multiple keys associated with same email address

[entre]

I originally set up my keys using the default settings which generated 2048 bit keys. I uploaded the public key to the key server. Everything worked OK.

Since then I decided I wanted to have 4096 bit keys and so generated a new key set associated with the same email address as the 2048 bit key. Now I have a problem, I get an Open pgp error for the new 4096 key when I try and send a signed email in TB.

I am wondering if this is because I have two keys associated with the same address and if so what I should do. Should I sign the 2048 bit key with the 4096 bit key and then revoke the 2048 bit key?

Thanks in advance.

[Ludwig Hügelschäfer]

Hi, please go to account settings -> OpenPGP security and click the radio button to "Use specific OpenPGP ID" and enter the key-id of the 4096 bit key. This should eliminate any error messages.

Another question is, how to deal with the old key. As it has spread to the world, you should tell the world that you don't intend to use it any more by revoking it and send the revoked key to the keyserver. You should keep it in your keyring, just in case somebody uses it, or much more important: You have encrypted things to this key (old mails, documents, etc.).

[entre]

Hi Ludwig,

Thanks for the guidance on both issues. Somehow that setting was already set to use the 4096 key, I think there was a another way to set that preference but i don't recall how I did that now.

Anyway I still have the problem, I also tried disabling the 4096 key via Key Management and selecting the 2048 key in "Use specific OpenPGP ID" but still the same problem with that key referenced in the Alert. The 2048 key used to work before.

My keys are in a non default directory which is defined in the OpenPGP preferences, / Advanced tab. I can see the 2048 and 4096 keys in OpenPGP / Key Management, and the keys are also visible and seem to be valid in GPA.

The alert I get is (edited the key ID for privacy) ....

"OpenPGP Alert
Send operation aborted
Key 0xAAAAAAAA not found or not valid. The (sub-)key might have expired"

I'll try and get a debug log generated and see what it says.

[entre]

Here is the debug log (slightly edited for privacy)

[entre]

Here is the console log (edited for privacy)

[entre]

Some info on my setup.

I am using Enigmail version 1.5.1 (20130205-0013) on TB 17.0.6 (portable version although on C-drive), all running on Windows 8.

[Ludwig Hügelschäfer]

Please, could you do the following:

• Select the 4096bit key.
• Send an encrypted and signed mail to yourself

Please provide the debug log of this.

If you're familiar with the command line usage, please tell the output of

gpg2 --list-keys 0xAAAAAAAA

where AAAAAAAA is the key-id of your primary key.

[entre]

Here is the edited for privacy output from gpg2

Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.

C:\Users\entre>gpg2 --list-keys 0xAAAAAAAA
pub   4096R/AAAAAAAA 2013-06-12 [expires: 2018-06-11]
uid                  name <xyz@abc.com>
sub   4096R/12345678 2013-06-12 [expires: 2018-06-11]


C:\Users\entre>

and here is the edited debug log

[Ludwig Hügelschäfer]

Ok, thanks! What does the following call yield?

gpg2 --homedir C:\pen\PortableApps\Documents\gnupg --list-keys 0xAAAAAAAA

Probably the keyrings in the "normal" directory are ok, and the keys in C:\pen\PortableApps\Documents\gnupg (which enigmail is using) are not ok.

If you use a non-standard keyring location, you must ensure that every application (Enigmail, gpg2 called from command line, GPA, ...) uses this location.

[entre]

Coincidentally I was just looking at that, when I ran gpg2 --list-keys I could see the directory was the AppData/Roaming directory.

However, running gpg2 --homedir C:\pen\PortableApps\Documents\gnupg --list-keys I also get the same output so they keys in that location seem to be OK also.

[entre]

I have read it's possible in Linux to edit gpg.conf to change the home directory. How can I do that in Windows? There doesn't seem to be a gpg.conf file and GPA and Kleopatra don't seem to offer the ability to edit the conf settings.

Thanks.

[entre]

OK, I think I figured out the answer to my last question. I found gpg.conf in the AppData/Roaming directory and found that it was created by gpgconf which is kind of obvious really.

[Ludwig Hügelschäfer]

I'm not an expert for using gpg with windows. It is possible to set the gpg home-directory via registry keys. In our documentation HKLM\Software\GNU\GnuPG and HKCU\Software\GNU\GnuPG can be found. I'm not sure of what type and value these should be. I'll have access to a windows system tomorrow and do some tests.

[entre]

I checked those registry keys and I couldn't see a reference to the relevant directory.

There is a program called dirmngr in c:\Program Files\GNU\GnuPG but that seems to offer the same functionality as the directory tab in GPA i.e no way to change homedir.

After some searching around the only way I could find to change gpg.conf was to edit in a text editor. I used this page https://www.apache.org/dev/openpgp.html#sha1 as a guide but I don't think one can set homedir there.

[entre]

I found a way to change homedir here http://www.gnupg.org/documentation/manuals/gnupg/gpgv.html#gpgv

--homedir dir
    Set the name of the home directory to dir. If this option is not used, the home directory defaults to ~/.gnupg. It is only recognized when given on the command line. It also overrides any home directory stated through the environment variable GNUPGHOME or (on W32 systems) by means of the Registry entry HKCU\Software\GNU\GnuPG:HomeDir. 

[entre]

That's one problem solved at least, now I need to see if my original problem is fixed but I somehow doubt it. I exported the registry key - edit to match your own homedir location.

[entre]

Success! It works now.

I have attached the log in case it helps to track down why it works now and didn't before.