After Thunderbird automatically updated a few days ago, I've experienced problems with Enigmail. First, I got a notification that Enigmail wasn't compatible with the latest version of Thunderbird, so I removed Thunderbird and reinstalled an older version (the previous one, which worked fine with Enigmail. However, ever since there is a problem with decrypting messages. Encryption seems to work fine --- my recipients said they can decrypt and read my emails; I just cannot read theirs.
When I click on an encrypted message it says "Error - no matching secret key found to decrypt message; click on 'Details' button for more information." When I do this, the Enigmail Security Info tells me in a Note that the "message is encrypted for the following User IDs/Keys: [xxxx] " but these are different keys than those shown in the Enigmail Key Management box (for both users, ie. my key as well as the recipient's are different in both boxes)
I have reinstalled Thunderbird, reinstalled Enigmail, reinstalled Gpg4Win & GNU Privacy Guard, resend my public key, my recipient has resend their key (which is the same as displayed in Key Management), but the problem is still not solved. It is definitely a problem with my version of Enigmail --- I've tested the encryption and decryption with different recipients, and the problem continues to occur.
I am using Windows 7 64 bit, Thunderbird version 68.3.0 (64 bit) and Enigmail version 2.1.4 (20191212-1705).
I have tried to follow the guidelines here: https://www.enigmail.net/index.php/en/faq?view=topic&id=14 but there is no Debugging option anywhere, neither under Enigmail > Debugging Options > View Log nor Enigmail > Preferences and click on Display Expert Settings and Menus.
Please help!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Your recipient uses a different key than you have in Enigmail. I believe that this is because you also upgraded GnuPG, and the new version of GnuPG uses a different file to store the keys than the old one.
I suggest you try the following: open a command line window and copy & paste the following into the window.
I have recently switched to Ubuntu 20.04, and installed Thunderbird and
Enigmail, but am encountering the same problem I asked support for in
December 2019 (which was solved via the command line as you suggested,
see below).
There is a problem with decrypting messages. Encryption seems to work
fine --- my recipients said they can decrypt and read my emails; I just
cannot read their emails. When I click on an encrypted message it says
"Error - no matching secret key found to decrypt message; click on
'Details' button for more information." When I do this, the Enigmail
Security Info tells me in a Note that the "message is encrypted for the
following User IDs/Keys: [xxxx] " but these are different keys than
those shown in the Enigmail Key Management box (for both users, ie. my
key as well as the recipient's are different in both boxes). I have
generated a new key pair for myself and sent the new public key to other
people, but the problem continues to occur.
I am using Ubuntu 20.04, Thunderbird 68.8.0 (64-bit), Enigmail 2.1.6
(installed via Thunderbird's add-ons). If you could help, it'd be much
appreciated!
All best,
Lianne
On 25/12/2019 16:25, Patrick Brunschwig wrote:
Your recipient uses a different key than you have in Enigmail. I
believe that this is because you also upgraded GnuPG, and the new
version of GnuPG uses a different file to store the keys than the old one.
I suggest you try the following: open a command line window and copy &
paste the following into the window. YOURNAME needs to be replaced
with your account name.
cd \Users\YOURNAME\AppData\Roaming\Gnupg
gpg --import secring.gpg
gpg --import pubring.gpg
The problem is that the key ID that we get is not necessarily the ID of the primary key, but the one of the subkey used for encryption.
These key IDs can be found by inspecting the details of a key: in the Key Manager, double click on the key, and switch to the tab "Structure". You'll find the IDs of all (sub)keys in that list. Compare them with the key IDs in "message is encrypted for the following User IDs/Keys: [xxxx]". If the key ID is not in that list, then you can't do anything about that -- the sender will have to change something on his side to use your new key.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I just checked, and the dialog box shows this (I replaced the keys with
'key one' and 'key two'):
Enigmail Security Info
Error - no matching secret key found to decrypt message
Note: The message is encrypted for the following User IDs / Keys: [key one], [key two] (OTHER USER'S NAME email@address)
I compared them with the (sub)keys in the list, and 'key one' does not
match anything (also none of my own keys), while 'key two' is the same
as the other person's subkey, found as you said under key
management-structure. I crosschecked with another user, the same dialog
box appears with two keys: key one is the same key as in the other
security info box, the second one is that user's subkey... so I'm
thinking that it must be something on my end?
Sorry for the hassle -- I would use the trick you suggested when this
happened the last time (open a command line window and copy & paste the
following into the window. YOURNAME needs to be replaced with the
account name; cd \Users\YOURNAME\AppData\Roaming\Gnupg gpg --import
secring.gpg gpg --import pubring.gpg) but I think that won't work on
Ubuntu because there is no AppData folder..
Lianne
On 25/06/2020 17:22, Patrick Brunschwig wrote:
The problem is that the key ID that we get is not necessarily the ID
of the primary key, but the one of the subkey used for encryption.
These key IDs can be found by inspecting the details of a key: in the
Key Manager, double click on the key, and switch to the tab
"Structure". You'll find the IDs of all (sub)keys in that list.
Compare them with the key IDs in "message is encrypted for the
following User IDs/Keys: [xxxx]". If the key ID is not in that list,
then you can't do anything about that -- the sender will have to
change something on his side to use your new key.
No, there is nothing wrong on your side. The sender sends emails that are encrypted to keys that you don't have. That's something that only the sender can solve. You have to send them your new key, and tell them to only use your new key.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
After Thunderbird automatically updated a few days ago, I've experienced problems with Enigmail. First, I got a notification that Enigmail wasn't compatible with the latest version of Thunderbird, so I removed Thunderbird and reinstalled an older version (the previous one, which worked fine with Enigmail. However, ever since there is a problem with decrypting messages. Encryption seems to work fine --- my recipients said they can decrypt and read my emails; I just cannot read theirs.
When I click on an encrypted message it says "Error - no matching secret key found to decrypt message; click on 'Details' button for more information." When I do this, the Enigmail Security Info tells me in a Note that the "message is encrypted for the following User IDs/Keys: [xxxx] " but these are different keys than those shown in the Enigmail Key Management box (for both users, ie. my key as well as the recipient's are different in both boxes)
I have reinstalled Thunderbird, reinstalled Enigmail, reinstalled Gpg4Win & GNU Privacy Guard, resend my public key, my recipient has resend their key (which is the same as displayed in Key Management), but the problem is still not solved. It is definitely a problem with my version of Enigmail --- I've tested the encryption and decryption with different recipients, and the problem continues to occur.
I am using Windows 7 64 bit, Thunderbird version 68.3.0 (64 bit) and Enigmail version 2.1.4 (20191212-1705).
I have tried to follow the guidelines here: https://www.enigmail.net/index.php/en/faq?view=topic&id=14 but there is no Debugging option anywhere, neither under Enigmail > Debugging Options > View Log nor Enigmail > Preferences and click on Display Expert Settings and Menus.
Please help!
Your recipient uses a different key than you have in Enigmail. I believe that this is because you also upgraded GnuPG, and the new version of GnuPG uses a different file to store the keys than the old one.
I suggest you try the following: open a command line window and copy & paste the following into the window.
Last edit: Patrick Brunschwig 2019-12-29
Hello,
I have recently switched to Ubuntu 20.04, and installed Thunderbird and
Enigmail, but am encountering the same problem I asked support for in
December 2019 (which was solved via the command line as you suggested,
see below).
There is a problem with decrypting messages. Encryption seems to work
fine --- my recipients said they can decrypt and read my emails; I just
cannot read their emails. When I click on an encrypted message it says
"Error - no matching secret key found to decrypt message; click on
'Details' button for more information." When I do this, the Enigmail
Security Info tells me in a Note that the "message is encrypted for the
following User IDs/Keys: [xxxx] " but these are different keys than
those shown in the Enigmail Key Management box (for both users, ie. my
key as well as the recipient's are different in both boxes). I have
generated a new key pair for myself and sent the new public key to other
people, but the problem continues to occur.
I am using Ubuntu 20.04, Thunderbird 68.8.0 (64-bit), Enigmail 2.1.6
(installed via Thunderbird's add-ons). If you could help, it'd be much
appreciated!
All best,
Lianne
On 25/12/2019 16:25, Patrick Brunschwig wrote:
The problem is that the key ID that we get is not necessarily the ID of the primary key, but the one of the subkey used for encryption.
These key IDs can be found by inspecting the details of a key: in the Key Manager, double click on the key, and switch to the tab "Structure". You'll find the IDs of all (sub)keys in that list. Compare them with the key IDs in "message is encrypted for the following User IDs/Keys: [xxxx]". If the key ID is not in that list, then you can't do anything about that -- the sender will have to change something on his side to use your new key.
Hi,
I just checked, and the dialog box shows this (I replaced the keys with
'key one' and 'key two'):
Enigmail Security Info
Error - no matching secret key found to decrypt message
Note: The message is encrypted for the following User IDs / Keys:
[key one],
[key two] (OTHER USER'S NAME email@address)
I compared them with the (sub)keys in the list, and 'key one' does not
match anything (also none of my own keys), while 'key two' is the same
as the other person's subkey, found as you said under key
management-structure. I crosschecked with another user, the same dialog
box appears with two keys: key one is the same key as in the other
security info box, the second one is that user's subkey... so I'm
thinking that it must be something on my end?
Sorry for the hassle -- I would use the trick you suggested when this
happened the last time (open a command line window and copy & paste the
following into the window. YOURNAME needs to be replaced with the
account name; cd \Users\YOURNAME\AppData\Roaming\Gnupg gpg --import
secring.gpg gpg --import pubring.gpg) but I think that won't work on
Ubuntu because there is no AppData folder..
Lianne
On 25/06/2020 17:22, Patrick Brunschwig wrote:
No, there is nothing wrong on your side. The sender sends emails that are encrypted to keys that you don't have. That's something that only the sender can solve. You have to send them your new key, and tell them to only use your new key.
Solved!! Thank you so much.
This also fixed it for me, same problem. I had been troublshooting it off and on for two days and then finally found this thread. Ouch.
Thanks for the info! :)
Last edit: Ed Williams 2019-12-28