Hello,
all was working ok but since some weeks I cannot decrypt anymore the sent emails. I am using Thunderbird under win8 and Enigmail 1.6
I get the message "Error - secret key needed to decrypt message; click on 'Details' button for more information".
I can encrypt, since and decrypt every new email i create and receive. But cannot read anymore from sent folder.
I tried to check the Logfile but when I select that item (OpenPGP->Debugging options->View Logfile), it tells me to restart the sw (I do restart thundirbird) to create the log file. I do but I always get the same message. So I am not able to view/find the Log file as well.
Anyone able to help ?
THX
CIPO
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My recommendation: upgrade to latest Thunderbird, Enigmail and GnuPG. Then retest. Should give you log, too. It is difficult for us to remember which issues were fixed since 1.6 ...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It tells me systematically that the key is missing for every email I try to decrypt (in the sent folder only):
2015-04-30 12:29:58.256 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message: [GNUPG:] ENC_TO keyremoved 1 0
gpg: encrypted with 2048-bit RSA key, ID keyremoved , created 2014-04-26
"Email removed" [GNUPG:] NO_SECKEY keyremoved [GNUPG:] BEGIN_DECRYPTION [GNUPG:] DECRYPTION_FAILED
gpg: decryption failed: No secret key [GNUPG:] END_DECRYPTION
Keep in mind:
I can read all emails sent by those guys, hence the kets should be ok.
I cannot decrypt the emails I sent them (but they can read what i sent them).
The problem is ONLY in my sent folder.
THX
Last edit: Cipo 2015-04-30
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I recommend to uninstall GPG4win and install the FULL version of GPG4win 2.2.4 but in the installer only select what you need but INCLUDE Kleopatra. This results in a different pinentry to be installed (as compared to vanilla installer) which gets focus correctly if you are prompted for a passphrase.
Apart from that, you should check your gpg.conf et.al. files in your GnuPG home directory. I suspect that you/anything set something weird in there.
So while you're at it: uninstall GPG4win (stops all progesses, reboot if asked to).Prior to starting Thunderbird, move all config files (not the keyrings and trust db) to a backup directory. Then send yourself a message and check.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Done. I can see the test email i sent to myself meaning I can decrypt it in the sent folder.
But cannot see all other emails sent to other people in the Sent folder. In the sent folder I can successfully verify the signature (when available) but cannot decrypt the sent message.
The problem remains as before :(
The only issue I see which I am not sure: the primary key is used for signature and that I can see/decrypt while the subkey is used for encryption. Exactly this subkey is the one which seems missing from the debug file. But the subkey is part of the key set and I can see them in my keyring. In the latter for every emails/recipient I have both keys: primary and subkey.
THX
Last edit: Cipo 2015-04-30
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
the "keyremoved" message has been written by me to indicate that I removed the key of the recipient from the original debug message cos I didn't want to share it in public :)
All my keys are ok cos I can send/read encrypted messages.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ah I see... The problem is really that gpg reports "no secret key". I cannot tell you much more than this. As Enigmail does not tell gpg which key to use, but gpg determines the key from the encrypted message, that's really all information we have.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
How come I can encrypt a message for a user using his pub key and I cannot see the message I sent to him ? I believe the sent message would be saved still encrypted with his PUB key, hence I have it cos I used it.
It is pretty bad not being able to read any of my encrypted sent emails.
Does Enigmail knows exactly it needs to use the subkey and not the main key ?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
That's the crucial point about asymmetric encryption: you need the public key to encrypt a message, but the private key to decrypt it. If you don't encrypt a message to you own public key, you won't be able to decrypt it later.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If I want to send a message to you i would use your own PUB key to encrypt and NOT my pvt key. using my pvt key would be useful to sign the message and not to encrypt it.
If Enigmail is able to send an encrypted email to you using your PUB key, why it doesn't allow me to see the sent email ?
There is something wrong ..... are you able to see the emails in your sent box ?
It seems Enigmail is not able anymore (earlier was working) to pick the right key (subkey) to decode my sent box. I am sure many other users don't have this problem.
Is there anyone from official Enigmail support able to help me ?
THX
Last edit: Cipo 2015-04-30
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Cipo, Patrick is the project lead. Olav and I are team members. Enigmail has not stopped to work like before.
Let me explain the problem in other words. If you simply encrypt something, then it can ONLY be read by the receiver. Fortunately you encrypt to more than receivers. Usually, using mail, you encrypt to the intended receiver AND YOUR OWN pubkey, so that you can decrypt your own sent messages using your private key. This is the usual setup.
YOUR setup seems to have lost the setting to additionally encrypt the mails you send to yourself.
So let's search for the reason why this has ceased to work.
Enigmail has a hidden preference, named "extensions.enigmail.encryptToSelf". By default, it is set to "true".
Please go to Thunderbird -> Preferences -> Advanced tab.
Click on "Config editor". Acknowledge the warning. Look up the above mentioned preference by entering it in the search field. What is shown there? Is it printed in bold? If it is not set to "true", change it so.
Please report back if you have done so and tested a NEW mail to someone else.
Your mails sent up to now will be not readable by you, they're lost. The only thing you can do is to ask the receiver to send them back to you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello Ludwig,
thank you for the prompt and detailed answer. Now it is clear that my sent emails are readable once encrypted also with my own PUB key.
My setup seems gone wild after March 16th cos previously I verified I can read my sent box.
The correct path to the config editor in latest Thunderbird (31.6.0) is Tools -> Options -> Advanced -> General -> Config Editor (as reference for other people needing this).
My setting was indeed bold/false. I did toggle to true/not bold by right clicking on it.
I did test it and now it works. Problem solved :)
Thank you again for your help.
PS
In my previous version of Enigmail the process list on my task manager (Win8) was showing a variable amount of GnuPG daemons. Sometimes they were 5-6 or even more. I had to kill them many times cos the SW was getting stuck (e.g. not asking anymore my pass-phrase) and was very unstable.
Now with everything updated it seems I got only one running process. Was this a known a fixed bug ?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Your problem with this setting maybe came from history. In Enigmail 1.7, this was a user settable preference. If you deactivated it accidentially, you would not have an opportunity to set it again with Enigmail 1.8, other than the above mentioned method with the config-editor.
Hanging gpg processes may have come from a variety of reasons. There may have been a fixed issue with Enigmail 1.8 concerning this. I think it's not worth looking into already solved :-)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Enigmail should save sent letters with sender key instead of recipient's one:
Really send encrypted with recipient's public key, and save message with sender's public key.
This will allow to read and reuse sent contents, in a secure storage way.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Unless you fiddled with settings a lot, Enigmail (GnuPG) DOES encrypt messages you send with your own key, too!
However, if one uses private key A on an old system and moves mail but not keys to a new system B, then both own and receipient's keys are missing. Bottomline: Make sure to keep ALL private keys you ever encrypted messages with. So, DO backup them offline, and import them to new systems if you generate new keys there (although there is no need to generate new keys as long as they are not using weak ciphers or get compromised).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
all was working ok but since some weeks I cannot decrypt anymore the sent emails. I am using Thunderbird under win8 and Enigmail 1.6
I get the message "Error - secret key needed to decrypt message; click on 'Details' button for more information".
I can encrypt, since and decrypt every new email i create and receive. But cannot read anymore from sent folder.
I tried to check the Logfile but when I select that item (OpenPGP->Debugging options->View Logfile), it tells me to restart the sw (I do restart thundirbird) to create the log file. I do but I always get the same message. So I am not able to view/find the Log file as well.
Anyone able to help ?
THX
CIPO
My recommendation: upgrade to latest Thunderbird, Enigmail and GnuPG. Then retest. Should give you log, too. It is difficult for us to remember which issues were fixed since 1.6 ...
Just upgraded to Enigmail 1.8.2 and got same problem.
Thunderbird is always updated to latest ver.
Should I uninstall gpg4win 2.2.1 and update it ?
now just got the debug file, going to review it.
thx 4 prompt answer.
It tells me systematically that the key is missing for every email I try to decrypt (in the sent folder only):
2015-04-30 12:29:58.256 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message:
[GNUPG:] ENC_TO keyremoved 1 0
gpg: encrypted with 2048-bit RSA key, ID keyremoved , created 2014-04-26
"Email removed"
[GNUPG:] NO_SECKEY keyremoved
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
gpg: decryption failed: No secret key
[GNUPG:] END_DECRYPTION
Keep in mind:
I can read all emails sent by those guys, hence the kets should be ok.
I cannot decrypt the emails I sent them (but they can read what i sent them).
The problem is ONLY in my sent folder.
THX
Last edit: Cipo 2015-04-30
gpg4win is now also updated. All SW is updated to latest ver.
Problem is still the same as above.
It doesn't work :(
THX
I recommend to uninstall GPG4win and install the FULL version of GPG4win 2.2.4 but in the installer only select what you need but INCLUDE Kleopatra. This results in a different pinentry to be installed (as compared to vanilla installer) which gets focus correctly if you are prompted for a passphrase.
Apart from that, you should check your gpg.conf et.al. files in your GnuPG home directory. I suspect that you/anything set something weird in there.
So while you're at it: uninstall GPG4win (stops all progesses, reboot if asked to).Prior to starting Thunderbird, move all config files (not the keyrings and trust db) to a backup directory. Then send yourself a message and check.
Done. I can see the test email i sent to myself meaning I can decrypt it in the sent folder.
But cannot see all other emails sent to other people in the Sent folder. In the sent folder I can successfully verify the signature (when available) but cannot decrypt the sent message.
The problem remains as before :(
The only issue I see which I am not sure: the primary key is used for signature and that I can see/decrypt while the subkey is used for encryption. Exactly this subkey is the one which seems missing from the debug file. But the subkey is part of the key set and I can see them in my keyring. In the latter for every emails/recipient I have both keys: primary and subkey.
THX
Last edit: Cipo 2015-04-30
Your problem is the "key removed" message from gpg. It looks like you created a new private key and deleted your old key.
Hi
the "keyremoved" message has been written by me to indicate that I removed the key of the recipient from the original debug message cos I didn't want to share it in public :)
All my keys are ok cos I can send/read encrypted messages.
The PGP key I replaced with ** is exactly the subkey in the second pic and it corresponds to the email address of the guy I am writing to.
I feel that for some reason the SW fails to see/load the subkey ...
Ah I see... The problem is really that gpg reports "no secret key". I cannot tell you much more than this. As Enigmail does not tell gpg which key to use, but gpg determines the key from the encrypted message, that's really all information we have.
How come I can encrypt a message for a user using his pub key and I cannot see the message I sent to him ? I believe the sent message would be saved still encrypted with his PUB key, hence I have it cos I used it.
It is pretty bad not being able to read any of my encrypted sent emails.
Does Enigmail knows exactly it needs to use the subkey and not the main key ?
That's the crucial point about asymmetric encryption: you need the public key to encrypt a message, but the private key to decrypt it. If you don't encrypt a message to you own public key, you won't be able to decrypt it later.
If I want to send a message to you i would use your own PUB key to encrypt and NOT my pvt key. using my pvt key would be useful to sign the message and not to encrypt it.
If Enigmail is able to send an encrypted email to you using your PUB key, why it doesn't allow me to see the sent email ?
There is something wrong ..... are you able to see the emails in your sent box ?
It seems Enigmail is not able anymore (earlier was working) to pick the right key (subkey) to decode my sent box. I am sure many other users don't have this problem.
Is there anyone from official Enigmail support able to help me ?
THX
Last edit: Cipo 2015-04-30
Cipo, Patrick is the project lead. Olav and I are team members. Enigmail has not stopped to work like before.
Let me explain the problem in other words. If you simply encrypt something, then it can ONLY be read by the receiver. Fortunately you encrypt to more than receivers. Usually, using mail, you encrypt to the intended receiver AND YOUR OWN pubkey, so that you can decrypt your own sent messages using your private key. This is the usual setup.
YOUR setup seems to have lost the setting to additionally encrypt the mails you send to yourself.
So let's search for the reason why this has ceased to work.
Enigmail has a hidden preference, named "extensions.enigmail.encryptToSelf". By default, it is set to "true".
Please go to Thunderbird -> Preferences -> Advanced tab.
Click on "Config editor". Acknowledge the warning. Look up the above mentioned preference by entering it in the search field. What is shown there? Is it printed in bold? If it is not set to "true", change it so.
Please report back if you have done so and tested a NEW mail to someone else.
Your mails sent up to now will be not readable by you, they're lost. The only thing you can do is to ask the receiver to send them back to you.
Hello Ludwig,
thank you for the prompt and detailed answer. Now it is clear that my sent emails are readable once encrypted also with my own PUB key.
My setup seems gone wild after March 16th cos previously I verified I can read my sent box.
The correct path to the config editor in latest Thunderbird (31.6.0) is Tools -> Options -> Advanced -> General -> Config Editor (as reference for other people needing this).
My setting was indeed bold/false. I did toggle to true/not bold by right clicking on it.
I did test it and now it works. Problem solved :)
Thank you again for your help.
PS
In my previous version of Enigmail the process list on my task manager (Win8) was showing a variable amount of GnuPG daemons. Sometimes they were 5-6 or even more. I had to kill them many times cos the SW was getting stuck (e.g. not asking anymore my pass-phrase) and was very unstable.
Now with everything updated it seems I got only one running process. Was this a known a fixed bug ?
Your problem with this setting maybe came from history. In Enigmail 1.7, this was a user settable preference. If you deactivated it accidentially, you would not have an opportunity to set it again with Enigmail 1.8, other than the above mentioned method with the config-editor.
Hanging gpg processes may have come from a variety of reasons. There may have been a fixed issue with Enigmail 1.8 concerning this. I think it's not worth looking into already solved :-)
Enigmail should save sent letters with sender key instead of recipient's one:
Really send encrypted with recipient's public key, and save message with sender's public key.
This will allow to read and reuse sent contents, in a secure storage way.
Unless you fiddled with settings a lot, Enigmail (GnuPG) DOES encrypt messages you send with your own key, too!
However, if one uses private key A on an old system and moves mail but not keys to a new system B, then both own and receipient's keys are missing. Bottomline: Make sure to keep ALL private keys you ever encrypted messages with. So, DO backup them offline, and import them to new systems if you generate new keys there (although there is no need to generate new keys as long as they are not using weak ciphers or get compromised).
Okay, okay... I didn't realize about advanced config option:
extensions.enigmail.encryptToSelf : true
(and I had it disabled I don't know why)