Enigmail / Bugs / #887 pEp generates new key instead using existing key

#887 pEp generates new key instead using existing key

Status: invalid

Owner: nobody

Labels: None

Found in Version: 2.0.7

Severity: Minor

Thunderbird version: 52.9.1

GnuPG version: 2.1.18

Operating System: Linux

Fixed in version: ---

Cc: nobody

Updated: 2018-12-26

Created: 2018-07-23

Creator: Furlong

Private: No

I have a working older OpenPGP installation with exisiting private/public keys. If I enforce the use of pEp, a new key is generated and used. The account settings, where you can choose which key to use are overridden. Tried this several times, deleting the generated key, rebooting and starting Thunderbird again. This is contrary to the statement in the pEp-FAQ:

How p≡p works (User view)
What happens if I am already using a security solution?
p≡p will automatically integrate with any existing security solution you have. For example if you already have OpenPGP keys, then p≡p will just use them for any further communication.

The logfile is attached, I edited keys/email for privacy reasons:
OLDCORRECTSUBKEY = the old key pEp/enigmail should use
XXXNEWKEYYYYYYYY = the key pEp/enigmail generated on startup

1 Attachments

log_enigmail_edited.txt

Discussion

Furlong - 2018-07-25

status: open --> invalid
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Furlong - 2018-07-25

I took a closer look in this case.
Only a few private keys were not accepted.

In one case I was able to supress the generation of a new key by deleting the passphrase from the key (this was only possible in a windows install, not linux - probably some gnupg.conf or pinentry issues).

In another case I had two thunderbird accounts with different email adresses using the same key (with the two email adresses as UIDs). Enigmail/pEp kept generating a second key, probably because a narrow understanding of user identities.

Anyway, as far as I understand it is a bug in the pep-engine. So I close the case. Unfortunately no bug reports possible for pep :-(

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Christopher Snowhill - 2018-08-08

I found an alternative step for you, that works on Linux: Revoke the subkeys for the newly generated keys. It won't try to generate new subkeys automatically.

I found that this key issue also blocked me from reading encrypted mail sent to the imported multi-account key.

E: Never mind, it generates new keys anyway.

Last edit: Christopher Snowhill 2018-08-18

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Thomas Moschny - 2018-12-26

Installed Enigmail in Fedora 29 (thunderbird-enigmail-2.0.8-2.fc29.noarch), default settings, saw the same problem: For any identity in use, Enigmail ignored the existing keypair and created a fresh one. Two questions:

How to get rid of those keys - can I simply delete them? I didn't send any encrypted mail, but do I understand it right that messages stored locally could also be encrypted using these keys?

How to avoid Enigmail, (or p≡p fwiw) to again create duplicate keys?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2018-12-26

The only workaround for now is to switch from the "pEp" mode to the "classical" mode in Enigmail. Go to menu Enigmail/pEp > Preferences > Compatibility and select Force using S/MIME and Enigmail.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.