG with Enigmail 3.1.x, you need to have gpgme-json, a component that is part of GnuPG, but not always distributed. On windows, gpgme-json is installed by default with the latest version of gpg4win (4.2.0), make sure you install that version. On macos it depends which distribution of GnuPG you're using - I can't tell without further info.
Encryption/signing broken, when using GnuPG engine
Do you have any other addons installed that might have modified Ci? Not that I'm aware of, but I'm not running the default theme so maybe the default theme globally defines Ci and this one (ClassicTB2 for Epyrus) does not? Attached my list of extensions in case it gives any insight.
Error thrown in console on reply with enigmail in epyrus
Nevertheless, I replaced it with Components.interfaces.
That's weird - I can't confirm this. Ci is globally available.Do you have any other addons installed that might have modified Ci?
Error thrown in console on reply with enigmail in epyrus
SeaMonkey: Horizontal bar in message pane widens when moving upwards
fixed for next version
SeaMonkey: Horizontal bar in message pane widens when moving upwards
I'm currently demoing Postbox with Enigmail installed. I'm finding that, while sitting idle, Enigmail frequently pops up an error alert which says: Enigmail Alert Error - decryption/verifiation failed Error - no passphrase supplied This happens while Postbox is sitting idle... no popup requesting a passphrase has appeared. Googling this error hasn't provided any decent leads. Any idea what's triggering this, and how to fix it? Postbox 7.0.59 on MacOS 13.1, Enigmail 3.0.3
I'm currently demoing Postbox with Enigmail installed. I'm finding that, while sitting idle, Enigmail frequently pops up an error alert which says: Enigmail Alert Error - decryption/verifiation failed Error - no passphrase supplied This happens while Postbox is sitting idle... no popup requesting a passphrase has appeared. Googling this error hasn't provided any decent leads. Any idea what's triggering this, and how to fix it?
I'm currently demoing Postbox with Enigmail installed. I'm finding that, while sitting idle, Enigmail frequently pops up an error alert which says: Enigmail Alert Error - decryption/verifiation failed Error - no passphrase supplied This happens while Postbox is sitting idle... no popup requesting a passphrase has appeared. Any idea what's triggering this, and how to fix it?
Awesome, thanks!
Encoding issue - filter action: Encrypt to key
Fixed on master
Encoding issue - filter action: Encrypt to key
Encoding issue - filter action: Encrypt to key (Interlink case)
Which distribution are you using? Apparently some distibutions don't ship gpgme-json :-( I created a statically linked x86-64 version of gpgme-json that is available from: https://enigmail.net/download/gpgme-json
Neither are available in my distro, nor my users'. I have reverted to the previous enigmail version.
gpgme-json looked for even when settings do not require it
Actually, that's exactly what changed in this version. gpgme-json is now required if you want to use gpg. gpgme-json is a JSON wrapper around gpg, which handles a lot of the problematic aspects that you're faced with if you directly integrate gpg (which already caused several security issues in Enigmail). Therefore, if you want to use gpg, then you need to install gpgme-json. Depending on your distribution , it's either a package on its own, or it comes bundled with gpgme or libgpgme.
gpgme-json looked for even when settings do not require it
Adding it to my system path (actually just replacing the duplicate entry for GnuPG... not sure why gpg4win added it twice) fixes the issue. Everything works now (and blissfully more speedy)
Adding it to my system path (actually just replacing the duplicate entry for GnuPG... not sure why gpg4win added it twice) fixes the issue. Everything works now (and blisfully more speedy)
OK I'll try that. my PATH is already big but eh... why not one more ;-)
...\gpg4win\..\gnupg\bin is part of the PATH variable, that's why it's done this way. There is no function in Enigmail to look specifically in that directory. However, and that is one source of the problem is that ...\gpg4win\bin is not in the PATH variable. Thus I need to apply other methods. The strange question for me is why it's not found via the Windows Registry. What you could do is to add ...\Gpg4Win\bin to the PATH environment variable.
It won't help since I didn't install gpg4win in c:\program files. And it doesn't seem to find it because it explicitly goes up one dir, then goes into gnupg/bin from there, so it never searches the directory it is supposed to search. ..\GnuPG\bin as seen in the log : 2022-12-03 20:56:03.998 [DEBUG] files.jsm: resolvePath: checking for d:\apps\utils\Gpg4win\..\GnuPG\bin/gpgme-json.exe I think that's the problem why it can't find it.
It's strange that gpgme-json.exe isn't found this way. I added now the default locations of gpg4win to search for. C:\Program Files\Gpg4win\bin C:\Program Files (x86)\Gpg4win\bin Can you try the following artifact that contains this change: https://gitlab.com/enigmail/enigmail/-/jobs/3419746174/artifacts/download?file_type=archive