> In order to help him, I created a new public+private key with Enigmail. > Although using a key without a passphrase is not recommended, I > generated one without it. Then I sent an encrypted test email to himself > using the newly generated public key.
A key without a passphrase is completely acceptable, depending on your particular security needs. Please don't believe you're doing it wrong. So long as you do it after considering exactly what your needs are, we're happy. :) > Even after I had _disabled_ the old key under Enigmail's key management > (and a later reboot of course), Thunderbird/Enigmail still asks for the > passphrase of the old key before decrypting a mail encrypted with the > new key (the one without a passphrase)! The most obvious culprit is the ~/.gnupg/gpg.conf file. Somewhere in there is a configuration option that's adding the newly-revoked/disabled key to your recipients list (look for "encrypt-to", mostly). When you created this new test email, GnuPG silently added the old key to the list of recipients in accordance with the configuration file telling it to do so. Now, whenever you try to decrypt that message GnuPG sees it was encrypted to the old key and it asks you for the passphrase. Once you cancel out of that, it sees it was also encrypted to the new key and uses that one, which has no passphrase.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
