Menu

Enigmail Option "prefer S/MIME or Enigmail (OpenPGP)" causes error message

2021-01-24
2021-01-24
  • Peter Tandler

    Peter Tandler - 2021-01-24

    Hi there!

    I started using Enigmail (currently V2.1.9) with TB (currently V68.10.0)
    on Linux Mint with gpg (GnuPG) 2.2.19.

    When I try to send an email, I (nearly most of the time) I get the error
    message popup that sending failed, because I choose to sign the email
    and the certificate was "not found or outdated".

    However, when I close the popup and hit send again, the email is sent
    without error message.
    In fact, I'm not sure if the email is signed in this case. (Looking at
    my sent folder, it seems it is not.)

    BTW: When TB tries to save the email, I get the same error message.

    Now, I found, that when I change the setting "prefer S/MIME" to "prefer 
    Enigmail (OpenPGP)" "when both are possible" I can send emails without
    error message and they appear signed in my sent box.

    When I check my email account settings in TB, I see my gpg certificates
    at the tab "OpenPGP > select key". But at the tab "S/MIME" I don't see
    certificates.

    I must admin, I thought that the same certificate can be used for both
    cases.

    In any case, I would expect that - if S/MIME is NOT possible, e.g.
    because no matching certificate is found, that in this case OpenPGP is used.

    Or what should be the expected behaviour of this option? "when both are
    possible" somehow seems to imply that sending is possible, but obviously
    it is not in my case.

    Generally, I noticed that I would like to understand what the difference
    is between S/MIME and PGP/MIME / Inline-PGP.
    I browsed the Enigmail handbook at
    https://www.enigmail.net/index.php/en/user-manual but didn't find a
    section addressing this.
    What are the practical implications of these options? What should I
    consider when to use what?

    Thanks,
    Peter

     
  • Patrick Brunschwig

    OpenPGP and S/MIME are two different standards for encrypting and signing mails. Both use the concept of key pairs (i.e. a private and a public key), and both use a similar set of encryption algorithms.

    S/MIME uses X.509 certificates which are signed by a Certificate Authority (CA), with all implications of a CA: for example the CA will verify the ownership of the key (e.g. the email address) and it can revoke the certificate. That is, X.509 certificates have a single central control instance.

    OpenPGP uses self-signed keys, with the option for others to also sign a key. The keys is a lot more in control of the owner, he can revoke the key, change expiry, add user IDs and so on. That is, OpenPGP is a fully decentralized system for issuing and verifying keys.

    As a consequence, OpenPGP keys and S/MIME certificates are two different pairs of shoes - you can't use OpenPGP keys for S/MIME and vice versa.

    Concerning the difference between PGP/MIME and Inline-PGP, read here: https://www.enigmail.net/index.php/en/user-manual/handbook-faq#What.27s_the_difference_between_Inline_PGP_and_PGP.2FMIME.3F

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.