INV_RECP error message confuses new users
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
Menu
▾
▴
#306 INV_RECP error message confuses new users
fixed
None
1.7.0
Minor
31.0
1-7
All
1.8.2
nobody
2016-02-10
2014-08-14
No
Steps to reproduce:
1. Set Enigmail to use only trusted keys for sending (Settings > Sending)
2. Try to encrypt a mail using an untrusted key
3. An errormessage pops up which says: "INV_RECP 10 <key-id>"
I learned that the code 10 means that the key is not trusted, but this error message leaves users in the dark what to do with it, so they will probably send the mail unencrypted.
It would be really helpful to replace that error message by something more useful.
Diff:
Even worse, we got a sequence of messages in the resulting dialog output
(here with German labels):
Das Senden wurde abgebrochen.
We have (at least) two options:
1. process INV_RECP 10 ... if it occurs
2. avoid trying to send a message with untrusted keys if we have the option "select valid keys only" selected
(May be both is appropriate ;-) )
Indeed this is nasty. Thanks.
Added processing of the most common error codes:
1 := "Not Found"
4 := "Key revoked"
5 := "Key expired"
10 := "Key not trusted"
pushed to master (1.8.0)
Why was this marked fixed? I am still getting this error in its same ugly, uninformative incarnation on Enigmail 1.8.
I also get this error when I have open drafts, which also get encrypted with my settings. But I haven't enabled the option to only use trusted keys.
Using GPG2 (2.0.22-3ubuntu1.1) and Enigmail 1.8 with Thunderbird 31.5.0
Last edit: Sebastian 2015-03-24
This seems to happen in 1.8.1 if your own key is not trusted.
I went into the key management and trusted my own key "ultimately", and I have not gotten this popup since.
Last edit: hpxca 2015-04-01
This happens to me all the time. The offending key was not set to "trusted", if it weren't for this bug-report, i would probably have uninstalled enigmail. (I'm currently on 1.8.1)
amenthes, is the "offending" key your own one? If not, please send a debug log.
just for the sake of completeness: yes, it was my own key. I did not set its trust level after restoring on a new machine.
I have uploaded a new beta version that should fix this bug in terms of providing a meaningful error message (as far as possible).
https://www.enigmail.net/download/beta/enigmail-1.8.2-pre3.xpi
Hi folks,
I apologize to reopen this thread, but I can't get my Enigmail to keep working correctly. In the beginning, it worked fine for a time, but now I am unable to encrypt mails either to adele@gnupp.de or to a real person.
I use Enigmail Version 1.8.2 (20150416-1748), Thunderbird 38.5.1 under Windows10. (It didn't work under Ubuntu 15.10 either though.)
When I want to send an encrypted message to adele or to my colleague, the enigmail-window "Enigmail-Schlüssel auswählen" (pick a key) pops open and tells me "Empfänger nicht gültig, nicht vertrauenswürdig oder nicht gefunden" (recipient not valid, not trusted or not found), even though it has marked the checkbox at the right public key. See attachment.
If I continue to send the mail encrypted, I am asked to enter my passphrase and then, the failure-notice described at the beginning of this thread appears.
Das Senden wurde abgebrochen. USERID_HINT {my fingerprint} {my name with ü instead of ü} {my mailaddress} NEED_PASSPHRASE {my fingerprint} {my fingerprint} 17 0 GOOD_PASSPHRASE INV_RECP 1 {my name with ue instead of ü} FAILURE sign-encrypt 9To be honest, I still don't think this message is meaningful. It is not at all self explanatory to non-IT-professionals. It needs my passphrase, my passphrase is good, but I am an invalid recipient? And where do I find the eplanation of the failure-numbers?
It didn't make a difference whether or not I set the user-trust for the recipient (adele/colleague) not at all or "a little bit". The trust in my own key is set to "absolute".
Should it really be the ü in my name that causes the error message? Or did I miss something important?
I would be very glad if you could help me.
It looks like the problem is with your own key, not with the keys of the other users.
Is your key expired? Has it "ultimate" ownertrust set?
Thank you for your replies.
My key is not expired (valid through 31.12.2017) and has ultimate ownertrust.
What kind of a problem do you think of, Patrick? How can I test it?
According to the documentation, INV_RECP 1 means "key not found". I
would think that your email address does not match 1:1 the email address
used in your key. I would strongly recommend that you select a specific
key in the account settings.
Menu Tools (on Linux: Edit) > Account Settings > OpenPGP Security
Click the option "Use specific OpenPGP key ID" and then click on the
"Select key" button.
Sorry, that's not the reason either. The setting that you recommend has been set correctly since I created the key.
Any other idea? Could the Umlaut in the name (not in the e-mail address) really be the problem?
Hard to tell given the information you provided. If you attach a complete debug log file (without too much obfuscation), I can tell you more. You can also send me the file via private message.
Sorry for having you wait for my answer, I've been traveling with my family.
Since I ruled out every other possibility that has been described here, I came back to the idea with ü/ue. The key I used had the identity "Tilmann Rückauer", which was written with ü instead of ü in the error message. Apparently, there is a problem with the encoding of special characters, even though I used utf-8.
So I created a new keypair with the identity "Tilmann Rueckauer" and tested it, writing to adele@gnupp.de and edward-de@fsf.org. Signed and/or encrypted messages worked perfectly with this new key.
It seems to me that special characters in the identity should be avoided and that this was the reason for the error message that i faced.
This might be an important hint in any tutorial for new users.
Thank you for your assistance!
Last edit: Tilmann Rückauer 2016-02-10