I am a novice user when it comes to encryption and private/public key encryption in particular. I followed the quick start guide at http://www.enigmail.net/documentation/quickstart.php but I ran into problems at part 3 "Your first encrypted email". I sent a signed unencrypted message to adele-en@gnupp.de and got a reply message
Hello -----------,
here is the encrypted reply to your email.
I have received your public key ID B380BC06C55C3B8E, described as
`-----------'.
Below please find the public key of adele-en@gnupp.de
the friendly OpenPGP email robot.
Yours sincerely,
adele-en@gnupp.de
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
LARGE BLOCK OF TEXT REMOVED FOR FORMATTING
-----END PGP PUBLIC KEY BLOCK-----
I then wrote a short message and checked only the encrypt message box. Clicking the send button I got a prompt asking for my passphrase which I found odd. After typing in my passphrase I got an error INV_RECP 0. After a short google search I found this error meant that there was no public key known for my recipient. I figured since there "BEGIN PGP PUBLIC KEY BLOCK" in the email text enigmail would automatically store that as the public key, or at least ask if it should be stored, but perhaps since the message was encrypted this didn't happen automatically. From the main menu I clicked "OpenPGP" -> "Sender's Key" -> "Import Public Key" and got the prompt "Import public key(s) embedded in message?". The next prompt said that 1 key was processed. Now when I try to reply with an encrypted message it no longer asks me for my passphrase as expected, but I get the error
Sending operation aborted.
INV_RECP 10 adele-en@gnupp.de
Under Key management with the "Display All Keys" box checked Adele the friendly OpenPGP email robot is shown. Key Properties shows there are 2 keys one of which is used for encryption. Clicking "Add to Per-Recipient Rule" opens a prompt where Sign, Encrypt, and PGP/MIME all show "Possible" After adding the key to the rule and trying to send an encrypted message I now get the error
Sending operation aborted.
INV_RECP 10 0xE573346992AB3FF7
where 0x92AB3FF7 is the key ID shown in the key management window.
Searching for "INV_RECP 10" seems to mean that I don't trust the key. I just added the key to my keyring and setup a rule to use that public key when encrypting a message but it seems that wasn't enough. After signing the key with "I have not checked" and setting owner trust to "I trust marginally" I still receive the "INV_RECP 10" error message.
Finally after checking "Preferences" -> "Sending" -> "Always trust people's keys" it allowed me to send an email. I got a message back indicating that everything is now working.
Hello -----------,
here is the encrypted reply to your email.
I quote your original message to prove that I could decrypt it.
This is an encrypted test.
Yours sincerely,
adele-en@gnupp.de
What am I doing wrong that it won't allow me to send an encrypted email to an imported Public Key even after setting some level of trust for the key? My intended use case is to email a signed public key to people and have them reply with an encrypted public key. After that we would exchange all future emails encrypted.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
What am I doing wrong that it won't allow me to send an encrypted email to an imported Public Key even after setting some level of trust for the key?
I must admit, I'm a bit puzzled. Usually signing the key solves the problem. Did you rebuild your gpg trust database manually before testing with Enigmail? Do you have a "--min-cert-level" applied when building the trust data base?
I probably should have mentioned this from the start; I am using fresh install of Gpg4win.
Messing around with owner trust options reveals setting the trust to "I trust fully" does not allow me to send an encrypted message. Nothing less than setting owner trust to "I trust ultimately" will allow me to send an encrypted message without the "Always trust people's keys" option checked.
Using the kleopatra tool (bundled with Gpg4win) confirms that the key was been signed and the trust set to full trust by the enigmail key manager.
I couldn't find a min-cert-level. I assume both the Enigmail Key Manager and kleopatra are both using the default level of 2 when rebuilding the trust database, but neither seem to let me configure this.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am a novice user when it comes to encryption and private/public key encryption in particular. I followed the quick start guide at http://www.enigmail.net/documentation/quickstart.php but I ran into problems at part 3 "Your first encrypted email". I sent a signed unencrypted message to adele-en@gnupp.de and got a reply message
I then wrote a short message and checked only the encrypt message box. Clicking the send button I got a prompt asking for my passphrase which I found odd. After typing in my passphrase I got an error INV_RECP 0. After a short google search I found this error meant that there was no public key known for my recipient. I figured since there "BEGIN PGP PUBLIC KEY BLOCK" in the email text enigmail would automatically store that as the public key, or at least ask if it should be stored, but perhaps since the message was encrypted this didn't happen automatically. From the main menu I clicked "OpenPGP" -> "Sender's Key" -> "Import Public Key" and got the prompt "Import public key(s) embedded in message?". The next prompt said that 1 key was processed. Now when I try to reply with an encrypted message it no longer asks me for my passphrase as expected, but I get the error
Under Key management with the "Display All Keys" box checked Adele the friendly OpenPGP email robot is shown. Key Properties shows there are 2 keys one of which is used for encryption. Clicking "Add to Per-Recipient Rule" opens a prompt where Sign, Encrypt, and PGP/MIME all show "Possible" After adding the key to the rule and trying to send an encrypted message I now get the error
where 0x92AB3FF7 is the key ID shown in the key management window.
Searching for "INV_RECP 10" seems to mean that I don't trust the key. I just added the key to my keyring and setup a rule to use that public key when encrypting a message but it seems that wasn't enough. After signing the key with "I have not checked" and setting owner trust to "I trust marginally" I still receive the "INV_RECP 10" error message.
Finally after checking "Preferences" -> "Sending" -> "Always trust people's keys" it allowed me to send an email. I got a message back indicating that everything is now working.
What am I doing wrong that it won't allow me to send an encrypted email to an imported Public Key even after setting some level of trust for the key? My intended use case is to email a signed public key to people and have them reply with an encrypted public key. After that we would exchange all future emails encrypted.
I must admit, I'm a bit puzzled. Usually signing the key solves the problem. Did you rebuild your gpg trust database manually before testing with Enigmail? Do you have a "--min-cert-level" applied when building the trust data base?
Some background to read: http://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html
I probably should have mentioned this from the start; I am using fresh install of Gpg4win.
Messing around with owner trust options reveals setting the trust to "I trust fully" does not allow me to send an encrypted message. Nothing less than setting owner trust to "I trust ultimately" will allow me to send an encrypted message without the "Always trust people's keys" option checked.
Using the kleopatra tool (bundled with Gpg4win) confirms that the key was been signed and the trust set to full trust by the enigmail key manager.
I couldn't find a min-cert-level. I assume both the Enigmail Key Manager and kleopatra are both using the default level of 2 when rebuilding the trust database, but neither seem to let me configure this.