After the latest automatic update to enigmail version 3.1.5 it is not possible to use GnuPG engine anymore, sending encrypted email is broken. Only OpenPGP.js engine is functional.
Platforms:
- Windows
- macos
Observation when using GnuPG engine:
- sending encrypted email to own email-address works fine.
- sending encrypted email to other addresses (= you do not own the secret key) does not work.
- sending encrypted email to other addresses with ultimately trusted pubkeys does not work.
- decryption of incoming, encrypted mail is still working.
- deleting all caches and re-installation of all components did not fix the issue.
Workaround:
- Switch to OpenPGP.js and import secret key vom GNUPGHOME secretkey ring, import all public keys from GnuPG's pubkey ring. -> sending encrypted email works.
Remaining problem:
- unfortunately, OpenPGP.js does not support openpgp-keys, stored on smartcard or secure tokens (e. g. nitrokey). Thus, sending encrypted, unsigned email is possible; signing or decrypting email does not work.
Error Message: "Error in Enigmail: encryption/signing failed. Send the message unencrypted?"
Problem exist since Monday, 2023 October 9th, after enigmail automatically updated itself. Re-installation of MUA, GnuPG and Enigmail to most recent versions did not solve the problem.
Regards,
Thorsten
In order to use GnuPG with Enigmail 3.1.x, you need to have gpgme-json, a component that is part of GnuPG, but not always distributed.
On windows, gpgme-json is installed by default with the latest version of gpg4win (4.2.0), make sure you install that version.
On macos it depends which distribution of GnuPG you're using - I can't tell without further info.
As i mentioned above, the components are installed with their latest version, including gpg4win and gnupg. gpgme-json.exe is available, and also included in PATH.
Can you attach a debug log file? (https://www.enigmail.net/index.php/en/faq-en/usage)
Well, of course i would share parts of the log. however, it contains a lot of sensitive data that i don't want to share in public/on sourceforge. If you're willing to debug this issue together with me, i'd appreciate if we could find a private channel and discuss debugging there, and get back to this tracker with results. lmk if this works for you and drop me a DM with preferred channels (e.g. matrix, signal, ...). thanks!
You can send me an (encrypted) mail to patrick AT enigmail DOT net. My key is on keys.openpgp.org.
I don't know what you're using on macos, but if you're using the GPG Suite then that would explain why Enigmail doesn't work. Unfortunately GPG Suite doesn't provide a component that Enigmail requires (gpgme-json). I'd recommend you install gpgOSX, which is compatible with Enigmail.
I just encountered the same problem. The debug log (and console) shows Enigmail looks up the email address from the keyring just fine BUT then says that no key with enough trust was found .. so the encryption/signing fails ...
A work around for urgent individual addresses is to use the Enigmail preferences. Choose the Key Selection tab, then 'Edit Rules'.
This is where you can Add a rule for the target email address to match a selected PGP public key..
It looks like this creates a config (json) entry which gets used in preference to the norma; lookup from the keyring (which is broken).
EDIT
Note that this public key is marked 'ultimate' for trust
Example:
rono@x360:~$ gpg --list-keys irifive
pub rsa2048 2013-12-28 [SCA]
A97B249F6EDB627742B50B2202435527389B616F
uid [ultimate] Toby irifiveh@gmail.com
sub rsa2048 2013-12-28 [E]
LOG:
2023-11-21 14:35:56.852 [DEBUG] errorHandling.jsm: parseErrorOutputWith: statusFlags = 00000000
2023-11-21 14:35:56.852 [DEBUG] errorHandling.jsm: parseErrorOutputWith: return with c.errorMsg =
2023-11-21 14:35:56.852 [DEBUG] execution.jsm: EnigmailExecution.fixExitCode: agentType: exitCode: 0 statusFlags undefined
2023-11-21 14:35:56.852 [CONSOLE]
2023-11-21 14:35:56.852 [DEBUG] keyRing.jsm: getValidKeyForRecipient(): emailAddr="irifiveh@gmail.com"
2023-11-21 14:35:56.854 [DEBUG] keyRing.jsm: getValidKeyForRecipient(): no key with enough trust level for 'irifiveh@gmail.com' found
2023-11-21 14:35:56.854 [DEBUG] keyRing.jsm: doValidKeysForAllRecipients(): return null (no single valid key found for="irifiveh@gmail.com" with minTrustLevel="?")
2023-11-21 14:35:56.854 [DEBUG] enigmailMsgComposeHelper.js: doValidKeysForAllRecipients(): return null (key missing)
2023-11-21 14:35:56.854 [DEBUG] enigmailMsgComposeHelper.js: validKeysForAllRecipients(): return 'null'
2023-11-21 14:35:56.854 [DEBUG] <=== validKeysForAllRecipients()
2023-11-21 14:35:56.854 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.encryptTestMessage(): call encryptMessage() for fromAddr="0xF244BB1C319EA06E93928848095AD554F5FB1736" toAddrStr="irifiveh@gmail.com" bccAddrStr=""
2023-11-21 14:35:56.854 [DEBUG] gpgme.js: encryptMessage(0xF244BB1C319EA06E93928848095AD554F5FB1736, irifiveh@gmail.com, 354, 12)
2023-11-21 14:35:56.854 [DEBUG] gpgme.js: execJsonCmd({"op":"encrypt","keys":["0xF244BB1C319EA)
2023-11-21 14:35:56.854 execution.jsm: execAsync: command = '/usr/bin/gpgme-json'
2023-11-21 14:35:56.854 [CONSOLE] enigmail> /usr/bin/gpgme-json
2023-11-21 14:35:56.866 [DEBUG] enigmail> DONE
Last edit: Ron OHara 2023-11-21
edited my previous post - a sample key and more information from the log
The (calculated) trust in Enigmail should not be confused with GnuPG's owner trust. Just setting ultimate trust won't help usually.
From the log provided it's difficult to tell what could be wrong because it doesn't contain much relevant information. I'd need to know the exact version of Enigmail you're using, because I recently made some relevant changes. I'd also need to know you settings. It would help a lot if you could add the 1st part of the log file containing version info and settings.
Enigmail version 3.1.5
OS/CPU=Linux x86_64
Platform=X11
Non-default preference values:
keyCheckResult: {"expiredList":[],"lastCheck":1700548217638}
configuredVersion: 3.1.5
juniorMode: 0
cryptoAPI: 1
advancedUser: true
displaySignWarn: false
lastUpdateCheck: 1700548271
agentPath: /usr/bin/gpg2
protectedHeaders: 0
dom.workers.maxPerDomain: 512
Please upgrade to Enigmail 3.1.7. As I said, I fixed quite a few things that are broken in 3.1.5
3.1.7 fixed it for me