Craig, thanks for the report. I have tried to decrypt the Mails in "Sent Items", but I haven't got the right private key(s). So maybe this conceals the problem. May I suggest that you create an "Execution Trace" (instructions here: https://enigmail.net/index.php/en/faq?view=topic&id=15#faqLink_6). You may also try a nightly build of Enigmail and test if this bug has been fixed already. https://www.enigmail.net/index.php/en/download/nightly-build
Enrique, does it help to wait for a couple of minutes until the gpg.exe finally have finished? How much CPU do they consume (you may have to enable the display of CPU-time column in the control panel)?
Enrique, does it help to wait for a couple of minutes until the gpg.exe finally have finished? How much CPU do they consume (you may have to enable the display CPU-time column in the control panel)?
Please go here: Enigmail -> Preferences -> Basic Tab Click on "Display Expert Settings and Menus" (if not activated). Switch to keyserver tab. Clear the entries in "Automatically download keys for signature verification from the following keyserver".
Try setting the passphrase caching time to zero. You can find it at Enigmail -> Preferences -> Basic tab, "Passphrase settings".
Ah ok, gnupg.org is a trusted source. Please try Patricks advice next.
Where did you download the Gnupg 2.2.0 package from? If I were on windows, I'd stick to the gpg4win package. Gpg4win 3.0 - containing gpg 2.2.0 - is only at release candidate status.
Where did you download the Gnupg 2.2.0 package from? If I were on windows, I'd stick to the gpg4win package. Gpg4win 3.0 - containing gpg 2.2.0 is only at release candidate status.
This one shows the problem: gpg: can't open '/home/name/.gnupg/secring.gpg': Permission denied This means that gpg has no access rights for the secret keyring. You have to fix this by correcting the permissions. On the command line, type this: chmod -R u+rw ~/.gnupg Afterwards gpg should be able to do the conversion. Just check this by listing the secret keys. gpg2 --list-secret-keys Enigmail should work now.
Yes, right, thanks :-) The error message is quite misleading. It seems, it has been improved in the 2.1 series: gpg: sending key <xxx> to hkp://sks.mit.edu gpg: keyserver send failed: Operation timed out [GNUPG:] FAILURE send-keys 167805060 gpg: keyserver send failed: Operation timed out So the recommendation for the OP is: Please use another keyserver! ha.pool.sks-keyservers.net is a good address.
That's the relevant part: gpg: sending key 177C77C5 to hkp server sks.mit.edu gpg: keyserver communications error: No public key gpg: keyserver send failed: No public key GnuPG thinks you don't have the public key for 4A0F4258177C77C5 (long keyId) or 177C77C5 (short keyId). Is this your own key or your correspondants? How is it displayed in Enigmails key manager? What is the output of the following command in the command window: gpg2 --list-key 0x4a0f4258177c77c5 ? BTW: sks.mit.edu seems to be down....
Do you have some kind of "security" software active?
Oh, and another important measure: Please set the ownertrust of your own keys to "ultimate", and that for other keys as you had it before.
Ah ok, thanks for the report. Quite likely there was an entry in the old gpg.conf that caused the malfunction. Step 5 replaced it with a "neutral" one. Would you please share the contents of the old gpg.conf, so we may identify the potential root cause. Please obfuscate private information.
So it looks like maybe Enigmail just does not run on MacOS Sierra 10.12.16 ? Yes it does. Patrick and me are using it. The last log lists Enigmail version as "undefined". This is very unusual and maybe things have become worse. I see an DEBUG message about not able to over ride a button not sure if its related ! No, thats nothing that hurts. I have that, too. Please open the Thunderbird error console as described above (1 min after TB restart). Do you have any errors listed? Errors have a light red...
Yes, of course we know where Enigmail stores the path to gpg2. Just look here: Thunderbird menu -> Enigmail -> Preferences. Select the "Basic" tab. We're just not convinced that resetting the path solves your problems. The last log you sent looks absolutely normal, nothing extraordinary. Is there any error in the Thunderbird error console? To check this, please go here: Thunderbird menu -> Tools -> Developer tools -> Error Console. Please do this about 1 minute after a restart of Thunderbird. Is...
Do you have the checkbox "display all keys by default" checked?
There are 2 general pitfalls when replacing the own key: You haven't registered the new key for all accounts and/or registered identities. You have specified the old key in gpg.conf
Either your key or the recipients key is invalid. Maybe one of it expired. Which Enigmail version are you running? The error message surely must be improved.
The only source for the long key-Id is the fingerprint, which is accessible via key details either via the menu or CTRL-click in Enigmails key manager. The next version of Enigmail will show long key-Ids only.
Hi Leon, these two can be ignored. I'm getting these also and the rest of Enigmail is working. Did you try Enigmail 1.9.8.1?
Autocrypt is part of the current Enigmail development.
I'm afraid, you need to save the encrypted key and decrypt it using the GnuPG command line application: gpg2 --decrypt "File.asc" -o "DecryptedFile.asc" Then import the decrypted key using Enigmails Keymanager: File -> Import keys from file.
Ah, I see. Good to know what causes such behaviour :-)
I think the configuration error is on the receiving end. When decrypting, the locale of the receiving system has to be set correctly. Which OS is running on the receiving system? Which GnuGP version is installed there?
Each change of expiry, key preferences etc. creates a new self signature. This is what you can see in the key details. My key has three self signatures. What you can see for each signature (or self signature) is the UID and fingerprint of the signing key. I'm not sure why gnupg "check" reports 45 missing keys while checking signatures. Usually this means that your key has been signed by other keys, but you don't have those public keys in your keyring.
No, you cannot control which keys are exported. If it's a "play key", you can't use any more (you don't know the passphrase), then you can delete it prior to Enigmails Export Settings wizard. If you still have hope to remember the passphrase sometime in the future, then export it (including the secret key!), before deleting it.
Hi Martin, you probably have configured Enigmail to use 0x9A3CF831 as your key for whatever reason. Please go to: Tools -> Account setting. Select "OpenPGP security" below your account. You should select "Use specific OpenPGP key ID:" Do you see 0x9A3CF831 or another key Id? Just to be safe: click on "Select key..." button and select your key pair.
Juergen, 0x39870AC1 is a V2 format key. I strongly doubt, that this key can be handled by recent GnuPG versions. Recent key format is V4, since about 15 years or longer. I have replaced my V3 key 8 years ago. I'd recommend to generate a new key, also accounting for the fact that a key length of 1024 bits is no longer considered safe for future operation.
GnuPG Version 1.x and GnuPG Version 2.y can be installed simultaneously. Enigmail 1.9 will only use GnuPG Version 2.y. But back to your problem: You probably are using an older version of an alternate passphrase agent (e.g. Gnome Keyring, etc.). These older versions had problems, e.g. Enigmail could not set the cache timeout.
Please provide additional details: OS, (distribution, if Linux), and Version. Version of GnuPG 2.x you are using (1.4.3 certainly will not work with Enigmail 1.9.x) Thanks!
Which Thunderbird version are you running now and which before update? Which version of Enigmail? Which Platform/OS are you running?
Which Thunderbird version are you running now and which before updated? Which version of Enigmail? Which Platform/OS are you running?
Which Thunderbird version are you running now? Which version of Enigmail? Which Platform/OS are you running?
No, this is most probably not related to booting firmware. To check whether more than one gpg-agent is probably easy, but using GUI it depends on the window manager you are running. On the command line: ps -A | grep gpg-agent This lists all gpg-agent processes (and will catch the grep command, too). So, if you get 2 lines, all is ok. If else, please post the output here for help.
You're suffering from some major misbehaviour of GnuPG, maybe caused from a setup or installation error. The log says: gpg: waiting for lock (held by 7205) ... (...) gpg: waiting for lock (held by 7215) ... and then: "IPC-forbindelseskald mislykkedes" this means: "IPC connect call failed". You'd have to find out which process(es) interfere(s). In this case the PID of the interfering process is printed by GnuPG. You'd have to do this immediately after you see these messages in the Enigmail debug log....
So you suggest that there should be an explaining text displayed in/above the key import dialog. Which text would have helped you? Please make a suggestion. Same for the key import procedure: How would you think an optimum sequence would look like? Which accompanying/explaining texts would you supply? Regarding reimporting already present keys: This does not harm. Nothing is overwritten. OpenPGP keyrings always add information, they never replace. This is the same behaviour as keyservers show.
Please try Enigmail 1.9.6.1.
Thanks for the hint! The certificates have been exchanged and all is working as expected again.
Ok, so we have to go deeper for debugging. Which OS are you running? Which GnuPG and Enigmail versions? If GnuPG version is 2.0.x or 2.1, which passphrase agent?
This is normal. First, you enter the passphrase for your encryption (sub-)key. Second, when you send mail you are asked for the passphrase for your signing key. They are different parts of your "key" - more exact may be the word "certificate") - but may have the same passphrase.
Right. Sometimes I'm stuck in the Enigmail-single-private-user perspective. Thanks for pointing this out :-)
There's no question that your own keys should have set Ownertrust to "Ultimate". Everything else is just a misconfiguration. The next version of Enigmail will have an automatic check for this. Your own key is not recognised as "valid" by GnuPG if the ownertrust is less than "ultimate". So if it is on the recipient list (e.g. by "encrypt to self") and you have "manual encryption settings" active and "To send encrypted, accept" is set to "Only trusted keys", then encryption fails because not all recpient...
There's no question that your own keys should have set Ownertrust to "Ultimate". Everything else is just a misconfiguration. The next version of Enigmail will have an automatic check for this. Your own key is not recognised as "valid" by GnuPG if the ownertrust is less than "ultimate". So if it is on the recipient list (e.g. by "encrypt to self") and you have "manual encryption settings" active and "To send encrypted, accept" is set to "Only trusted keys", then encryption fails because not all recpient...
Sorry, we need some more details to answer your question. Are you a first time user? Is this a fresh setup?
BTW: Did you ask a similar question about 18 hours ago? There was a post held for moderation. If it was yours, can I delete this pending post?
Hi, you can enter the passphrase caching time at Enigmail -> Preferences -> Basic Tab.
Replace "Create OpenPGP Rulke from Address" by "Edit OpenPGP rule from address" if there is already a rule
enigmail doesn't support version 2.1 This is not true, at the very least not in this generality. Alle Verschlüsselungs-Unterschlüssel des Schlüssels Olaf Foellinger olaf.foellinger@gmail.com (...) sind abgelaufen Please show what gpg says: gpg2 --version gpg2 --list-key 0x69ECC4CD94D36D46
Did you create the latest encryption subkey with 2.1? If yes, has this subkey been backported to the 2.0 storage format?
Do you have other extensions installed besides Enigmail? Try to disable them, and...
Sorry, there's no visible trace of a decryption attempt in the log. Also, Enigmail...
You're welcome :-) I just removed the attachment, it's of no use anymore being o...
The file is no certificate, at least not visible from the outside. As a side note:...
Well, this is no public key. It's a message, encrypted for key 9316D00B12E1F9ED....
Well, this is no public key. It's a message, encrypted for key 9316D00B12E1F9ED....
If there are no privacy concerns, could you please send me the public key? (ludwig...
The Enigmail version for Postbox is provided by Postbox Inc. We don't support that...
Everything works as expected in the mail filter rule dialog for me. The destination...
32-bit key IDs are insecure, full hashes should be shown by Enigmail
Duplicate of bug 370. [#370]
The debug log is with 1.9.6.1. It shows the problem which Patrick was talking about....
Hi Lucius, ok, first step taken. Now you have to make sure that your key pair is...
Hi Lucius, sorry to hear you have difficulties. The .asc is not to be installed into...
This is not really an Enigmail question, however, I'll do my best to give advice....
Oh, glad to hear! Thanks for the correction.
Are you using Gnome keyring to provide the passphrase? This is very likely to cause...
Peter, you can enter the passphrase caching time easily by using the Enigmail GUI....
However, even though it's disabled, I still get an Enigmail banner at the top of...
I've just tested, what I had forgotten yesterday: PGP/Inline messages. Behaviour...
I've tried to reproduce the issue you're having, but the sending of incomplete messages...
Hi, as far as I'm informed the Yubikey is both a card reader and a smartcard from...
Glad that you found a solution. Linux has many different desktops and window managers,...
Hi, Thunderbird does not allow the separation of attachments from the mail body....
Sorry, I can't help you much, as I'm on Mac OS X and sometimes on Windows. From my...
as well as 2 uncaught exceptions and a val.identities is nul. This looks suspicious....
Hi Antonio, signed only mails are not encrypted. The unencrypted message text is...
Accented characters in French help
Well, you could decide to enable encryption at every instant of the composing process....
The log file isn't created on disk, it's held in memory. In order to view it, go...
settings exported from linux enigmail cannot importon mac enigmail
Accented characters in French help
Thanks for reporting. Well, the help files are missing a charset declaration. This...
Thanks for the log. I'm afraid it doesn't contain the relevant section. Could you...
Enigmail cycles through all recipients of every mail, even when you have not activated...
David, are there any error messages in the Thunderbird Error Console (Tools -> Error...
Hi, the clue is the quite cryptic error message from gpg: gpg: signing failed: Inappropriate...
Your passphrase has been cached, so the message was decrypted automatically and it...
Do you mean there is an unencrypted copy of a mail that was sent out encrypted? That's...
I'm sorry, we can't help you much. Postbox is partly closed source and changes to...
Works flawlessly here. Where do you get a loop?
Text within buttons within passphrase windows unreadable
I'm sorry to tell, but the pinentry window isn't part of Enigmail. Are you using...
It's just as I assumed. GnuPG 2.1 has the private keys in the "private-keys-v1.d"...
Let me guess: You have both gpg version 1.4.x and version 2.1.y installed, and the...
So, as a summary, it is not possible for the moment to reproduce the issue you had....
Did this behaviour reoccur after a restart of Thunderbird? If yes: The error messages...
I suppose that a restart of Thunderbird didn't help. Is this right? The error messages...