Rob

What if this is an e-mail I didn't sign? Your correspondents -- at least those using an Autocrypt-capable client -- will still benefit from seeing that you're using Autocrypt, and that they may use it to communicate back to you. Does Enigmail have to touch everything, regardless of being asked to stand down? 😕 I don't understand why you're so concerned that an Autocrypt-conformant email client is going to behave like, well... an Autocrypt-conformant email client. If you don't like Autocrypt, that's...

If you don't want to advertise that, don't use Enigmail. The moment anyone sees an Enigmail header in your email they're going to know you're Autocrypt-capable. Then they're going to start wondering why you've taken pains to hide the Autocrypt headers. :)

Autocrypt is a proposed standard for email cryptography. Software conforming to the Autocrypt standard agrees to package emails in a specific way, to handle key distribution a specific way, and so on, in order to make the experience as painless as possible for the end-user. Part of the Autocrypt standard involves putting in the header a line about Autocrypt. By putting it in the header, the people with whom you correspond never have to care about Autocrypt -- but if they're using an Autocrypt-enabled...

Now, when I open Thunderbird on ubuntu 20.04, I get this message from Enigmail: "Your secret key (...) has missing trust. We recommend you set "You rely on certifications" to "Ultimate" in key properties." This isn't an Enigmail problem. This is a GnuPG problem. How did you migrate your Ubuntu 18.04 GnuPG environment over to your Ubuntu 20.04 environment?

Is it true that Enigmail is vulnerable to the Efail attack??? At one point an older version of Enigmail was, in fact, vulnerable. Once the attack was discovered Patrick patched it very quickly. Recent versions of Enigmail are not susceptible to Efail. Does using PGP/MIME prevent this attack?? For older versions of Enigmail, PGP/MIME actually facilitates it. 3. Does the fact that Enigmail does not automatically decrypt attachments protect attachments against this attack??? Not particularly. It's possible...

How does the signature technical works? As the encryption with pgp(asyemtric encryption)? Full details can be found in RFC4880: https://tools.ietf.org/html/rfc4880 But if you want a short answer, then yes, it works the same as with PGP. How save is this signature? It's impossible to say without knowing what your threat model is. I can say that the sort of signatures Enigmail is commonly used to generate (2048-bit RSA) is believed safe until 2030, and that everything from Amazon to DNS roots uses...

I tried to send msgs to myself with the following results: /unencrypted and unsigned: ok / unencrypted and signed: ok * encrypted and signed: would not send I would start by checking to see if your encryption subkey has expired. You can discover this by "gpg --edit-key [your key ID]". Look for a section like this: sec rsa3072/1DCBDC01B44427C7 created: 2015-07-16 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa3072/DC0F82625FA6AADE created: 2015-07-16 expires: never usage: E ssb...

Rob Thanks ... so if I foillow your advice to just create new one for my email, and an old one is saved, what will keep people from trying to verify me, but finding an old copy saved on a public key server and failing since it doesn't match the new one? They'll send you a follow-up email with, "Did you change your certificate?" and you'll tell them, "yes, I forgot the passphrase for the old one. Here, have a copy of a revocation certificate for the old one. In the future, please use my new certificate,...