I have two keys on yubikeys. One is my primary and the other one is a secondary. I send e-mails to correspondents and CC my secondary key. Then when I try to decrypt the message thunderbird first tries with my secondary (which isn't connected so I cancel the request) and then I think it tries with my primary becuase the yubikey flashes. But after pushing the yubikey the e-mail is still blank.
Even if I "disable" the secondary key with the gpg tool (looks grey in key management in thunderbird) it still wants me to connect it.
I also tried setting up "reception rules" where I gave a rule to not use any key with my secondary e-mail.
None of the above made any difference.
Please help.
Thanks,
Niklas
Last edit: Niklas 2019-12-12
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You have to understand how GnuPG works here. An encrypted message contains kind of a "header" part, which lists the key IDs with which a message is encrypted. When decrypting a message, GnuPG tries to use the keys in the sequence in which they are found in the message. Thus, if your secondary key is in the message header before the primary key, then GnuPG will alwyas try the secondary key 1st.
You might want to get support for this from the GnuPG people, but this is not the sort of things that Enigmail could solve.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It really looks like enigmail tries my primary key as well but just shows a
blank window. But you mean that enigmail doesnt support to decrypt with
multiple keys in case the first fails.
You have to understand how GnuPG works here. An encrypted message contains
kind of a "header" part, which lists the key IDs with which a message is
encrypted. When decrypting a message, GnuPG tries to use the keys in the
sequence in which they are found in the message. Thus, if your secondary
key is in the message header before the primary key, then GnuPG will alwyas
try the secondary key 1st.
You might want to get support for this from the GnuPG people, but this is
not the sort of things that Enigmail could solve.
Please don't confuse Enigmail and gnupg. Enigmail does not decrypt anything. All that Enigmail does is to ask gnupg to decrypt the message. If gnupg returns decrypted data, then Enigmail will display that, otherwise not. It's totally transparent to Enigmail what gnupg does or with which key a message is decrypted.
Hey,
I have two keys on yubikeys. One is my primary and the other one is a secondary. I send e-mails to correspondents and CC my secondary key. Then when I try to decrypt the message thunderbird first tries with my secondary (which isn't connected so I cancel the request) and then I think it tries with my primary becuase the yubikey flashes. But after pushing the yubikey the e-mail is still blank.
Even if I "disable" the secondary key with the gpg tool (looks grey in key management in thunderbird) it still wants me to connect it.
I also tried setting up "reception rules" where I gave a rule to not use any key with my secondary e-mail.
None of the above made any difference.
Please help.
Thanks,
Niklas
Last edit: Niklas 2019-12-12
You have to understand how GnuPG works here. An encrypted message contains kind of a "header" part, which lists the key IDs with which a message is encrypted. When decrypting a message, GnuPG tries to use the keys in the sequence in which they are found in the message. Thus, if your secondary key is in the message header before the primary key, then GnuPG will alwyas try the secondary key 1st.
You might want to get support for this from the GnuPG people, but this is not the sort of things that Enigmail could solve.
It really looks like enigmail tries my primary key as well but just shows a
blank window. But you mean that enigmail doesnt support to decrypt with
multiple keys in case the first fails.
Ill check with the gpg people then.
On Thu, 12 Dec 2019, 17:58 Patrick Brunschwig, pbrunschwig@users.sourceforge.net wrote:
Please don't confuse Enigmail and gnupg. Enigmail does not decrypt anything. All that Enigmail does is to ask gnupg to decrypt the message. If gnupg returns decrypted data, then Enigmail will display that, otherwise not. It's totally transparent to Enigmail what gnupg does or with which key a message is decrypted.