Re: [Enigmail] New enigmail tries to decrypt with outdated, disabled key

[Lars Noodén]

On 09/02/2015 11:24 PM, Patrick Brunschwig wrote:
> I doubt gpg2 is correctly set up on your PC, since you're not prompted for a 
> password.
> 
> Please follow this guide to ensure it's working properly:
> https://enigmail.net/support/gnupg2_issues.php
> 
> Patrick

Hmm.  gpg2 was set up automatically however Ubuntu 14.04 does it.  It
seems to work manually.  And it turns out that Engimail *is* trying the
right key but fails.  Here is what the log says about that:

[GNUPG:] NEED_PASSPHRASE 6F87153B238909D7  1 0
gpg: problem with the agent: No pinentry
[GNUPG:] ERROR get_passphrase 85
[GNUPG:] MISSING_PASSPHRASE
gpg: encrypted with 4096-bit RSA key, ID , created 2014-03-24
  " "
gpg: public key decryption failed: Operation cancelled
[GNUPG:] ERROR pkdecrypt_failed 99
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
gpg: decryption failed: No secret key
[GNUPG:] END_DECRYPTION

Thanks for the link to the guide.  It mentions the GnuPG 2.x requires an
agent to handle the passphrases.

I did change the settings on the agent a year or so ago because it was
preventing SSH use by loading in all the ssh keys it could find, rather
than the ones I would tell it to find, and then using them out of order
causing the remote service to lock me out.  If I have to choose between
graphical use of SSH and Engimail, I must have the latter.

So, the next step is for me to find the changes I did to the agent
configuration and undo them, and see if that helps.

Regards,
Lars

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] New enigmail tries to decrypt with outdated, disabled key

[Lars Noodén]

On 09/03/2015 10:02 AM, Lars Noodén wrote:
> On 09/02/2015 11:24 PM, Patrick Brunschwig wrote:
...
>> Please follow this guide to ensure it's working properly:
>> https://enigmail.net/support/gnupg2_issues.php
...
> Thanks for the link to the guide.  It mentions the GnuPG 2.x requires an
> agent to handle the passphrases.
...

That led to the solution.

Thanks again to all who answered or thought about it.  It turns out the
problem was in ~/.gnupg/gpg-agent.conf  When this account lived on
another machine, I had been dual booting with OS X and Ubuntu 14.04  The
settings in gpg-agent.conf were for OS X and the earlier versions of
Engimail on Ubuntu were fine with that.  The contents were:

default-cache-ttl 300
max-cache-ttl 99pinentry-program
/usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
pinentry-program
/usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac

It was probably that last line causing the problem.

Simply moving the file away solved the current problem.  If I go back to
dual booting (unlikely) in the future, I will have to solve anpther
problem.

Regards
Lars

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] New enigmail archives/signs with outdated, disabled key

[Lars Noodén]

On 09/02/2015 09:09 PM, Ludwig Hügelschäfer wrote:
> On 02.09.15 19:56, Lars Noodén wrote:
>>
>> I can encrypt and send to another machine and decrypt there using the
>> same ~/.gnupg contents.
>>
>> I also went through the Enigmail setup wizard again to reset the key and
>> it still shows the right key but when I try to decrypt, Enigmail still
>> looks for the wrong key.
> 
> The key to decrypt is always selected automatically. The key-Id of the
> receiver(s) is/are embedded in the message. You cannot decrypt a given
> message with another (newer) key. What makes you think it Enigmail looks
> for the wrong key? Please give us the exact error message.

The error message between the message body and the headers is :

Enigmail Error - decryption failed; click on 'Details'
button for more information.

When I click on Details and choose View Key Properties I get shown
Primary User ID, Key ID, and Fingerprint which are for the wrong key.

If I try to sign an outgoing message, I get this:

Key 0x not found or not valid.  The (sub-)key
might have expired.

If I go into Engimail -> Key Management -> Key properties for that key,
it shows that the key is valid and expires next year.

> Do you have any additional settings like "encrypt-to" in your gpg.conf file?
> 
> Ludwig

gpg.conf is stock, I haven't changed it.  Here are the active lines:

 $ egrep -v "^#|^$" gpg.conf
 keyserver hkp://subkeys.pgp.net
 use-agent

 default-key  FE35B305
 comment GPGTools - http://gpgtools.org

Regards,
Lars

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] New enigmail archives/signs with outdated, disabled key

[Lars Noodén]

With the most recent upgrade of Enigmail on Ubuntu 14.04 LTS,

$ apt-cache policy enigmail
enigmail:
Installed: 2:1.8.2-0ubuntu0.14.04.1
...

my previous settings are lost and it is not using the key it used to
use.  Instead of using the active OpenPGP key it is using one of my
archived, disabled keys.

How do I change Enigmail to resume using the right key?

How do I temporarily point it at the outdated key so I can at least
decrypt incoming messages which have been erroneously encrypted using
the outdated key?

Regards,
Lars

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] From Circumvention

[Lars Noodén]

On 07.03.2015 21:45, Rainer Blome wrote:
...
 Looking at the headers, the character encoding strikes me as a
 potential leak, as some values, such as charset=windows-1252,
 hint at the probable OS used.

Either Thunderbird or Enigmail often set my replies to windows-1252
instead of normal UTF-8 despite using GNU/Linux.  I'm not sure which
component is responsible and cannot trigger it on demand though.

Regards,
Lars


___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Medium Term Plan for Dropping GnuPG 1.4.x Support

[Lars Noodén]

On 04.02.2015 20:07, Alexander Buchner wrote:
 On 04.02.2015 19:00, Bob Williams wrote:
 I'd be surprised if Ubuntu gives you GnuPG 1.4. What is the output of

 gpg --version?
 
 I have a Ubuntu 14.10 system:
 
 @@@:~$ gpg --version
 gpg (GnuPG) 1.4.16
...

Ubuntu 14.10 will expire soon anyway.  The non-LTS release now have only
a 9-month life cycle.  Coming up, 15.04 will have GnuPG version 1.4.18,
which is still 1.4.x

The current LTS desktops, 12.04 and 14.04, use 1.4.11 and 1.4.16. They
will be around until 2017 and 2019.  A search of backports for 14.04 LTS
shows nothing in regards to GnuPG.

Regards,
/Lars

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Encryption dropping from draft messages

[Lars Noodén]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/15/2013 05:39 PM, Patrick Brunschwig wrote:
 On 14.09.13 14:15, Max Maass wrote:
 On 09/14/2013 01:56 PM, Lars Noodén wrote:
 Hi,
 
 I notice that if a message draft is started encrypted and then
  postponed, it becomes unencrypted when the message is
 continued. The box becomes unchecked in the Encrypt Message
 checkbox under the OpenPGP menu. Then, unless encryption is
 re-specified right away, the draft seems to get saved
 unencrypted in the drafts folder. This save is automatic after
 a few minutes, so there is only a short window to manually
 restore the missing encryption. That exposes the contents of
 the message if no action is taken.
 
 This happens every time a message is started, postponed and
 then resumed.
 
 The steps to reproduce it are as follows:
 
 1.  start a message with encryption 2.  save it and then 
 postpone it, closing the message 3.  find the unfinished
 message in the appropriate drafts folder and resume editing 4.
 either wait for the message to be saved (unencrypted) or repeat
 steps 2 and 3.
 
 The message will go from being encrypted to being unencrypted 
 every time.
 
 I can confirm this behaviour on Linux x64 with latest (non-beta)
  Enigmail and Thunderbird 17.0.8 (latest from ubuntu
 repositories). Never noticed it before, but this is a big
 information leak.
 
 Is my understanding correct that you only get this behavior if the 
 draft message is _not_ shown before you continue editing it, e.g.
 if the preview pane is off?
 
 -Patrick

It seems to happen even with the preview pane open at the bottom of
the window.  Try closing and opening the message again.  It will go to
plain text if encryption is not manually reselected again each time.

(I'm not sure of the names.  The preview pane is the pane at the
bottom of the window under the pane with the list of message subjects,
right?  )

/Lars
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlI1x8gACgkQfz2bZ9qH75ppnACfTmJZJutxSLn1Nm9qY9Ap9gm+
sxQAnRoFRgQ0w+VHCCbUlCmpSGjxAPBT
=v2N7
-END PGP SIGNATURE-

___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Encryption dropping from draft messages

[Lars Noodén]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/15/2013 05:46 PM, Patrick Brunschwig wrote:
 On 15.09.13 16:44, Lars Noodén wrote:
 On 09/15/2013 05:39 PM, Patrick Brunschwig wrote:
 On 14.09.13 14:15, Max Maass wrote:
 On 09/14/2013 01:56 PM, Lars Noodén wrote:
 Hi,
 
 I notice that if a message draft is started encrypted and 
 then postponed, it becomes unencrypted when the message is
  continued. The box becomes unchecked in the Encrypt
 Message checkbox under the OpenPGP menu. Then, unless
 encryption is re-specified right away, the draft seems to
 get saved unencrypted in the drafts folder. This save is
 automatic after a few minutes, so there is only a short
 window to manually restore the missing encryption. That
 exposes the contents of the message if no action is taken.
 
 This happens every time a message is started, postponed and
  then resumed.
 
 The steps to reproduce it are as follows:
 
 1.  start a message with encryption 2.  save it and then 
 postpone it, closing the message 3.  find the unfinished 
 message in the appropriate drafts folder and resume
 editing 4. either wait for the message to be saved
 (unencrypted) or repeat steps 2 and 3.
 
 The message will go from being encrypted to being
 unencrypted every time.
 
 I can confirm this behaviour on Linux x64 with latest 
 (non-beta) Enigmail and Thunderbird 17.0.8 (latest from
 ubuntu repositories). Never noticed it before, but this is a
 big information leak.
 
 Is my understanding correct that you only get this behavior if 
 the draft message is _not_ shown before you continue editing
 it, e.g. if the preview pane is off?
 
 -Patrick
 
 It seems to happen even with the preview pane open at the bottom 
 of the window.  Try closing and opening the message again.  It
 will go to plain text if encryption is not manually reselected
 again each time.
 
 (I'm not sure of the names.  The preview pane is the pane at the
  bottom of the window under the pane with the list of message 
 subjects, right?  )
 
 Is the draft message encrypted at all?
 
 -Patrick

When you first close the draft message, you are given the option to
encrypt the message before saving.  If you choose Encrypt Message,
it gets encrypted that first time.  But then if you open it, the
encryption goes away and any subsequent saves are unencrypted unless
it is manually reselected.

I'm also noticing some problems were the content of the body of the
draft disappears, but that's a separate issue I think.

/Lars
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlI1ymsACgkQfz2bZ9qH75qrQwCfYRNHeiCnOedWi43O6VJfvKVA
ZzgAn0M9EU0YJory+jYtdsotqLzyez0y
=zsGk
-END PGP SIGNATURE-

___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] Encryption dropping from draft messages

[Lars Noodén]

Hi,

I notice that if a message draft is started encrypted and then
postponed, it becomes unencrypted when the message is continued.  The
box becomes unchecked in the Encrypt Message checkbox under the OpenPGP
menu. Then, unless encryption is re-specified right away, the draft
seems to get saved unencrypted in the drafts folder.  This save is
automatic after a few minutes, so there is only a short window to
manually restore the missing encryption.  That exposes the contents of
the message if no action is taken.

This happens every time a message is started, postponed and then resumed.

The steps to reproduce it are as follows:

1.  start a message with encryption
2.  save it and then postpone it, closing the message
3.  find the unfinished message in the appropriate drafts folder
and resume editing
4.  either wait for the message to be saved (unencrypted) or
repeat steps 2 and 3.

The message will go from being encrypted to being unencrypted every time.

I've checked in the list of common problems and do not find this listed.
https://www.enigmail.net/support/troubles.php

I've looked at some of the existing bug reports and can't find anything
quite like this:
https://sourceforge.net/p/enigmail/bugs/search/?q=unencrypted

Is this something that should be added to the list of bugs?

Regards,
/Lars

___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net