Not able to auto-sign messages anymore
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
Menu
▾
▴
Hello,
With Thunderbird and Enigmail I am used having encrypted emails to be also automatically signed.
With this I mean that every time, in an outgoing message, I click on the inactive encryption button (thus switching it to become active), at the same time the signing button is also passing from inactive to active without any intervention of mine.
I am happy with this situation since it is was exactly what I want due to (not only) the following two settings under the "OpenPGP Security" Thunderbird account settings:
- "Sign messages by default" which is unchecked
- "After applications of defaults and rules: sign encrypted messages" which is checked
I had to pass from Win7 SP2 to Win10 1903 and I imported my Win7 data-and-settings of both Thunderbird (then updated to 68.9.0) and Enigmail (then updated to 2.1.6). GnuPG was accordingly updated to 2.2.20.
The two Thunderbird settings above mentioned are still there but I am now experiencing the following behaviour which I am not used to and for which I need help.
Then I have:
a) If (as mail recipient) I type one of the addresses for which I already have their public key in "Enigmail Key Management", the signing button goes back to inactive thus forcing me to manually click on it since I want it to stay active
b) If (as mail recipient) I type one of the addresses for which I don't have their public key, the signing button stays active
With my previous OS/Thunderbird/Enigmail installation the sign button of point a) was remaining active.
Question
Maybe I've done something wrong while importing/setting the keys in the new OS/Thunderbird/Enigmail installation. What can I do to have the sign button to remain active when I type an email address for which I already have the public key in "Enigmail Key Management", like it was happening with my previous OS/Thunderbird/Enigmail installation?
Thank you
Kind Regards
From the behavior you explain, I get the impression that you activated the option "sign non-encrypted messages" instead of "sign encrypted messages"
Hi Patrick, thanks for your feedback.
No, "sign encrypted messages" is checked while "sign non-encrypted messages" is unchecked.
I can post snapshots if need be. Thanks again.
The attached "Account_settings.jpg" contains the "OpenPGP Security" Thunderbird account settings.
The attached "Details.jpg" contains a graphical representation of my initial post.
My Thunderbird and Enigmail are both in Italian I hope this will not be a problem.
Thx again!
I see two several alternative reasons:
1. You have a per-recipient rule that disables siging
2. The message is created using a different identity than the one you configured. Note that the configuration is not on the level of accounts but for each different identity.
Briefly, what I did is export my Thunderbird profile folder from Win7, import that profile folder from Thunderbird on Win10 and then I had to do something with the keys in Enigmail for which I don't remember the exact details anymore.
Please note: I am not that expert.
Last edit: Nedo 2020-06-13
I am stuck. Some help would be really useful.
- Should I delete keys and add them freshly?
- Should I try something else?
...
Thanks
Last edit: Nedo 2020-06-18
Hi Nedo, yes "Enigmail Preferences, Key Selection, Edit Rules" is the correct place. However, I once had a case where the user interfaces showed an empty list while it was not. Please rename pgprules.xml to pgprules.xml.inactive . That file resides in the Thunderbird profile directory which you should find by these steps:
Thank you Olav!!
- With Thunderbird closed, I renamed pgprules.xml to pgprules.xml.inactive
- Then I opened Thunderbird and the issue I reported is not there anymore and apparently all is working normally again
- I went in "Enigmail Preferences, Key Selection, Edit Rules" and it is still empty as before
- But, if I open pgprules.xml or pgprules.xml.inactive with SciTE, I see that they both contain exactly the email addresses which are causing me the issues reported above
What should I do now?
- Should I "clean" or "modify" pgprules.xml.inactive from those email addresses and then rename it back to pgprules.xml?
- Something else?
The content of pgprules.xml.inactive now looks like as in the attached Snap.jpg image file (email addresses and keys removed).
Last edit: Nedo 2020-06-19
Since everything is working fine now, I suspect that Enigmail generated AutoCrypt keys that had preference over your own manual-made keys. I'd leave that file as it is now. You may want to make sure your real key is published to https://keys.openpgp.org/ and you may link in your mail footer to your pubkey.asc on your own website.
OK with what you say.
But what would be the format of a truly empty pgprules.xml file?
The format as in the attached Snap-2.jpg image or something different?
Thx
Since I don't use any rules in "Enigmail Preferences, Key Selection, Edit Rules", could I simply delete pgprules.xml.inactive from my Thunderbird profile folder without causing harm to Enigmail or Thunderbird?
Would it then be the case that the pgprules.xml will simply be created again if I will add rules to "Enigmail Preferences, Key Selection, Edit Rules"?
I noticed that other people's installations of Enigmail/Thunderbird don't have the pgprules.xml file, don't have any rules in "Enigmail Preferences, Key Selection, Edit Rules" and all seems apparently fine with them.
Yes, in your case it should be safe to delete the file, and it will be re-created.
Thanks Olav!
I can give an explanation for this. Your corresondent is sending an Autocrypt header. The Autocrypt header contains the key of the user, plus his preference for whether or not he prefers encrypted mails. In this case, the preference is to not receive encrypted or signed mails. Thus, by enabling encryption, signing will be disabled.
If you think that's wrong, then talk to the correspondent, otherwise you can be quite sure, that the same situation will happen again.
Hi Patrick,
which are exactly the correspondent's Enigmail and/or Thunderbird settings that I should double check in order not to have this happening again?
Is it "Enable Autocrypt" in Thunderbird "Tools, Account Settings, OpenPGP Security, Autocrypt"?
Right now the "Enable Autocrypt" option is checked in my Thunderbird/Enigmail and I know for sure that the same applies to Thunderbird/Enigmail of the correspondents.
Would unchecking "Enable Autocrypt" (both on my side and on the correspondents' side) undermine our ability to send/receive encrypted emails between each other?
If not, I would then safely uncheck "Enable Autocrypt" also because I don't think I am using anything related to Autocrypt (though not 100% sure here).
Thx
Last edit: Nedo 2020-06-22
There are several possibilties:
* The option Prefer encrypted mails from the people you exchange mail with in "Tools, Account Settings, OpenPGP Security, Autocrypt" will change the behavior. If the correspondent enables this option, encryption and signing will automatically be enabled if you send an email to that correspondent.
* On your side, you can disable Autocrypt. But that means that Engmail won't detect new keys that are hidden in the message header (which I think is useful)
* You can ask the sender to disable Autocrypt (with the same consequences)
Hi Patrick,
Thanks for the details.
I disabled Autocrypt for myself and same was done for the correspondents.
"Prefer encrypted mails from the people you exchange mail with" was already disabled for me.
I still remember when Autocrypt/pEp came around (maybe around Enigmail 2.0 or so) and how much I had to do to understand/revert/disable the automatic things done by Autocrypt/pEp.
I say this with no disrespect at all for the great work done by you and the teams behind Thunderbird/Enigmail/Autocrypt/pEp/etc.; this specific work just doesn't seem to currently fit with my use case of encrypted emails.
Last edit: Nedo 2020-06-22