Re: [Enigmail] enigmail fails to start

[Philip Jackson]

On 27/07/2019 19:04, Patrick Brunschwig wrote:
> I think you suffer the same issue as Jan-Peter Rühmann - one of your
> keys is spoiled with 100.000s of useless signatures.
>
> See here for more details:
> 

Thank you Patrick - using info from the link you provided, I ascertained that 
it was key  r...@sixdemonbag.org 0x1DCBDC01B44427C7  that seems to have been 
the problem.

Philip

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] enigmail fails to start

[Philip Jackson]

Using enigmail version 2.0.12 (20190707-1417)
Thunderbird 60.8.0 (64-bit)
gpg 2.2.4
in UbuntuStudio 18.04 LTS

I noticed over the past couple of weeks that occasional emails in gnupg or 
enigmail lists appeared to have no content, only the footer. The message source 
showed these were signed messages.

Investigation [Thunderbird's About Enigmail] showed that enigmail "failed to 
access its core function" on the line where it normally shows "Using gpg 
executable /usr/bin/gpg to encrypt and decrypt"

I checked and gpg and gpg-agent were running.

I haven't changed anything in the setup for years except for recent advice 
about keyservers. I ran the Enigmail wizard but it seems to hang whatever 
initial selection I make - but curiously after about 10 minutes when I've given 
up expecting anything to happen, I suddenly find a setup dialogue with 
preferences and showing that gpg has been found in /usr/bin/gpg. This seems to 
enable enigmail to locate gpg and it all works.

Next boot up and start of Thunderbird and I'm back in the same non-functional 
situation.

Any hints as to where I might find why enigmail can't start automatically when 
I launch Thunderbird?

Philip

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] "Let subject unprotected" needs improvement

[Philip Jackson]

On 15/02/18 22:12, Daniel Kahn Gillmor wrote:
>   Leave subject unprotected

That's my preferred choice.

Philip

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Télécharger GnuPG pour Enigmail ?

[Philip Jackson]

On 16/07/16 16:42, Yves Penninck wrote:
> Bonjour,
> 
> Je n'arrive pas à télécharger ce programme avec Enigmail; voulez-vous m'aider 
> ?
> Merci pour votre aide.
> Bien à vous.
> 
> yves
> 
Bonjour Yves,

cette liste a anglais pour langue - mais allez sur le site :

https://www.gnupg.org/download/index.html

et selectionnez (en bas de page) la version qui correspond a votre OS (windows,
linux, ...)

Cordialement,
Philip


___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Enigmail v1.9 Beta 1

[Philip Jackson]

On 03/01/16 14:32, Patrick Brunschwig wrote:
> I have created the first *beta* release of Enigmail v1.9.

OK got it running with Thunderbird 38.4.0 on UbuntuStudio 1404
and with Icedove 38.4.0 on DEb Jessie 8.2

Thanks,
Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Thunderbirds "Edit as new message" with enigmail

[Philip Jackson]

On 08/10/15 18:18, Patrick Brunschwig wrote:
> On 06.10.15 19:58, Philip Jackson wrote:
>> On 06/10/15 14:13, Patrick Brunschwig wrote:
> 
>>>
>>> Are we talking about PGP/MIME or inline-PGP messages?
>>>
> 
>> PGP/MIME in my case too.
> 
> I think I found (and fixed) the error. Please try the latest nightly
> build (which I built a few minutes ago).
> 
> -Patrick

Been out all day but just tried the latest nightly build and the problem raised
by OP seems to have disappeared.  All sent/signed messages now display text when
'edit as new message' is clicked.

There still remains a small difference in behaviour though between messages with
attachments and those without.

If I right click and select 'edit as new message' on a sent/signed message which
has an attachment, the message opens and display all body text.  When I click to
close, I get a dialog :

"Message has not been sent. Do you want to save the message in your drafts
folder (Drafts)?"

In exactly the same circumstances BUT with a sent/signed message WITHOUT an
attachment, click to close just closes with no dialog box.  (also same with a
sent/unsigned message).

So there is some slight difference in treatment of messages with and without
attachments.  This doesn't cause me any problem but I note it in case it rings
any bells with anyone.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Thunderbirds "Edit as new message" with enigmail

[Philip Jackson]

On 05/10/15 14:16, Patrick Brunschwig wrote:
> I assume the message text has not been "converted" to an additional
> attachment?

No, Patrick.  For sent/signed which originally had an attachment, the text
displays correctly and the attachment is still there as an attachment.

For sent/signed with no original attachment, the text does not display and there
are no attachments at all shown.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Thunderbirds "Edit as new message" with enigmail

[Philip Jackson]

On 05/10/15 07:34, Patrick Brunschwig wrote:
> Please retry with todays nightly build. I think I fixed this yesterday
> afternoon.


I just downloaded : 1.9a1pre (20151004-2213)

The problem must be more complicated because on some "sent and signed" emails
the problem has now disappeared but on most sent and signed  emails it is still
as described by the OP.

The sent/signed messages which display text correctly when "right click/edit as
new message" are to the same recipient.   When I ask to close the write window,
I get the correct dialog box about choosing to save or not save.

Other recipients with sent/signed messages do not display text.  When I click to
close the write window, it just closes with no dialogue.

I didnt see any error or warning messages in Thunderbirds error console in
either case - just lots of info stuff.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Thunderbirds "Edit as new message" with enigmail

[Philip Jackson]

On 05/10/15 07:34, Patrick Brunschwig wrote:
> Please retry with todays nightly build. I think I fixed this yesterday
> afternoon.


Further to my earlier reply, there are a couple of other observations :

-   I have found other examples of sent/signed messages which show full 
text when
'edit as new message' is clicked

-   not all messages to the same recipient show the same effect.

The common factor to all sent/signed messages which do display text seems to be
that the message also has an attachment.

Other messages to the same recipient which are sent and signed but have no
attachment do not show full text.

Encrypted and unsigned messages do show full text, as the OP described.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Thunderbirds "Edit as new message" with enigmail

[Philip Jackson]

On 04/10/15 22:10, Alexander Buchner wrote:
> In my "Sent" folder I have many mails which are signed & unencrypted.
> 
> When I right-click --> Edit as new message them the text field is just
> empty. Recipients and subject are like they should.
> 
> This does NOT happen with encrypted messages. It neither happens if the
> message I sent was neither signed nor encrypted.

I confirm same results, so not your installation.

I'm using a recent nightly : 1.9a1pre (20150830-2213)

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Philip Jackson]

On 20/09/15 05:06, Robert J. Hansen wrote:
> First things first: rename it, because only hardcore nerds understand what CIA
> means.  (“What’s the difference between integrity and assurance?” is a really
> common question in undergraduate computer security courses.  Even computer
> science majors who have an interest in this stuff, as evidenced by signing up 
> to
> take a class in it, generally don’t understand it.)  I’m going to rename the
> triad the PAI triad: Privacy, Authenticity, and Identity.  Further, instead of
> giving incredibly detailed “valid signature but the certificate has not been
> validated” types of messages, let’s reduce it to binary choices.  People like
> binary choices: they’re easy to understand.
> 
>   * *Privacy* is a binary state: yes the message was private (encrypted), or 
> no
> it was not.
>   * *Authenticity*//is also a binary state: we are confident the message is
> authentic, or we are not.
>   * *Identity* is also a binary state: we are confident it came from the
> specified person, or we are not.
> 
> 
> We can present this information to the user using just three letters in
> different colors—green for yes, black for no.  Imagine, for instance, that we
> have an untrusted good signature on an unencrypted message.  We would then put
> at the top of the email:
> 
> Privacy   AuthenticityIdentity
> 

Clear thinking and well presented.  I like this idea.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Enigmail with Keepass2 on Linux

[Philip Jackson]

Hi :

On 28/06/15 00:11, jess_garg...@keemail.me wrote:
 I'm unable to use Keepass2's auto-type on Enigmail's pinentry window. It seems

 to rarely be able to type in the whole key, nor can I copy  paste my key 
 there.
 
 Is there a solution to this? Is it a known problem?

This is unfortunately, one of those areas where I suffered the most
disappointment when I moved over from Windows7 to linux last year.   The
auto-type capability under linux doesn't match up to that under windows.

From what I've understood (and that may be limited) the difficulty lies within
'mono'.  However, the situation improved somewhat with the latest update of
KeePass2 but I don't know what they did.

Presently, I'm using a smartcard so I don't need KeePass2 for enigmail.

But, in general, for login to websites and other applications using pinentry, to
get the password to autotype into the pinentry dialogue box - with focus in the
dialogue box, right click on the KeePass2 entry and select Perform auto-type.

Since recent updates, the right click + 'Crtl-V' also works.

I'm using linux UbuntuStudio 1404 (with all updates); KeePass2 v2.29 ; mono
seems to be 3.2.8+dfsg-4ubuntu1.1

HTH

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Questions for GUI change

[Philip Jackson]

On 22/05/15 17:46, Patrick Brunschwig wrote:
 understand like 1 star to 5 stars with some explanation.
 E.g.
 - 1 star = I don't know the owner of the key
   ...
 - 5 stars = I'm very sure that the key is from the person it it
 supposed to be and I know that person well.
 
 Depending on the number of stars, the keys are automatically signed
 and trusted with a specific type of answer.

I don't agree with the creation and use of surrogate units like 'stars'.

I would prefer just the statement or statements in plain text as in DKG 
suggestion :

I think this key is valid or
I believe this key belongs to Mary

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] blank enigmail alert box

[Philip Jackson]

On 18/05/15 14:06, Philip Jackson wrote:
 On 18/05/15 08:32, Patrick Brunschwig wrote:
 And how could enigmail display an alertbox which contained no
 message ?
 I think because of this (which is issued at the end of the
 decrypt/verify command):
 gpg: O j: can't encode a 512 bit MD into a 608 bits frame
 
 Well thank-you for the efforts, Patrick.
 
 That particular key is still not visible anywhere within enigmail's key
 management on this machine although clearly enigmail is using it.  I just
 retried opening Thunderbird and reading only this single message and asking
 enigmail to show me the key info.
 
 The log file shows the 'O j' message 3 times but I never had the blank
 alertbox again (only the very first time).
 
 I'll have to leave this as one of those unsolved mysteries of life.

Just a note to close the loop on this matter.

A couple of days after my last posting, I wanted to look at a key listing so
used gpg2 -k.  The listing was not complete and ended in the same odd Oh
je... message.  However I was able to get the full listing using gpg -k

So I took this issue up on the gnupg-users list and Werner came up with this -

 gpg tried to verify a key signature and ran into that problem.  Of
 course it should not abort here.  It would be helpful if you can you
 figure out which key causes the problem.  Maybe the key shown last or
 the one which would be shown next.  Running with --debug 64 might give
 some hints.

I found a key causing this problem.  gpg2 --delete-keys keyID failed on the
problem key giving the same 'O j...' message but gpg did the job.

Once the problem key had been deleted, enigmail then displayed correctly the key
that it previously wouldn't display - either in Key Management or in
'Details/View key properties'.

I don't understand what was the connection between the key I deleted and the one
that enigmail wouldn't display - the one was not used as a signatory on the
other. Nor were they adjacent on the keyring.

Of interest however, is that gpg2 wouldn't delete the problem key.  I had to
fall back on gpg 1.4.xx --, the series that enigmail is going to abandon.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] blank enigmail alert box

[Philip Jackson]

On 18/05/15 14:06, Philip Jackson wrote:
 On 18/05/15 08:32, Patrick Brunschwig wrote:
 And how could enigmail display an alertbox which contained no
 message ?
 I think because of this (which is issued at the end of the
 decrypt/verify command):
 gpg: O j: can't encode a 512 bit MD into a 608 bits frame
 
 Well thank-you for the efforts, Patrick.
 
 That particular key is still not visible anywhere within enigmail's key
 management on this machine although clearly enigmail is using it.  I just
 retried opening Thunderbird and reading only this single message and asking
 enigmail to show me the key info.
 
 The log file shows the 'O j' message 3 times but I never had the blank
 alertbox again (only the very first time).
 
 I'll have to leave this as one of those unsolved mysteries of life.

Just a note to close the loop on this matter.

A couple of days after my last posting, I wanted to look at a key listing so
used gpg2 -k.  The listing was not complete and ended in the same odd Oh
je... message.  However I was able to get the full listing using gpg -k

So I took this issue up on the gnupg-users list and Werner came up with this -

 gpg tried to verify a key signature and ran into that problem.  Of
 course it should not abort here.  It would be helpful if you can you
 figure out which key causes the problem.  Maybe the key shown last or
 the one which would be shown next.  Running with --debug 64 might give
 some hints.

I found a key causing this problem.  gpg2 --delete-keys keyID failed on the
problem key giving the same 'O j...' message but gpg did the job.

Once the problem key had been deleted, enigmail then displayed correctly the key
that it previously wouldn't display - either in Key Management or in
'Details/View key properties'.

I don't understand what was the connection between the key I deleted and the one
that enigmail wouldn't display - the one was not used as a signatory on the
other. Nor were they adjacent on the keyring.

Of interest however, is that gpg2 wouldn't delete the problem key.  I had to
fall back on gpg 1.4.xx --, the series that enigmail is going to abandon.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] blank enigmail alert box

[Philip Jackson]

On 18/05/15 08:32, Patrick Brunschwig wrote:
 And how could enigmail display an alertbox which contained no
  message ?
 I think because of this (which is issued at the end of the
 decrypt/verify command):
 gpg: O j: can't encode a 512 bit MD into a 608 bits frame

Well thank-you for the efforts, Patrick.

That particular key is still not visible anywhere within enigmail's key
management on this machine although clearly enigmail is using it.  I just
retried opening Thunderbird and reading only this single message and asking
enigmail to show me the key info.

The log file shows the 'O j' message 3 times but I never had the blank
alertbox again (only the very first time).

I'll have to leave this as one of those unsolved mysteries of life.

Philip





signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] blank enigmail alert box

[Philip Jackson]

On 17/05/15 17:31, Patrick Brunschwig wrote:
 On 16.05.15 21:10, Philip Jackson wrote:
 On 16/05/15 16:22, Patrick Brunschwig wrote:
 On 16.05.15 14:50, Philip Jackson wrote:
 enigmail 1.8.2 Thunderbird 31.6.0 UbuntuStudio 1404, gnupg
 2.0.22

 Selecting the next message in a new thread of enigmail mail
 caused an enigmail alert box to appear containing nothing but a
 red exclamation mark and an ok button.

 The message was apparently a signed message but no enigmail
 header was displayed.  I clicked ok to get rid of the alert box
 and then tried to check the key properties.

 It looked like I didn't have the key (normally these are
 imported automatically on my setup) so I tried a manual import
 using the fingerprint details supplied by the writer at the
 bottom of the email and got the message unchanged 1.

 So it looked like the key had already been present.  This was 
 confirmed by a gpg2 -k keyid  The key appears to be a
 normal 4096 RSA key with RSA subkeys.

 After closing and reopening Thunderbird, the enigmail header
 was correctly present and Details/Enigmail security info shows
 ok but Details/View Key properties does nothing.

 It looks like something with automatic importing of the key
 didn't succeed (or was not fast enough).

 Searching in Enigmails Key Management fails to show this key.

 File  Reload Key Cache (in the key manager)
 
 This doesn't change anything in this case.  That particular key
 doesn't show in enigmail's key listing.  Clearly enigmail has
 access to the key because it show the enigmail header and shows key
 id in security info.
 

 I have a screenshot of the alertbox and an enigmail debug log
 if those seem useful.

 Sure, send them to me.

 
 sent in separate email.
 
 There are several problems related to the message:
 
 1. The message seems to be signed by multiple keys, but my GnuPG 2.1
 issues the following message when I try to import the key:
 
 gpg: key 547B7194: rejected by import screener
 gpg: Total number processed: 

This is not the key which caused the problem.  I have this key since some time
and I live with the problem that gnupg 2.0.22 cannot handle the ECC keys - for
this key, enigmail correctly gives me a yellow header Part of the message
signed with unknown key; the key type is not supported by your version of Gnupg

It is the next message down from line 1800 (or so) in the debug log I sent that
caused the problem : 9bc6b3cf

Enigmail key manager will not display this key (9bc6b3cf) although it is present
in my keyring and enigmail has access to it because it now correctly displays a
blue header and Details shows the key id. But  Details/View key properties
does nothing
and a manual look in Key Manager shows nothing.

gpg -k keyID   does show the key and shows that the primary is an RSA 4096 and
there are 3 subkeys each RSA 2048 and 1 subkey RSA4096

These details are confirmed on my other pc (Debian8, Icedove 31.6.0 enigmail
1.8.2 but with gnupg 2.1.3) and on this machine, enigmail key manager does
display this key correctly.

Since Icedove is at the same revision as Thunderbird and enigmail is same on
both, I would have expected this RSA key to be well displayed in both.

And how could enigmail display an alertbox which contained no message ?

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] blank enigmail alert box

[Philip Jackson]

On 16/05/15 16:22, Patrick Brunschwig wrote:
 On 16.05.15 14:50, Philip Jackson wrote:
 enigmail 1.8.2 Thunderbird 31.6.0 UbuntuStudio 1404, gnupg 2.0.22
 
 Selecting the next message in a new thread of enigmail mail caused
 an enigmail alert box to appear containing nothing but a red
 exclamation mark and an ok button.
 
 The message was apparently a signed message but no enigmail header
 was displayed.  I clicked ok to get rid of the alert box and then
 tried to check the key properties.
 
 It looked like I didn't have the key (normally these are imported
 automatically on my setup) so I tried a manual import using the
 fingerprint details supplied by the writer at the bottom of the
 email and got the message unchanged 1.
 
 So it looked like the key had already been present.  This was
 confirmed by a gpg2 -k keyid  The key appears to be a normal
 4096 RSA key with RSA subkeys.
 
 After closing and reopening Thunderbird, the enigmail header was
 correctly present and Details/Enigmail security info shows ok but
 Details/View Key properties does nothing.
 
 It looks like something with automatic importing of the key didn't
 succeed (or was not fast enough).
 
 Searching in Enigmails Key Management fails to show this key.
 
 File  Reload Key Cache (in the key manager)

This doesn't change anything in this case.  That particular key doesn't show in
enigmail's key listing.  Clearly enigmail has access to the key because it show
the enigmail header and shows key id in security info.

 
 I have a screenshot of the alertbox and an enigmail debug log if
 those seem useful.
 
 Sure, send them to me.
 

sent in separate email.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] pinentry, keepass2 Enigmail on Debian Jessie

[Philip Jackson]

On 06/05/15 01:42, David wrote:
 I use, paid for, Keepass2 for Windows. I have for years. My comment was
 in reference to the provider of Gnu4Win that has decided that he will be
 my nanny and not let me easily use KeePass2 with his package as I do
 with so many other logins.


Strange, I don't understand the difficulty you had.  I used Windows7 with
Gnupg4win and KeePass2 and if anything, it worked more smoothly on that setup
than on linux.  Autotype worked extremely well and integrated well with the os
and applications.

Since I moved to linux about a year ago, I've had to settle for a less easy
interface between my applications and KeePass2 with autotype being less easily
integrated.  I look forward to moving up to Jessie on my laptop and checking it
out to see if I can share the same happiness that Jerome has found.

(And, as I remember it, KeePass2 on Windows did not need buying unless you mean
you made a voluntary contribution.)

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] strange unrequested display of signatures

[Philip Jackson]

On 06/05/15 18:05, Patrick at wrote:
 On 03.05.15 13:54, Philip Jackson wrote:
 using enigmail 1.8.2 with Ubuntu 1404 and Thunderbird 31.6.0
 
 A signed incoming email had displayed below the text a colon
 separated sub-listing ( about 250 lines) of some parts of my public
 keyring.  Some fields are truncated.  In fact every line is
 truncated at max 58 characters.  They are of this form :
 
 1:3F0111222EEE4449:K::? 1:3F0111222EEE4449:U:::m:::Xxxx Yyyy
 em...@yayayaya.de:
 
 
 This unexpected listing is below the text but before the
 ** *END ENCRYPTED or SIGNED PART* ** marker.
 
 Beyond selecting the email in the Inbox tab listing, I did not
 click on any other button, menu item of enigmail or thunderbird.
 
 I have seen this effect once before (around a week or 10 days' ago)
 and it disappeared when I focused on another message.  I could not
 get it back by reopening the 'offending' message.
 
 This time, I've saved the enigmail debug and copied the whole of
 the displayed text - so I do have a record this time.  Once the
 focus goes to another message, this strange listing does not
 reappear.
 
 Has anyone seen similar episodes ?
 
 Patrick - let me know if you'd like the files.
 
 I can see in the log that you have enabled --list-packets and/or
 enabled gpg debugging.

In enigmail preferences/Advanced/Additional parameters for GnuPG,  I have -v 
set.

 
 It seems to me that the sender's key was automatically downloaded
 while you were viewing / verifying the message and this looks like
 some part of the output from re-calculating the trustdb.
 
 If I'm right, then you should be able to reproduce this behavior by
 deleting the sender's key, re-calculating the trustdb and then viewing
 the message again.

You are right, Patrick.  I just tried your suggestions.
I deleted the key, did a --check-trustdb and then reopened the email concerned.
 A similar (possibly identical) listing appeared just before the closing marker
for the End of encrypted or signed part.

I then removed the -v from the preferences and repeated the procedure.  The
unwanted listing was not there.

I restored the -v preference, repeated the procedure and the unwanted listing
is back.

So your supposition is correct.  It seems that enabling verbose logging causes
the unwanted listing to appear when a new key is imported and the trustdb
recalculated.  That seems to me to be an unwanted / undesirable bug.

I don't suppose you class it as a feature ?

Philip




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] strange unrequested display of signatures

[Philip Jackson]

using enigmail 1.8.2 with Ubuntu 1404 and Thunderbird 31.6.0

A signed incoming email had displayed below the text a colon separated
sub-listing ( about 250 lines) of some parts of my public keyring.  Some fields
are truncated.  In fact every line is truncated at max 58 characters.  They are
of this form :

1:3F0111222EEE4449:K::?
1:3F0111222EEE4449:U:::m:::Xxxx Yyyy em...@yayayaya.de:


This unexpected listing is below the text but before the  ** *END
ENCRYPTED or SIGNED PART* ** marker.

Beyond selecting the email in the Inbox tab listing, I did not click on any
other button, menu item of enigmail or thunderbird.

I have seen this effect once before (around a week or 10 days' ago) and it
disappeared when I focused on another message.  I could not get it back by
reopening the 'offending' message.

This time, I've saved the enigmail debug and copied the whole of the displayed
text - so I do have a record this time.  Once the focus goes to another message,
this strange listing does not reappear.

Has anyone seen similar episodes ?

Patrick - let me know if you'd like the files.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] strange unrequested display of signatures

[Philip Jackson]

On 03/05/15 16:28, Patrick Brunschwig wrote:
 Sure, send me the logs.
 
 Patrick


Done.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] UI/UX for bad signatures

[Philip Jackson]

On 08/04/15 17:33, Daniel Kahn Gillmor wrote:
 On Tue 2015-04-07 16:52:51 -0400, Philip Jackson wrote:
 I would prefer to have the information that the signature existed but
 was broken.  This provides a hint that the sender cared sufficiently
 and believed that the message content deserved a signature.  It is an
 item of meta-data that should be of interest to the receiver.
 
 I guess i'm not proposing that we must hide all of this information
 entirely from the user -- if there is a permanent enigmail header view,
 we could expose it the details button, for example.  I'm just
 questioning the need to display it in scary colors, or to foreground the
 breakage if the user really doesn't have many options to deal with it
 effectively, and if we're not also highlighting the lack of integrity or
 authenticity of unsigned messages.

That would be fine.

 
 Even if he automatically signs everything he sends out (which would
 tend to lessen the concern about any individual item deserving a
 signature), it is, in my opinion, still of interest to know that the
 message was signed.
 
 I agree it's of interest to some people.  But if we're aiming for
 enigmail to be useful to a wide range, is a broken signature indicator
 something we want the general public to have to deal with?

Hiding the information from any user would, in my opinion, be undesirable.  This
is not to say we should go to the other extreme and hoist warning flags in
garish colors.  Some sort of middle way must be found where a 'gentle'
indication of signature failure is given and this should be backed up by further
information (as detailed as you like) behind the 'Details' button.

 
 If the contents of the message with a broken signature flag were of
 sufficiently high priority to me, I could take some action to contact
 the sender by other means - encrypted email, phone, snail mail, direct
 contact or by a sign left beneath a bush in the local park.
 
 Surely this is true of unsigned mail as well, no?

True




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Enigmail 1.8.2 - Beta 3

[Philip Jackson]

On 05/04/15 11:59, Patrick Brunschwig wrote:
  The two messages which were not successfully processed could be
  decrypted but only if I used the full passphrase and not the
  smartcard pincode.   Since I succeeded in getting the smartcard to
  work a few weeks' ago, I have not had to use the full passphrase so
  I do not understand what is the problem with these 2 messages but
  it does not appear to be connected with the enigmail filter.
 I would think that these messages are not encrypted with your
 smartcard key, but with another key (or maybe 2 keys). It's possible
 that GnuPG first tries the key for which it has no passphrase. The
 dialog comes from GnuPG, thus I cannot tell you anything more about it.

You're right, Patrick.  The 'difficult' messages were encrypted to a subkey not
present on the smartcard.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Enigmail 1.8.2 - Beta 3

[Philip Jackson]

Hi Patrick :

On 02/04/15 18:32, Patrick Brunschwig wrote:
 I fixed a few bugs over the last couple of days. As some of the
 changes were not straight forward, I have uploaded a new beta version
 for public testing.
 
 The fixed bugs mainly cover message composition, saving (encrypted)
 drafts and improvements to the Decrypt Permanently / Create
 decrypted copy message filters.
 
 Please let me know of any regressions compared to v1.8.0 / v1.8.1
 
 https://www.enigmail.net/download/beta/enigmail-1.8.2-pre3.xpi
 

Using Enigmail version 1.8.2pre3 (20150402-1802) with Thunderbird 31.6.0 in
ubuntu linux :

Using the 'Create decrypted copy' version of the filter to decrypt and send the
decrypted copy to another folder 'autodecrypt' -

A)  Testing from Thunderbird's toolbar : Tools/Run filters on message (for one
or several selected messages).  This raises a couple of questions :

1.  When I go to the autodecrypt folder, the decrypted messages are there 
but
each message has the paperclip attachment flag displayed even though most have
no attachment.  When a message with no attachment is selected, the paperclip
disappears.

The original encrypted messages were pgp/mime so is the paperclip a remnant of
the signature.asc attachment ?

2.  After running the filter, a message appears in the status bar at the 
bottom
of Thunderbird - 'moved x messages from Inbox to autodecrypt'.   The figure 'x'
seems to increment if the filter is run several times in fairly quick succession
but if the delay is a little longer (about 2 minutes ? ), 'x' restarts from 1
(or whatever number of messages were processed on that occasion).

Is that an enigmail logic or is it down to Thunderbird ?

B)  Further testing from Thunderbird toolbar Tools/Run Filters on Folder had
some interesting results.  I'm using a smartcard and Thunderbird requested as
usual, my pincode and then proceeded to process the filter and I could see the
number incrementing on the bottom status bar.   After 18 messages, the filter
process stopped and a pinentry dialog asked for my passphrase (not my smartcard
pin number) - I skipped this one and noted the subject line for later
investigation.

After 20 messages, again the passphrase was requested for another message.
Again I skipped and noted the subject line.

The above was repeated a couple of times on the folder with the same results.

The two messages which were not successfully processed could be decrypted but
only if I used the full passphrase and not the smartcard pincode.   Since I
succeeded in getting the smartcard to work a few weeks' ago, I have not had to
use the full passphrase so I do not understand what is the problem with these 2
messages but it does not appear to be connected with the enigmail filter.

Another interesting occurence which I have never had with Thunderbird in years
of use - I had occasion to exit Thunderbird several times during this session of
testing (for reasons unrelated to the testing) and on a couple of times after
testing on the full folder (rather than on selected messages) I was unable to
restart Thunderbird.  The message was that Thunderbird was already running.

Sure enough, there was Thunderbird process still running which I had to kill.
On the second occasion I noted that it was owned by 'root'.  I don't know if
this is connected with the testing with the filter but if it recurs, I'll let
you know.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Enigmail 1.8.2 - Beta 3

[Philip Jackson]

On 04/04/15 20:10, Philip Jackson wrote:
 Another interesting occurrence which I have never had with Thunderbird in 
 years
 of use - I had occasion to exit Thunderbird several times during this session 
 of
 testing (for reasons unrelated to the testing) and on a couple of times after
 testing on the full folder (rather than on selected messages) I was unable to
 restart Thunderbird.  The message was that Thunderbird was already running.

I've tried several times and this problem recurs easily.  It hasn't happened
when I've run the filter only on selected messages.  But it happens every time I
run the filter on the whole of the Inbox.

If I close Thunderbird after running the filter on the whole of the Inbox
folder, there remains a running Thunderbird process which prevents me from
simply exiting and re-starting Thunderbird.

I have several encrypted files which the filter will only process if I provide
the passphrase (not the smartcard pincode).  It does not make any difference
whether I supply the passphrase or skip those messages, simply running the
filter on the whole folder is sufficient to cause the Thunderbird process to
stay running and not die when Thunderbird is exited.

It would be good to know if anyone else has seen this behavior.

Philip




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Paste passphrase from clipboard into pinentry dialogbox

[Philip Jackson]

On 28/03/15 20:30, Daniel Kahn Gillmor wrote:
 I quite like the Keepass approach.
 
 But it's not clear to me that this will work, at least for the versions
 of pinentry i've seen that grab the input devices (i'm seeing this on
 X11, at any rate).  In this case, I don't think there is a way to
 trigger keepass to get it to type into the pinentry dialog.
 
 What platforms as this approach been tested on?

I used KeePass2 on WindowsXP and 7 for some years and the autotype with 2
channel obfuscation worked very well as did the selection and inclusion of the
various dialog boxes that would require auto-completion with either username and
password or just password according to the case.  This included the pinentry 
boxes.

KeePass2 wipes the clipboard after a delay which can be set by the user.

When I moved from Windows to UbuntuStudio 14.04, I tried KeePassX which was in
the distro as standard but it seemed to me more limited so I went back to
KeePass2 and had quite a bit of trouble to get the autotype working although the
KeePass website does have some info.  The difficulty was linked to the
dependence on mono.

It still doesn't work in the same easy fashion that I had with Windows7 and I
can't get a system wide keyboard shortcut for autotype to work at all.  Nor can
I get the KeePass2 shortcut of Ctrl-V to do the autotype but a rightclick
followed by a left click on the dropdown list does work ok.

(I noticed a Ubuntu software update a few days ago included some stuff on mono.
 Today, I have found that my keyboard numeric pad no longer works inside
KeePass2 and I'm wondering if the two events are connected.)

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] enigmail's new handbook - for 1.8 : smartcard reset

[Philip Jackson]

Hi Ludwig :

On 21/03/15 16:26, Ludwig Hügelschäfer wrote:
 We'll collect
 feedback for a time and publish a corrected version afterwards.

Another comment connected with smartcard usage.  In the new handbook, next to
last paragraph on page 98, it says :

 The card is used to store the actual secret key. A secret key stub remains
 within the secret keyring so that gnupg knows about the key on the card and
 can prompt you to insert the card if it is needed and perform key operations.

It would be good if enigmail did prompt the user to insert the missing card.
However, after several tries, I can say that (in linux TB 31.5.0 and enigmail
1.9a1pre nightly) no such prompt is received.

1. Sending a signed email

What does happen when trying to send an email where signing is required (either
on its own or in combination with encryption) is that an anonymous enigmail
alert is given :

Error - encryption command failed

 - pressing OK button brings up another message box :

Sending of message failed.
Please verify that your Mail and Newsgroups account settings are correct and try
again

While the first (Enigmail alert) message is certainly correct, it does not hint
at the nature of the problem.  The second message is also correct in so far as
the sending did fail but it makes a suggestion which is misleading and not at
the heart of the problem.

The heart of the problem being that the smartcard is not inserted.

2. receiving an encrypted email

Without the smartcard being inserted, the encrypted mail causes a pink enigmail
header :  Decryption incomplete; click on 'Details' button for more 
information

The Details button provides an enigmail alert :

Enigmail Security Info

Decryption incomplete
Public key 0x used to verify signature

Note: The message is encrypted for the following User ID's / Keys:
  0x (Abc Xyz) abc@example.com)


Although this implies that the secret key has not been found, there is no
explicit warning that the secret key is not available and that the smartcard
should be inserted.

By way of a conclusion, I would say that the current text in the handbook is not
exactly correct but it would certainly be a nice feature to have available in
enigmail.  (Especially since I already made this mistake.)

Perhaps others will know if the behaviour I have quoted is the same under
Windows and Mac.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] GPG1 issue

[Philip Jackson]

On 20/03/15 15:27, Leon Smith wrote:
 Hello,
 
 On my computer I have both GnuPG1  GnuPG2 installed, however for some
 odd reason Enigmail refuses to detect GnuPG2 and only detects GnuPG1.
 What exactly ought I to do to fix this?
 

Did you try to override the gpg that enigmail finds ?

In enigmail/preferences/Basic you can check the box Override with  and enter
the path to gpg2 in the field alongside.

If you don't know where gpg2 is hiding itself, try which gpg2 in a terminal.
You should then get the path to gpg2

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Dropped Support for GnuPG 1.4.x in Nightly Builds

[Philip Jackson]

On 19/03/15 21:12, Philip Jackson wrote:
 On 19/03/15 18:36, Patrick Brunschwig wrote:
 I pushed a number of changes that remove support for GnuPG 1.x from
 Enigmail. The main objective was to remove anything concerning
 passphrase handling from Enigmail, as GnuPG 2.x does this by itself.

 Given the many places I had to touch in the code, I wanted to do this
 as early as possible, such that we can test if this works OK for the
 whole cycle of 1.9 nightlies.

 It certainly doesn't like gnupg 1.4.16 !!  I lost track of the number of 
 warning
 dialogs it gave me and I had to restart Thunderbird to get enigmail back.
 
 It also failed to send this message signed with enigmail alert
 
 Error - encryption command failed
 

Whoops - sorry.  Ignore the bit about failing to send message 'signed'.  That's
down to my finger trouble.  I've just succeeded in getting my smartcard to work
AND I FORGOT TO PLUG IT IN !!

Sorry about that.

Philip




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] spontaneous change of message status

[Philip Jackson]

On 16/03/15 08:40, Patrick Brunschwig wrote:
 On 14.03.15 17:39, Philip Jackson wrote:
 On 14/03/15 15:22, Patrick Brunschwig wrote:
 On 13.03.15 20:06, Philip Jackson wrote:
 On 13/03/15 17:16, Patrick Brunschwig wrote:
 On 13.03.15 15:45, Philip Jackson wrote:
 For this spontaneous change to occur, one needs these 
 factors to exist :

 1. the 'To' field is in red type (with a red cursor)
 2. the 'To' field must be completed and not left blank
 3. the spontaneous change in message status occurs
 around five or six minutes into the creation of the
 email - the body can be blank or partly filled.

 Could it be triggered by auto-saving a draft message?

 Thanks Patrick - you're spot on !  After all the years of
 using it, I didn't even know Thunderbird did periodic
 backups.  I've never seen a backup directory in the file
 system nor in the profiles. However, it was doing a backup
 every 5 minutes.

 I was rather inexact in the original description above.
 Only the different check box is ticked.  The change in the
 displayed message status and the icons on the enigmail
 toolbar doesn't happen until I click 'ok'.

 What I don't understand is why sometimes I get a red 
 cursor/ text in the 'To' field and sometimes black.  I
 can provoke a red address field entry by making any
 address incomplete but my address for enigmail-users
 seems correct and complete.

 That's Thunderbird behavior - nothing Enigmail
 influences and nothing Enigmail could do to improve it.

 True.  But I still don't understand why sometimes
 Thunderbird considers the To address broken.  The emails
 always arrive at destination ok.  And it is not consistent
 for any given address.

 But I do consider that a spontaneous change to
 established message conditions should not occur.

 Agreed

 The change induced by Thunderbird seems to be one way only
 : sign - encrypt. It doesn't reverse itself back to 'sign
 only' after a further backup period. But if you reset to
 'sign only', after another backup period, it flips again to
 encrypt.

 I'm trying to reproduce it, but so far didn't succeed. What
 are your account settings and other rules when this happens?


 My account settings on OpenPGP Security : enable PGP support,
 Use specific PGP key, sign by default, PGP/MIME by default,
 sign non encrypted messages, sign encrypted messages, encrypt
 draft messages on saving.

 Nothing set under account settings Security.

 Enigmail preferences / Sending = Convenient encryption
 settings, Key Selection : By Per-recipient, By email addresses

 For this to happen when writing an email :

 1. Thunderbird preferences/Composition/General : check
 autosave (every 5 minutes), confirm when using keyboard
 shortcuts, check for missing attachments 2. 'To' field in email
 must be red.  This happens at random for any given email
 address but I can provoke it by breaking the address.  (I
 assumed the red indicated that Thunderbird considered the
 address broken ) 3.  The 'To' field must have an entry 4. The
 enigmail setting for that email must be 'sign only'

 Then just sit and wait for five minutes while checking the
 enigmail toolbar button from time to time.

 I still cannot reproduce it. Could you send me a debug log file
 (menu Enigmail  Debugging Options  View Log)?

 
 sent to you at your address.
 
 Apart from the Thunderbird peculiarity of turning the address field
 red (even though the address is already in my address book since
 years), it looks like the tick box flips from 'sign' to 'encrypt'
 when Thunderbird auto-saves a copy of the mail being prepared for
 sending.
 
 Unless the sender actually clicks on the enigmail button in the
 enigmail toolbar and also clicks on ok, this autosave process
 doesn't actually affect the final email status when it is sent.  If
 it was originally 'sign' only, that is the way it gets sent.  The
 encrypt only affects the auto-backup, as far as I can tell.
 
 This should be fixed with the latest nightly build.
 
Looks ok with 16 March nightly
Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] spontaneous change of message status

[Philip Jackson]

On 13/03/15 17:16, Patrick Brunschwig wrote:
 On 13.03.15 15:45, Philip Jackson wrote:
 For this spontaneous change to occur, one needs these factors
 to exist :

 1. the 'To' field is in red type (with a red cursor) 2. the
 'To' field must be completed and not left blank 3. the
 spontaneous change in message status occurs around five or six
 minutes into the creation of the email - the body can be blank
 or partly filled.

 Could it be triggered by auto-saving a draft message?
 
 Thanks Patrick - you're spot on !  After all the years of using it,
 I didn't even know Thunderbird did periodic backups.  I've never
 seen a backup directory in the file system nor in the profiles.
 However, it was doing a backup every 5 minutes.
 
 I was rather inexact in the original description above.  Only the
 different check box is ticked.  The change in the displayed message
 status and the icons on the enigmail toolbar doesn't happen until I
 click 'ok'.
 
 What I don't understand is why sometimes I get a red cursor/
 text in the 'To' field and sometimes black.  I can provoke a
 red address field entry by making any address incomplete but my
 address for enigmail-users seems correct and complete.

 That's Thunderbird behavior - nothing Enigmail influences and
 nothing Enigmail could do to improve it.
 
 True.  But I still don't understand why sometimes Thunderbird
 considers the To address broken.  The emails always arrive at
 destination ok.  And it is not consistent for any given address.
 
 But I do consider that a spontaneous change to established
 message conditions should not occur.

 Agreed
 
 The change induced by Thunderbird seems to be one way only : sign
 - encrypt. It doesn't reverse itself back to 'sign only' after a
 further backup period. But if you reset to 'sign only', after
 another backup period, it flips again to encrypt.
 
 I'm trying to reproduce it, but so far didn't succeed. What are your
 account settings and other rules when this happens?
 

My account settings on OpenPGP Security : enable PGP support, Use specific PGP
key, sign by default, PGP/MIME by default, sign non encrypted messages, sign
encrypted messages, encrypt draft messages on saving.

Nothing set under account settings Security.

Enigmail preferences / Sending = Convenient encryption settings,
Key Selection : By Per-recipient, By email addresses

For this to happen when writing an email :

1. Thunderbird preferences/Composition/General : check autosave (every 5
minutes), confirm when using keyboard shortcuts, check for missing attachments
2. 'To' field in email must be red.  This happens at random for any given email
address but I can provoke it by breaking the address.  (I assumed the red
indicated that Thunderbird considered the address broken )
3.  The 'To' field must have an entry
4. The enigmail setting for that email must be 'sign only'

Then just sit and wait for five minutes while checking the enigmail toolbar
button from time to time.

Hope this helps,
Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] spontaneous change of message status

[Philip Jackson]

Using Thunderbird 31.5.0 with Enigmail version 1.8a1pre (20150312-0013) on 
linux.

Recently, I've been paying a lot of attention to the new interface in enigmail
especially the enigmail toolbar when writing emails.  From time to time, I've
had the impression that a message which started out as 'This message will be
signed' with only the 'sign message' check box checked in the Enigmail
Encryption and Signing Settings box, has changed itself without my intervention
to 'This message will be encrypted' with the 'Encrypt Message' box ticked
instead of the 'sign message' box.

I've spent a little time this evening trying to track it down.  (and
incidentally, it has just happened in this message).  I do not understand
exactly why it's happening but I've found a couple of parameters involved.

For this spontaneous change to occur, one needs these factors to exist :

1. the 'To' field is in red type (with a red cursor)
2. the 'To' field must be completed and not left blank
3. the spontaneous change in message status occurs around five or six minutes
into the creation of the email - the body can be blank or partly filled.

What I don't understand is why sometimes I get a red cursor/ text in the 'To'
field and sometimes black.  I can provoke a red address field entry by making
any address incomplete but my address for enigmail-users seems correct and 
complete.

Anyway - that is what I've found.  If anyone can shed any light on this
'happening', I would be pleased.

But I do consider that a spontaneous change to established message conditions
should not occur.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] dubious behaviour of 1.8 enigmail toolbar

[Philip Jackson]

Using Sunday's nightly (Enigmail version 1.8a1pre (20150308-0013)) Thunderbird
31.5, linux.

Two manifestations of undesirable behavior.

1. When writing an email, I click on the icons to get non-encrypt and non-sign.
 I then click on the Enigmail: button and the 'Encryption signing and
settings' box opens with both the encrypt and sign checkboxes empty (as they
should be).

I agree that this is correct and so I click 'OK'.  The result is that the
message status immediately changes to sign and encrypt.

This seems to me to be undesirable behavior.  It was not immediately obvious to
me that the correct button to have clicked was the 'cancel' button.

2.  When writing an email, the icons are showing non-encrypt and non-sign.  I
want this email to be signed so I click the 'Enigmail:' button and check the
'Sign Message' box.

I click 'OK' and the message status immediately changes to 'signed and 
encrypted'

This also is undesirable behavior.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Enigmail v1.8 Beta 1

[Philip Jackson]

Hi Patrick :

I'm now Running Enigmail version 1.8a1pre (20150308-0013) - (Sunday's nightly)
on Thunderbird 31.5, Ubuntu 1404

There's still an odd behaviour on 'sender's key' offers.
see below

On 07/03/15 19:05, Patrick Brunschwig wrote:
 On 01.03.15 22:07, Philip Jackson wrote:


 I've found a glitch in enigmail 1.8beta  connected with sender's
 key options.
 
 If the mail has been signed, you have 3 ways to be offered some
 options for the sender's key :
 
 1. from the 'Details' button in the message header 2. from the menu
 bar Enigmail/ Sender's key/ 3. from the strange little icon (3
 small horizontal bars) on the right hand end of Thunderbird's Mail
 Toolbar.
 
 It is this latter which gives most often defective options.
 
 If there is no PhotoID with the key concerned, the PhotoID option
 is not greyed out, clicking it does however provide the message
 that no such id is available.


This is now ok - the photo-id option is greyed out in all Sender' key' offers if
the key has no photo id.


 If the message has not been signed at all, the Details button of
 course is not present and the other two ways still provide a range
 of options.

Here there is a difference in behavior depending on how one arrives at the
unsigned message and, I think, whether the unsigned message contains a quote
from a signed email.  Four cases :

1.  If I pass from an unsigned to another unsigned message, all the
enigmail/sender's key/options are greyed out.  This includes from the
thunderbird menu bar and from the menu bar icon.

2.  If I pass from a signed message to an unsigned one which does NOT contain
any quote from a signed message, likewise, all options are greyed out.

3.  However, if I pass from a signed message containing a quote from the
unsigned message (ie a reply to the unsigned message) to that unsigned one, the
menu bar options offer 3 clickable options (View key properties, sign key, set
owner trust) that relate to the previously opened signed message.

4.  Likewise, if I pass from a signed message to an unsigned one which contains
a quote from the signed message, I get the same three offers.

If you have retained this complete thread, you can check it out on three of the
last four messages :

-from Patrick Brunschwig 7/03/15 19:07
-from Ian Mann 7/03/15 19:25 (containing a quote from Patrick's mail)
-from Ludwig Hugelschafer 7/03/15 19:57 (containing a quote from Ian Mann)

Pass from Ludwig's mail to Ian's and with Ian's mail open, you can get offers to
see a key which turns out to be Ludwig's key.

Pass from Patrick's mail to Ian's and you get offers which produce Patrick's 
key.

I believe that with Ian's unsigned email open, all sender's key related
options should be greyed out.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] From Circumvention

[Philip Jackson]

On 07/03/15 20:55, Lars Noodén wrote:
 On 07.03.2015 21:45, Rainer Blome wrote:
 ...
 Looking at the headers, the character encoding strikes me as a
 potential leak, as some values, such as charset=windows-1252,
 hint at the probable OS used.
 
 Either Thunderbird or Enigmail often set my replies to windows-1252
 instead of normal UTF-8 despite using GNU/Linux.  I'm not sure which
 component is responsible and cannot trigger it on demand though.
 

I've checked a load of my outgoing emails, originals which were not replying to
another message.  Most of the unsigned and signed but not encrypted messages
show charset=windows-1252 -- but I'm on linux.

Some unsigned and some signed, not encrypted, messages show UTF-8 and I can't
immediately see any reason for the difference.  On one occasion, of 4
consecutive unsigned emails to the same person, three were 1252 and one was 
utf-8.

Since this affects signed and unsigned mails, it is unlikely to be an enigmail
effect.
Philip

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] From Circumvention

[Philip Jackson]

On 03/03/15 15:44, Robert J. Hansen wrote:
  Really easy:
 
   1.  The Help button beside Convenient encryption settings is
   sometimes unresponsive.  I saw this bug with my own two eyes
   (thanks, Dmitri!) and can confirm it.


While we are talking about this 'help' button, I'll add a comment.

In my system : Ubuntu1404, Thunderbird 31.4.0 and enigmanil 1.8b1 :

clicking this button opens the help dialogue in the background perfectly aligned
with the preferences dialogue.  Fortunately the help dialog is a little taller
otherwise you'd never know it had opened.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Enigmail v1.8 Beta 1

[Philip Jackson]

On 26/02/15 18:36, Patrick Brunschwig wrote:
 
 I would appreciate to get as many bugs reported as possible such that
 we will have a stable release.
 
 The package (XPI) is available from
 https://www.enigmail.net/download/beta/enigmail-1.8b1-tb+sm.xpi
 

installed fine - seems good
Philip




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] missing import button

[Philip Jackson]

On 11/02/15 13:14, Patrick Brunschwig wrote:
 On 10.02.15 23:51, Philip Jackson wrote:
 Running Enigmail version 1.8a1pre (20150202-0013) with Thunderbird
 31.4.0 and linux
 
 Incoming message causes yellow enigmail header to appear (Part of
 the message signed with unknown key; click on the 'Import Key'
 button to download the key)
 
 Trouble is that there is no Import Key button displayed.  I have
 seen this button on several previous occasions (next to the Details
 button) but not on this message.  Which is from someone for whom I
 already have a key but not apparently the correct key.
 
 The 'Details/enigmail security info' button provides no useful info
 :
 
 Part of the message signed Unverified signature  (no key id)
 
 Double clicking on his detached signature file gives a dialogue box
 with his key identity.  Attempting to import this key manually with
 Key Manager brought two times a failure with success the third
 time.
 
 My guess is that this person has added an ECC subkey to his key and
 the pool only hit on a key server, third time, which could handle
 this.
 
 In this case, it looks like an occasion when enigmail does not
 supply a useful response to the situation - no import button, poor
 security info.
 
 If the message is not encrypted, could you forward it to me?
 Alternatively, please send me a debug log file (now available via
 Enigmail  Debugging Options  View Log File)
 

Copy of the email concerned forwarded to you @enigmail.net together with the
logfile,

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] missing import button

[Philip Jackson]

Running Enigmail version 1.8a1pre (20150202-0013) with Thunderbird 31.4.0 and 
linux

Incoming message causes yellow enigmail header to appear (Part of the message
signed with unknown key; click on the 'Import Key' button to download the key)

Trouble is that there is no Import Key button displayed.  I have seen this
button on several previous occasions (next to the Details button) but not on
this message.  Which is from someone for whom I already have a key but not
apparently the correct key.

The 'Details/enigmail security info' button provides no useful info :

Part of the message signed Unverified signature  (no key id)

Double clicking on his detached signature file gives a dialogue box with his key
identity.  Attempting to import this key manually with Key Manager brought two
times a failure with success the third time.

My guess is that this person has added an ECC subkey to his key and the pool
only hit on a key server, third time, which could handle this.

In this case, it looks like an occasion when enigmail does not supply a useful
response to the situation - no import button, poor security info.

Philip





signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Medium Term Plan for Dropping GnuPG 1.4.x Support

[Philip Jackson]

On 05/02/15 21:02, Doug Barton wrote:
 From my perspective, until the majority of OS' that ship GnuPG are shipping 
 2.x
 by default, removing 1.x support is premature. I should add that I'm using 
 that
 transition as a bellwether of sorts, as I *think* that seeing this transition
 will also indicate that the majority of end users have switched, and are
 comfortable with the ways that GnuPG 2 is different.

I used Gpg4win very successfully on Windows7, 64 bit for quite some time and
became 'addicted' to Kleopatra.  So when I changed from Windows to Ubuntu last
year, I was disappointed to find that the distro 'only' had Gnupg 1.4.16 running
as standard.  Gnupg 2.0.22 was available as a package so I installed it, hoping
to regain use of Kleopatra amongst other things.

Unfortunately, I couldn't get the Ubuntu package of 2.0.22 to work for reasons
that I did not understand and was glad that I had 1.4.16 to fall back on for
emails etc during the time it took me to learn how to build my own from source
which I eventually did with gnupg 2.0.26.  It worked fine.  (Unfortunately, I
did not find Kleopatra as good as I had remembered with Windows.)

 I get the party line that we encourage people to use the packaged version, 
 which
 will fix the dependency problem, etc. etc. But we've benefited from a
 significant decrease in support problems ever since the machine-dependent code
 was removed from Enigmail, and You must use the packaged version! became 
 untrue.

As noted above, I had no success with the packaged 2.0.22.  I never used the
packaged version of enigmail although Thunderbird is the distro packaged
version.  I have not yet had a problem with enigmail's releases and nightlies
downloaded directly from the enigmail website.

 What you're proposing will create a whole new set of support problems, 
 starting
 with the return of You must use the packaged version! on Linux, and similar
 platforms. Add to that the whole new set of support problems that you're going
 to create by dragging your happy GnuPG 1.x using userbase kicking and 
 screaming
 into using 2.x

It seems that eventually, we shall have to move to gnupg 2.1 which cannot
co-exist with 2.0.  If support for gnupg 1.x is abandoned in enigmail, what will
we have to fall back on for email encryption and signing when the new
installations of 2.1 fail to work out-of-the-box ?

Philip




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] PhotoID not shown on windows

[Philip Jackson]

On 28/01/15 19:46, Ludwig Hügelschäfer wrote:
 On 28.01.15 19:11, Patrick Brunschwig wrote:
 
 Why can you not see the photo ID on Windows? Is the View OpenPGP
 photo ID menu no active for your key, or is there no visible
 reaction from Enigmail when you try to view the photo?
 
 The View OpenPGP photo ID is active. On Mac OS X the jpg is
 displayed fine, using the latest nightly.
 
 The jpg image is quite large, 21474 bytes. Don't know if that makes it
 unusable on windows or if there is anything special inside.
 
 Ludwig

I can see the Photo ID for Pascal on Ubuntu with enigmail version 1.8a1pre
(20150102-0013) on Thunderbird 31.4 and gnupg2.0.26

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] documentation in french ?

[Philip Jackson]

From another thread, I see that some documentation has been brought up to date :

https://www.enigmail.net/documentation/userprefs.php

I introduced a French friend to enigmail this weekend.  He had thunderbird in
French and the enigmail add0n installed itself in French, much to my delight.

But when I look at the website, I can only find documentation in English.  I see
a reference to language packs but it doesn't lead to other language
documentation on the web.

Is all the available documentation included in the localised downloads of 
enigmail ?

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] BCC issues 1.7.2

[Philip Jackson]

On 06/01/15 20:14, Ludwig Hügelschäfer wrote:
 On 06.01.15 19:23, Daniel Kahn Gillmor wrote:
 
 (...)
 I think the right thing to do is to treat Bcc: recipients the same as
 the To: or Cc: recipients, whether that's with convenient settings or
 per-address rules.
 
 I believe this is a closer match to most users' expectations of what
 should happen.
 
 ACK. And keeping it like the present implementation will produce user
 errors, user questions and documentation needs. This can be easily avoided.

I'd agree with this approach.  I never have need of BCC's but there are lots of
scenarios in business / politics where a user might wish to keep recipients
unaware of each other's existence.

At present, a user's 'careless' click when writing an email could cause him some
embarrassment.
Philip





signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Updating 'Enigmail Configuration Manual'.

[Philip Jackson]

On 31/12/14 10:54, Hans Deragon wrote:

 Also, I cannot find the corresponding UI for
 'user_pref(extensions.enigmail.noPassphrase,false);'.  Is there
 such an option still available from the UI?
 
 Using Enigmail 1.7.2.

In Thunderbird, go to the Preferences dialog : Advanced / General tab and click
on 'Config Editor'

When the config editor opens, type in the search box 'extensions.enigmail' to
see the full listing of enigmail user preferences.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] photo id not working

[Philip Jackson]

Using Thunderbird 31.3.0 with linux UbuntuStudio 1404 and enigmail version
1.8a1pre (20141208-0013) :

the 'photo id' buttons do not work in this version.  For those keys where I know
there is a photo image included, asking key manager or other links to display
the photo id results in 'nothing'.  Not even an error message.

I know I'm using a nightly build - but report this just for interest.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] Unverified signatures

[Philip Jackson]

Using linux, Thunderbird 31.3.0, enigmail 1.8a1pre (of 2014-12-08)

I'm getting increasing numbers of emails where an enigmail alert warns that
there is an Unverified signature, Untrusted good signature from email
address  - no mention of the key id.

When I check in the Key Manager, I find that I have one or more public keys for
that person/email address.  A closer look at each key shows they have subkeys of
algorithm  keyAlgorithm_18 and/or keyAlgorithm_22.   These I take it, are ECC
types and require gnupg 2.1

One email with Unverifed signature, Untrusted good signature, signed and not
encrypted,  which I have at hand right now, has a subkey keyAlgorithm_18 for
encryption, and a DSA 2048 for signing.  Shouldn't enigmail be able to verify a
signature made with a DSA 2048 sub-key?

Is now the time to upgrade from gnupg2 2.0.26 to 2.1 ?

Can enigmail handle ECC keys if gnupg 2.1 is installed ?

Philip




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Unverified signatures

[Philip Jackson]

On 08/12/14 18:28, Patrick Brunschwig wrote:
 On 08.12.14 18:15, Philip Jackson wrote:
 Using linux, Thunderbird 31.3.0, enigmail 1.8a1pre (of 2014-12-08)
 
 I'm getting increasing numbers of emails where an enigmail alert
 warns that there is an Unverified signature, Untrusted good
 signature from email address  - no mention of the key id.
 
 When I check in the Key Manager, I find that I have one or more
 public keys for that person/email address.  A closer look at each
 key shows they have subkeys of algorithm  keyAlgorithm_18 and/or
 keyAlgorithm_22.   These I take it, are ECC types and require gnupg
 2.1
 
 One email with Unverifed signature, Untrusted good signature,
 signed and not encrypted,  which I have at hand right now, has a
 subkey keyAlgorithm_18 for encryption, and a DSA 2048 for signing.
 Shouldn't enigmail be able to verify a signature made with a DSA
 2048 sub-key?
 
 Is now the time to upgrade from gnupg2 2.0.26 to 2.1 ?
 
 Not necessarily. Can you send me a debug log file? I'd like to see the
 status messages generated by GnuPG.
 
 -Patrick

Sent to you at enigmail.net

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] inconsistent display of updated information in key management window

[Philip Jackson]

using Thunderbird 31.2.0 - enigmail 1.7.2 in UbuntuStudio 1404

1. When setting owner trust and when signing a key via the 'Key Properties'
window, the 'Key Management' window does not update its display.

In the case of owner trust, the key management window entry can be made to
update by  edit/'set owner trust'/ok (without changing anything)  but in the
case of signing a key, the only way to get the key management window to update
is to close and restart Thunderbird.

2. When setting owner trust and signing a key via the edit entries in the key
management window, the key management entries update straight away.

3. When clicking 'decrypt' for an incoming email for which the key is NOT
already in the keyring, the key gets imported but 'sometimes' is not visible in
key manager unless Thunderbird is restarted.

Checking independently with GPA, shows that the missing key has in fact been
successfully imported and the correct message is displayed by enigmail in
enigmail security info - it is just the key manager display which is not always
updated  (just sometimes).

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] no enigmail header or message with an email

[Philip Jackson]

Today one of the messages received clearly was a gpg signed message.  After
clicking the 'decrypt' button, the gpg text block and ancillary stuff
disappeared and just the message body remained.

Enigmail did not produce any enigmail header nor any judgment on the quality of
the signature.  And therefore, no 'options' button.

A check in enigmail's key management showed the key was present.

I repeated the efforts a couple of times, or so, but nothing changed.

A look in the debug log showed the key had been imported ok by gpg but was
judged by gpg to be BAD signature from 

I find it curious that enigmail seems to ignore everything about this email.  I
have kept the debug file - if you want it.

Philip




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] expanding Thunderbird's header causes enigmail's verification to be canceled

[Philip Jackson]

T'bird 31.0, enigmail 1.7.2, ubuntustudio 1404 :

I don't have the 'automatically decrypt / verify messages' option set - my 
choice.

When I see the mention [Enigmail] appear in the Thunderbird header together with
the PGP Signature ascii text below the message, I click the 'Decrypt' button and
enigmail does its stuff.  The enigmail coloured header is displayed about the
quality of the signature.

If I then expand the Thunderbird header (as I tend to do nowadays to check for
the presence of an OpenPGP header), the enigmail verification header disappears
and the PGP Signature ascii text reappears below the message.

I have to click the Decrypt button a second time if I want to check anything in
the enigmail info.

Is this considered normal behaviour ?

It does not happen in the case of an encrypted message - once decrypted it stays
decrypted despite any activity with the thunderbird header.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] OpenPGP headers and lack of visibility in incoming mails.

[Philip Jackson]

On 04/09/14 08:30, Patrick Brunschwig wrote:
 Displaying headers is configurable in Thunderbird via the option
 mailnews.headers.extraExpandedHeaders. See
 http://kb.mozillazine.org/Custom_headers for details.

Thanks for that, Patrick.  I now have the OpenPGP displayed by Thunderbird
provided :

1.  I select Thunderbird View/headers/normal
2.  I have the headers expanded at the top of each message - which eats up 
a bit
of real estate (in my case 4 lines :From, Subject, To, OpenPGP)

The article also has a paragraph dedicated to Enigmail which says that enigmails
sets certain parameters in the config.  I checked the specific ones mentioned
and found the article not to be correct.  Probably outdated info ?

I tried changing the mail.show_headers to 2 but that just switches me to
displaying 'all' headers so I went back to 1 = normal so that OpenPGP would
display near the top with as small a footprint as possible.

extensions.enigmail.show_headers doesn't appear to exist so is not in use. Is
this a header that could be used to further customise the display ?

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] 'help' sometimes in background

[Philip Jackson]

On my pc using ubuntustudio 1404, Thunderbird 31 and enigmail 1.7.2 there is a
display of enigmail help panel in the background in some circumstances.

From main Thunderbird's main window :

1. Using menu bar/Enigmail/Preferences/sending tab - Help button produces help
box in the background (75% hidden by the preferences dialog box)

2. Using Account settings/OpenPGP Security and enigmail preferences button : the
sending tab's help window displays in the foreground.


From the Thunderbird 'write' window :

3. from the menu bar/Enigmail/preferences/Signing-encrypting options : this
displays 'account settings' info and the enigmail preferences button/sending tab
help displays correctly in the foreground.

4. from the menu bar/Enigmail/preferences/send options : this produces the
enigmail preferences box and from the sending tab, the help displays in the
background - hidden mostly behind the preferences box.

5. from the menu bar/Enigmail/preferences/key selection options : this produces
the enigmail preferences box and from the sending tab, the help displays in the
background - hidden mostly behind the preferences box.

6. from the menu bar, using Account settings/OpenPGP Security and enigmail
preferences button : the sending tab's help window displays in the foreground.

In summary, when you access help via Thunderbird's Account settings, it displays
in foreground (2, 3  6 above).  When passing directly via enigmail preferences,
it displays in background (1, 4  5 above).

On my installation this is 100% repeatable.  How is it in Windows ?

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] no error message when key cannot be found

[Philip Jackson]

On 04/09/14 17:47, Patrick Brunschwig wrote:
 On 04.09.14 17:31, Philip Jackson wrote:
 I'm reflecting on how to describe an RFE about OpenPGP headers.
 
 I have tested one case where gnupg is not going to collect a key
 (gpg.conf keyserver setting removed) AND enigmail's keyserver
 preference is set for automatic download, the key for decrypting an
 email is NOT on my keyring AND the public key is NOT on a
 keyserver.
 
 When I try to open the mail, there is a delay of several seconds
 before the decrypted text is displayed.  During that time, I
 imagine, enigmail was attempting to download the key with no
 success.
 
 
 Enigmail does not attempt to automatically download keys. If you
 enable the option in Thunderbird, Enigmail passes the corresponding
 parameters to GnuPG. I.e. GnuPG will try to download the key - exactly
 as if you configured this in gpg.conf.
 
 But no specific error message was displayed at this point.
 
()
 But I think that error message should have appeared earlier when
 the automatic key search was completed.
 
 I think my comment above explains why Enigmail does not display or
 care in any way.
 
Sorry - my mistake.  I thought enigmail was more 'caring' than that.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] failed signature verification

[Philip Jackson]

A recent post on the mailing list shows the pink(ish) enigmail header
'Error-signature verification failed '

Clicking Details/security info shows that Public Key  is needed
to verify the signature.

gpg.conf should automatically download missing keys for me, so I looked in Key
Manager for the senders name.  I have his public key 0x which has enc,
sign, cert and authenticate and it is valid.

Also shown in the key properties is a subkey 0x with encrypt, sign and
authentication and this is valid.

This subkey is clearly the 'Public Key ' that the enigmail
security info says I need.

Why doesn't enigmail use the subkey to verify the signature ?

Philip





signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] failed signature verification

[Philip Jackson]

On 01/09/14 21:01, Ludwig Hügelschäfer wrote:
 It does use this key. If the key wasn't in your keyring you would get
 the yellow ribbon. In your case you would not run into this except
 autoretrieve would fail.
 
 In fact, the message text is wrong and misleading. It should state
 what is really done: Public Key  was __used__ to
 verify the signature. I'll file a bug and prepare a patch.

So enigmail lied to me ?  OK fair enough, you say that enigmail did use the key.

This is also another case where under the Details button, the View Key
Properties doesn't work.

Even after several restarts of Thunderbird, I have to open Key Management
independently and search under the name of the sender.

Philip




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] [ANN] Enigmail v1.7.2 Available

[Philip Jackson]

On 29/08/14 22:09, Alexander Buchner wrote:
 What I just now tested:
 
 1
 
 - Tab sending:
   Turn on convenience mode
 - Tab Key selection:
   Turn on the first three items
   (all except always manually)
 
 Result: When sending mail to person who doesn't use encryption --
 Dialog Enigmail Key Selection pops up.

Not for me

 
 2
 - Tab sending:
   Turn on convenience mode
 - Tab Key selection:
   Turn on the first two items
 
 Result: When sending mail to person who doesn't use encryption --
 Dialog Enigmail Key Selection pops up.

Not for me

 
 Can somebody else confirm this with 1.7.2 or am I the only one with
 problems here?

When trying your 2 cases and using Thunderbird 31 with enigmail 1.7.2, I just
get a request for passphrase because normally I have all emails signed.  If I
force non-signing for emails sent out according to your 2 cases, then the emails
just go with no dialog at all.

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] strange logic re keys information

[Philip Jackson]

On 28/08/14 21:21, Ludwig Hügelschäfer wrote:
 Ludwig,
  
  I've not seen any further events of this type since I changed to
  the nightly build (above) but the difficulty is that most of the
  people writing on the lists are the same and I already have their
  keys.
 To test again, you could delete their keys from your keyring, so
 reselecting their messages later or the day after
 

Sorry, I forgot to say but I did try that.  I found that if a key is deleted,
and the message is selected, the enigmail header is still displayed as for
example  untrusted good signature from  but the Details/View key
properties does NOT bring up the key details.

You can select other mails and come back to the one whose key was deleted and
the View key properties still does NOT work.

However, if you close Thunderbird and restart and then select the email, gpg
collects the key and Details/View Key properties works fine.

Deleting a key makes this test somewhat artificial and I'm not sure if you would
expect enigmail to display key properties without restarting Thunderbird.  It
would perhaps be nice if it did so but I think the restarting Thunderbird case
is perhaps more representative.

What do you think ?

Philip



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] strange logic re keys information

[Philip Jackson]

On 24/08/14 17:03, Philip Jackson wrote:
 On 24/08/14 16:34, Ludwig Hügelschäfer wrote:
 On 17.08.14 15:06, Ludwig Hügelschäfer wrote:
 JFTR: I have opened ticket 310 
 (https://sourceforge.net/p/enigmail/bugs/310/) for this issue.
 ..

 I cannot reproduce this any more. Even high stress on gpg in the
 background (like on my first sight importing keys did trigger
 check-trustdb) did not cause Enigmail to fail again.

 Philip, would you mind trying to install a nightly version of Enigmail
 (https://www.enigmail.net/download/nightly.php) and see if it happens
 to you again?

 I have left the bug open, but did set importance to minor.

 
 I've just installed latest nightly build -
 
 build date: 2014-08-24, version: 1.8a1pre, git rev: 
 e4b0addf0919594fbd4706425c6f54bfe0bbfe4d
 
 We'll see how it goes - and if I get another example I'll let you know.

Ludwig,

I've not seen any further events of this type since I changed to the nightly
build (above) but the difficulty is that most of the people writing on the lists
are the same and I already have their keys.

However, today, I had an instance where there was no enigmail header but the
email contained the typical text of gpg signature at the end.  Before my eyes, I
saw appear the untrusted good signature header and when I clicked on
Details/View key properties, there were all the normal infos.

I checked in the debug log and saw that gpg had been to the keyservers to
collect a missing key for this email.  I still don't use enigmail's
preferences/keyserver option to collect missing keys but I do use gpg.conf.

Clearly in this case, the key was collected by gpg and the updated keyring was
re-read by enigmail before displaying the enigmail header.

So it is beginning to look like the problem does not exist now.

Philip



0x23543A63.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] strange logic re keys information

[Philip Jackson]

On 24/08/14 16:34, Ludwig Hügelschäfer wrote:
 On 17.08.14 15:06, Ludwig Hügelschäfer wrote:
 JFTR: I have opened ticket 310 
 (https://sourceforge.net/p/enigmail/bugs/310/) for this issue.
..
 
 I cannot reproduce this any more. Even high stress on gpg in the
 background (like on my first sight importing keys did trigger
 check-trustdb) did not cause Enigmail to fail again.
 
 Philip, would you mind trying to install a nightly version of Enigmail
 (https://www.enigmail.net/download/nightly.php) and see if it happens
 to you again?
 
 I have left the bug open, but did set importance to minor.
 

I've just installed latest nightly build -

 build date: 2014-08-24, version: 1.8a1pre, git rev: 
 e4b0addf0919594fbd4706425c6f54bfe0bbfe4d

We'll see how it goes - and if I get another example I'll let you know.

Philip


0x23543A63.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] strange logic re keys information

[Philip Jackson]

In enigmail 1.7 and Thunderbird 31.0 :

I received a message showing the enigmail blue header 'Part of the message
signed, click on Details .'
Details showed the security info option and also options to :

View Key Properties
Sign Sender's key
Set owner's trust ...

I tried the 'View Key properties' and nothing happened, not even an error
message.  I then opened enigmail's key management and sure enough, I didn't have
the sender's key on my keyring.

But, this is the strange part for me, I tried the 'sign sender's key' and 'set
owner's trust' and they both seemed as though they were going to work - they
opened up the appropriate dialog boxes.  I didn't continue .. it seemed wrong to
sign a key that one does not have.

Enigmail offered no option connected to the email concerned to import the
missing key.   I know I could have done so from key manager.

When I checked the enigmail preferences, keyserver tab, I did not have any
keyserver address noted in the automatic download field.  When I put a keyserver
address there, and restarted thunderbird, the 'View key properties' option
worked correctly - the key had been downloaded.

It seems to me that it would be more logical, where the keyserver is not
nominated in 'preferences', and the key is not on the keyring, to do the 
following :

1. not to offer the 'view key properties' option - to gray it out.
2. to gray out both the signing option and the trust setting option
3. to provide an option to import the key.

or alternatively :

1. when 'view key properties' fails to find the key, offer an error message
saying that the key is not present in the keyring and providing an option to
import it
2. to gray out both the signing option and the trust setting option until such
time as the key exists in the keyring.


0x23543A63.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] strange logic re keys information

[Philip Jackson]

On 13/08/14 19:59, Ludwig Hügelschäfer wrote:
 On 13.08.14 11:49, Philip Jackson wrote:
 [No display of signing key]
 
 Your whole description reads as if Enigmail respectively the
 underlying gnupg thinks, it has the key, but for some unknown reason
 can't display it.
 
Yes it seems to have thought it had the key but it did not.

 The expected behaviour for Enigmail is to display a _yellow_ ribbon
 when the signing key is not locally available and offer to download
 it, not to examine/sign/etc.
 
 Did some other application - even in the background - try to access
 your gnupg keyring at that time?
 
The only other applications running were Firefox and keepassX (which I use to
auto-type passphrase for pinentry)

 Could you please try to open/view the same mail again and try to
 reproduce this behaviour? If yes, please enable logging within
 Enigmail and send us the debug log. Instructions on how to do this can
 be found here: https://www.enigmail.net/support/bugs.php (lower half).
 
Sorry - that mail has gone.  I thought the debug log would be there because I
had defined a logging directory some time ago.  However, I made a mistake and
entered the directory as '~/philip/enigmail' and the logfile did not get
created. (I forgot to check at the time.)   I have now defined the log directory
as '/home/philip/enigmail' and the logfile has been created (I just checked)

 If it's not reproducible, please watch out for further occurences and
 try to note the circumstances and report here.

Will do !

Philip


0x23543A63.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.

[Philip Jackson]

On 06/08/14 16:24, Robert J. Hansen wrote:
 
 I do not get your point here. My proposal is to operate the keyring
 from a USB stick. What is the difference with operating it from a
 smart card?
 
 Exactly what I said.  USB is completely broken as far as security goes.
  A USB device cannot be made secure.  Thumb drives are malware vectors
 par excellence, and with some of the recent attacks which work by
 exploiting the firmware things get even nastier and harder to defend
 against.  If you're concerned about a remote attacker exploiting your
 system from afar, you should also be concerned about a remote attacker
 rooting your box and exploiting the hell out of your USB stack.
 
 Smart cards work by storing the key in a method where it cannot be read
 by the host computer.  Once a key is moved to the smart card, it ceases
 to exist as anything other than a black box.  Data can be sent to the
 smart card to be decrypted or signed, but the host computer has
 literally no access to the cryptographic key stored on the smart card.
 
 In a USB model, an attacker who can compromise your box can easily
 acquire your private key: wait for you to plug in the USB dongle and
 make a covert copy of your keyring.  In a smartcard model, an attacker
 can't easily acquire your private key.

Does the recent news about vulnerability of usb devices to attacks such as
described in 'badusb' [*] mean that the usb reader into which the gnupg smart
card is inserted is also vulnerable to exploits ?

If not, what is the essential difference that would make a usb memory stick
compromisable but not the usb smart card reader ?

[*] /srlabs.de/badusb/


0x23543A63.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] fingerprints primary versus sub?

[Philip Jackson]

On 18/07/14 19:32, digg...@openmailbox.org wrote:
 On 2014-07-16 20:39, Ludwig Hügelschäfer wrote:
 You certainly have the directive fingerprint or with-fingerprint in
 your gpg.conf
 
 Yes, that is it. with-fingerprint
 
 This behaviour has been corrected in Enigmail 1.7.
 
 Any idea how long it will take to make it into thunderbird add-ons?
 
I shouldn't wait for that.  Just go to the enigmail website and download 1.7 and
save it in your downloads directory.

Then go to Thunderbird/tools/add-ons

Click on the small drop down list next to the search bar at the top of the
add-ons manager.

click on 'install add-0n from file' and take it from there.

It really is simple and only takes a couple of seconds (plus the time to close
and reopen thunderbird.).

Regards,
Philip


0x23543A63.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] last chance to beta test the upcoming version 1.7

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/07/14 21:57, Nicolai Josuttis (enigmail) wrote:
 All you have to do to test this version is:
 - DOWNLOAD the file enigmail-nightly-all.xpi 
 https://www.enigmail.net/download/nightly/enigmail-nightly-all.xpi into
 a local file (don't load it directly into your firefox browser) - In
 Thunderbird choose Extras - Add-Ons-Manager and select the configure
 icon on the upper right - install Add-On from file and select the
 stored file - press install now - restart thunderbird

1.   One thing that does not work on my system (UbuntuStudio 14.04, TBird 24.6)

When I click on 'Details' at the right hand side of the enigmail header on
received mails, the drop down list always has one item greyed out :

'View OpenPGP Photo ID' - even for those keys where I know a photoid exists.

The photo id can still be viewed using 'View Key Properties'

This has been consistently the case for me since I moved to linux and inludes
enigmail 1.6.0 and various nightly builds.   So I am not sure if this problem
is real for enigmail or is somehow happening in my linux system.

2.  Earlier on this list, there was discussion (about translations) about
keyservers to be listed in enigmail's preferences/keyserver tab.   Someone
said that the ldap option was no longer functional and that they knew of no
public ldap keyserver.

Should this option be removed ?

Regards,

Philip
-BEGIN PGP SIGNATURE-

iQEcBAEBAgAGBQJTuom+AAoJECa9UAojVDpjk4YH/AlvB8lFdrmFiXFnqFIkN91h
sCNLq22rGBqYaNzaw+Eu3vaq01zvP0WXxM9g8VUV/Z/AxEdPZMoPhOeP2uYnG41Y
0529/funonm5dKZfVCo1ytfTBPde+HdKYtgPPhHj3+5s+jlHo45Fq8J/BqjLhcPo
/MKhYjWw+A5TY6YF/uYGdmg1h0eHkN1khmeUdArb6C0uaBbBByddmPK9wUVZfLQR
vc1OVNQnwGywzji9jk5B0ZdAJLrpn6fZLjYVIjU1xVt4QEa0r0CV57oRTAcC8UjK
IfeY5JFy0HfDTX6+7FbT2Ffzfetibp4QO4HWrLTEEap77ygRV/43CRUx2IDtTJA=
=KgUV
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Ubuntu uses old enigmail-Version

[Philip Jackson]

On 04/07/14 15:19, Alexander Buchner wrote:
 Am 03.07.2014 14:18 schrieb Philip Jackson:
 It is actually quite easy to download and install the latest version of
 enigmail or even a nightly build.

 Download the version you want from Enigmail's website and then go to
 Thunderbird : Tools/Add-ons.  In the add-on manager, click the small down
 arrow just to the left of the search box and select 'install add-on from 
 file'.

 Regards,
 Philip
 
 Do I get updates (automatically) if I install form an .xpi-file or do I have 
 to
 install every version by hand?

You'll have to continue updating by hand whenever you wish.

I don't know but I presume that a subsequent 'official' update from Ubuntu would
have the risk of taking you backwards to an earlier version of enigmail than the
one you could be using if you manually take the latest from enigmail's website.

Every time I'm offered a load of updates from Ubuntu, I try to watch for
anything that will affect Thunderbird or enigmail and since Ubuntu's offering of
Gnupg2 broke the gpg aspects of Thunderbird/enigmail on my machine, I'm watching
for updates on that front too.

I'm a little unhappy about relying on Ubuntu versions of Thunderbird, Firefox
and enigmail.  It takes us one step further from being able to check integrity.
 But for the moment, to do otherwise is beyond my pay grade.

Philip



0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Posting style and peculiarities of inline-PGP

[Philip Jackson]

On 05/07/14 19:17, Ludwig Hügelschäfer wrote:
 On 05.07.14 18:22, Philip Jackson wrote:
 This is weird - I received this email and Thunderbird showed it as
 coming from Onno Ekker.   I clicked on the Details button to view
 key properties and find I'm looking at Patrick Brunschwig's cert
 (which does check with the cert ref shown in the header).
 
 And reading the email shows that indeed it comes from Patrick.
 
 Expanding Thunderbird's headers shows clearly that the sender is
 Onno.
 
 So Patrick is sending out his signed mails under Onno's identity.
 
 No. Onno sent a followup to Patricks message, writing only a few lines
 on the top of his message. The rest consists of a full quote of
 Patricks message. This message was signed inline and thus, Patricks
 signature was also included in the full quote. Enigmail *will* try to
 decode signatures in the first quote level and succeeded this time. It
 also displays the borders of what was signed. Did you see them?

Thanks, Ludwig, for that explanation.  I was mistaken in thinking it came from
Patrick.  I can now see the borders.  Clearly emails need examining and I should
not only read the text but read between the lines as well.

Sorry for that.

Philip


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Ubuntu uses old enigmail-Version

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 03/07/14 10:50, Alexander Buchner wrote:
 Hi,
 
 if some people on this list use enigmail with Ubuntu, I would kindly ask
 them to support the following wish (bug report) for Ubuntu to update the
 package to a recent version: 
 https://bugs.launchpad.net/ubuntu/+source/enigmail/+bug/1296699
 
 There is already a debian package for version 1.6, so I thought it would
 be easier to convince people to update the package in Ubuntu too.
 
 Regards Alexander

It is actually quite easy to download and install the latest version of
enigmail or even a nightly build.

Download the version you want from Enigmail's website and then go to
Thunderbird : Tools/Add-ons.  In the add-on manager, click the small down
arrow just to the left of the search box and select 'install add-on from file'.

Regards,
Philip
-BEGIN PGP SIGNATURE-

iQEcBAEBAgAGBQJTtUoOAAoJECa9UAojVDpjSIsH/j1B+gjLybHPA+fWfzRjFGKi
myz2t8lvwyFHJ+qZJoVU2qADDkxoICE15ZINN99nQZoo/pqtvvypscGOlVQ26/vE
65oj3QHPYUMlL7HsEh86EXyj0xJwD23FvslYbTxHN+mMrG0pviZSaEqPhVyuYqa0
dAWjSEQV+w7eSk7lqzwAkWF1/shc2STiyM4cgXoNqyrbN8zbDbrlp52TMYugmt7j
yVNTQxQjIRYQ7yhSD44inrruV+1TLFxkVLo9llQ41p5tpxhvaPbm5blLMywpgGJu
FLtOlcTc3w2iorEu8LqtVOYpmNodNNYE2Xy700mSi0H7KMdVTa0Ocx96GBxl3vg=
=z4mI
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] 15 June nightly build

[Philip Jackson]

Hi Daniel :

On 16/06/14 23:59, Daniel Kahn Gillmor wrote:
 Hi Philip--
 
 over on enigmail-users,
 On 06/16/2014 09:58 AM, Philip Jackson wrote:
 me@me-desktop:~$ gpg --sign test-message

 You need a passphrase to unlock the secret key for
 user: Philip Jackson philip.jack...@nordnet.fr
 2048-bit RSA key, ID 23543A63, created 2013-01-22
 (here I entered the passphrase)
 gpg: problem with the agent - disabling agent use
 gpg: can't open `test-message': No such file or directory
 gpg: signing failed: file open error

 I tried a couple of times - same both times.
 

I'm green in many ways, Daniel, but I did think to create a 'test-message' file
and in case I had a path problem, I tried it in different sub-directories.

 is there a file named test-message ?  you can find out with:
 
  ls -l test-message
 
 
 If that doesn't exist, you can create a simple text file with example
 in it with:
 
   echo example  test-message
 
 command gpg-agent shows gpg-agent: gpg-agent running and available
 
 are you doing this from within a terminal emulator in a graphical
 environment, or are you doing this entirely from a text-mode virtual
 terminal?

In UbuntuStudio, the terminal icon on the desktop says it's a Terminal Emulator
- Use the command line  These terminals can be opened in multiple ways but each
time it is basically from the graphical environment.

 
 You might do better to debug this problem with gpg over on gnupg-users
 (i've cc'ed them here).  If you want to follow up on that mailing list,
 you'll probably need to subscribe first at:
 
  http://lists.gnupg.org/mailman/listinfo/gnupg-users

Thank you for this link and the suggestion.  I'll get on to it when the day's
affairs are over.

Philip
 
 hth,
 
   --dkg
 


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] new nightly built with several updates

[Philip Jackson]

Hi Nico,

Looks good at first glance.  Time will tell how it performs.


On 15/06/14 09:49, Nicolai Josuttis (enigmail) wrote:

 - In the account specific menu you can now select the
   general defaults for signing/encryption/pgpmime
   - The decision to automatically sign when the
 email is (not) encrypted now is processed FINALLY
 after applying all defaults/rules/manual-settings
 It therefore has new labels.

I find this explanation a little difficult to understand but what I take from
what you have written is the following :

In the account specific settings of Thunderbird, in the OpenPGP Options, if I
select (tick) the check box 'Automatically sign finally non-encrypted messages'
this action will be applied as an final (ultimate) action after all other
defaults/rules/manual settings have been applied.

So if all other actions work to declare that a particular email should not be
signed, then this option will ensure that it is signed anyway.

But an initial test proves that it doesn't work that way.  If in the write
window, I select OpenPGP/Message will be signed/Force not to sign :  then the
message is sent unsigned.

So it seems that I have misunderstood your quoted text above.  Perhaps it is the
use of the word 'finally' that is ambiguous ?

Perhaps we could suggest something more clear if you say what message you
intended to convey.

Best regards,
Philip

ps.  for this message, it should be signed by default.  My initial attempt at
clicking the send button produced an error Bad pass phrase send failed.

I wasn't even invited to enter a passphrase.  So I have disabled signing to get
this message away.  I don't yet understand if this is an effect of the latest
nightly build.


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] 15 June nightly build

[Philip Jackson]

 ps.  for this message, it should be signed by default.  My initial attempt 
 at clicking the send button produced an error Bad pass phrase send 
 failed.
 
 I wasn't even invited to enter a passphrase.  So I have disabled signing
 to get this message away.  I don't yet understand if this is an effect of
 the latest nightly build.

My difficulty in sending a signed email was NOT down to the new nightly build.

I have now switched back to enigmail v1.6 and I have the same problem.  This is
no doubt explained by my transfer of emailing from windows7 to linux in the past
couple of days.

I was happy that everything looked familiar and seemed to behave in same way
under linux but I was apparently kidding myself.  I even used Enigmail's Key
Manager to import my keyrings after failing to get Kleopatra and GPA to do so.
Once imported by Enigmail, they were immediately available under Kleo etc.

I've checked all my settings in Thunderbird, and Thunderbird does find GnuPG in
/usu/bin/gpg.

But when I want to send a signed email, it presents first the OpenPgp
confirmation dialog and when I select OK, it immediately gives the error
message Bad passphrase without having given any opportunity to provide the
passphrase.

Same problem arises if I try to park the email in 'Drafts' - and I wouldn't
have expected to sign the mail before parking it in drafts, anyway.  I had to
dump a part written email because it couldn't be saved as a draft.

There must be something in the operation under linux that I have missed - I am
a very recent linux user so if anyone can point me to the corrections needed,
that would be much appreciated.

Philip


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] still having plain text issue

[Philip Jackson]

In Thunderbird's address book, a right click on a contact name will allow you to
select properties for the person concerned.

At the bottom of the contact tab, there is an option to set preference for Plain
Text or html.

Hope that helps
pnj

On 13/06/14 11:34, Anna F J Morris wrote:
 One of my colleagues uses a mac, and she cannot decrypt html or
 multi-part messages with the gpg mac software. When I asked before the
 consensus seemed to be that unchecking the use pgpmime setting in my
 enigmail should resolve this, however, I have done this and she is still
 unable to decrypt some of my emails as they not going to her as plain
 text. Is there any way to force mails to be plain text to this person?
 
 Kind Regards
 
 Anna
 


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] auto-send-encryption option now available in nightly build of enigmail

[Philip Jackson]

Hi Nico :


On 11/05/2014 15:41, Nicolai Josuttis wrote:
 Currently:
 - Having a yellow background signals you want to encrypt/sign;
   a grey background signals you don't want to encrypt/sign.
   These are buttons you can use to enable your request to encrypt
 - A plus signals then if encryption/signing will happen due to rules
   or auto encryption.
 - A minus signals no encryption/signing.
 - A red icon signals a conflict.

I just downloaded and tried the nightly build of 14 May. I still can't
understand how the + and - signs are supposed to work.

I've tried most combinations possible in the OpenPGP/preferences/sending tab.  I
can see the dynamic changes in the icons at lower right in the status bar of the
write window as I type in recipient's name.  That's pretty quick.

I get the + sign readily enough and I can use the icons to toggle signing and
encryption on/off and this agrees with what is behind the OpenPGP button in the
Composition toolbar.

I have been unable to find any way to get a - sign to show (using addresses for
which I have a 'per recipient rule' and otherwise) despite toggling.

I thought I might provoke a conflict and get a red icon if I tried to force
encryption for a recipient for whom I don't have a key but I didn't.  Maybe
because I cancelled the message too soon?

What specific cases are supposed to give a - sign and/ or a red icon ?

Regards,
Philip





0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] question regarding a new sending preferences layout

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/05/2014 14:00, Nicolai Josuttis wrote:
 Hi,
 
 please look at the attached dialog. You can see a couple of new feature 
 that all should help users to set encryption options.
 
 Without explanation: - Is it self explaining? - Any improveents?
 
 I especiylla wonder about the text of the middle button 'Thorough 
 encryption' Alternative names are: Careful encryption Accurate Encryption 
 Elaborated Encryption (I don't want to have 'Safe encryption' because that 
 raises too many questions). What would you prefer?
 
I haven't seen the interface you mention BUT

I would avoid 'thorough', 'careful', 'accurate' : these three in English will
imply that they are an alternative to 'careless' or 'shoddy'.  Any and all
encryption is expected to be thorough and careful and accurate, and 'safe'.
Any exceptions that might be anticipated would be put down to human error or
(in the case of 'safe') to the greater expertise of an adversary and not to a
deliberate choice on the part of the sender.

 Just as a explanation: - Convenient encryption would select: - accept ALL 
 keys (trust-model always) - auto send encrypted if I have accepted keys - 
 Confirm before sending: never - Thorough encryption would select: - accept 
 only valid keys (WoT model) - never automatically send encrypted (except 
 rules) - Confirm: always
 
I fear that it will be difficult to find a choice of 2 short labels for your
'convenient' and 'thorough' buttons which will be clear and not misleading.
Perhaps the 'convenient' could be labelled 'handy but with risks' and
'thorough' could be labelled 'thoughtful'.

In any case, I fear that a complementary explanation will be required in the
form of a 'help' button to explain to beginners the subtleties of the decision
making process required to chose between the two options.

 Any feedback is welcome.
 
 AND: If you want to try out the new features (except the new buttons 
 convenient/thorough/help) here is a xpi file: 
 https://www.enigmail.net/download/beta/enigmail-1.7a1pre-test2.xpi (thanks 
 to Patrick for providing that).
 
 Either load the xpi file directly into Thunderbird or save it with Firefox 
 and then open it via extras - Add-ons ... and in the tab select the top 
 right cogwheel button and choose the option to install add-on from a 
 file
 
 Best Nico
 
I'll try your xpi file this evening - when I have a little more time.

Philip

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJTZjV2AAoJECa9UAojVDpjoKcH/2zhepFemvyhLIprJ0S3/XAR
Wri77Z/eatCmm96wrYZ9Iwp/+jX+l32XvtonCRE6BISYPQsFgbnS5hGrcxwe6R2P
SJgYDK1ookofMPbPitNw+WTa8sUAgCMHn6xUuwKlfEHH7oOd85GBZcRe9gj91IYw
sccQu633/ZMjoFvxQZzJLL/QZSFphZcw5md3JA5ZgKu+xmGyNUl2wMfKxgFwmf43
yucEMn4GVGgYKOs8BWvbHd2cXv7LH+zj2bMWYkYvceMcnvTER1zp+j1NGNNE1Ksc
g6yw7RzIS9SbcJLjlovMmZyG+rS+kbd8t9LStwuJzgLW4TmKwkTzO1iD84Y7keE=
=yF0e
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] difficulty in getting message sent

[Philip Jackson]

On 27/04/2014 14:14, Kenneth Jones wrote:
 Phase of the moon, perhaps. 

I can go with that !!

 On Apr 27, 2014, at 20:02, Philip Jackson philip.jack...@nordnet.fr wrote:
 
 Is there some other possible explanation for the repeated aborts ?
 
 ___
 enigmail-users mailing list
 enigmail-users@enigmail.net
 https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
 


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] difficulty in getting message sent

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 27/04/2014 16:30, Andreas Hirsch wrote:
 Hi Philip,
 
 quoting Philip Jackson, [2014-04-27 14:02]:
 I prepared a first message to be encrypted to a new recipient whose key I
 had retrieved from a key server.  First attempt to send it resulted in an
 abort :
 
 Send operation aborted.
 
 USERID_HINT  Roger Dodger roger.dod...@xyzxyzxyz.com 
 NEED_PASSPHRASE    1 0 GOOD_PASSPHRASE 
 INV_RECP 0 w...@xx.com
 
 from which I took an understanding that something was wrong with the 
 recipient's email address.   I tried to make sure it was identical to
 what was shown in the Key Manager by careful typing but each time I got
 an abort with the same message.
 
 Finally, I copied and pasted his address from Key Manager into the To:
 field and the message went on its way successfully.
 
 In what other way did you have tried it before?

My first efforts were just to click on 'write' in Thunderbird and to type in
the recipient's name.  When the send aborted with the error message I quoted
above, I rechecked the name and email address and did this several times -
each attempt failing.

Finally, in an attempt to make the name/address identical to that on the
recipient's key, I copied it from the enigmail Key Manager and pasted into the
email.  That worked so I expect Patrick's suggestion that some character, or
all, come from a character set other than our latin set is quite probably the
explanation.

Philip

 Andreas
 
 ___ enigmail-users mailing
 list enigmail-users@enigmail.net 
 https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJTXToLAAoJECa9UAojVDpjUnwH/jNoSzzjY0aRw8gTEI9GPpFe
VwN6l6i7HBkAKMbspBRjbju9kODThsmBgpAlH3KTPOB5PW8RwrTG5gZ3BisBs4NE
RzGcqALOzcHDDMdS8Gu2PgCPQDupEZ4aNiz8zLO80EVhrBhXNH32SiMZx64xCDAo
8xGCwNJOUc4LZvIDipMIGymWjwfomPyzv3UKwrT24L7hgtTWgBH/UJNBgNQwNnf3
fp85zPYnoQBj0/sVv+3V+EaEGnxDfHP97/T8PCRlPW6ke3r5HFuxOZOTbXywbhFn
shqCqG7yTRKq64WTgpqKyoW7ZU8I/kE15IltKUX5WcfGfeKCAGywNvOryQVzgTA=
=N6VS
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] test implementation for auto encryption available in test-branch

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 25/04/2014 22:19, Daniel Kahn Gillmor wrote:
 [skipping a bunch of discussion covered elsewhere in the thread and jumping
 directly to the UI/UX proposals]
 
 On 04/22/2014 05:00 PM, Philip Jackson wrote:
 What about some consideration of the time elapsed since [valid] status
 was conferred ?
 
 Is this the right time limit that a user should be interested in?  what 
 about duration since last use or something like that?  compare the two 
 following scenarios:
 
 i certified Joe's key a year ago and we never exchanged any e-mails (signed
 or otherwise) after that.
 
 i certified Mary's key a year ago and we exchange encrypted/signed e-mails
 every week.
 
 time elapsed since [valid] status conferred is the same in both cases.
 
 I agree that a time limit indication could be useful, but it should 
 probably be time since last observed/used or something like that. that's
 a little trickier to count, unfortunately, and i'm not sure if the extra UI
 complexity is worth the tradeoff.  but it's certainly worth considering.
 
I think you're probably right.  I certainly follow your reasoning in the
scenarios above.  My worry is that auto-encryption may lead to blindness to
these 'validity' issues on the part of some users.  In the implementation,
some warning should be given to induce a measure of paranoia in the user, to
cause him to reflect and perhaps recheck.


 * if the user manually chooses to encrypt the message when some users
 are not [valid, then the non-[valid] icons should be highlighted or
 made bigger or flash or blink or something to draw attention to them.
 
 With a help message when the cursor is hovered over the icon.
 
 yes, that would be great.
 
 and perhaps if the time since {valid] status was conferred is greater
 than some specified interval, something like this -- it is x months
 since you accepted this key/userid as valid, are you sure you still want
 to use it or would you like to re-check?
 
 if the user said i'd like to re-check, what do you think enigmail should
 do?
 
If the user is caused to pause and to re-check, then ideally the mail should
not be sent.   There is then the possibility to give the sender some options :

- - destroy the mail
- - park the mail in plain text in the Thunderbird 'drafts' box while awaiting
further instructions (supposing the computer is considered to be safe from
intruders)
- - park the mail in the 'drafts' box encrypted with the owner's own key if the
sender fears that casual observers may have access to his machine.

I don't know if these options are possible actions for enigmail to do without
changes to Thunderbird.

Regards,
Philip

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJTWt1aAAoJECa9UAojVDpjqlMIAKBVlgGGdLch3FDLR9Ay1sLp
uLGwtcNTRjyHVaJAG/Nv5qq4JXBvS8KyVhrsoogqgfzSIqKNEFg+LfzX08QltjHi
LoWDcXwj9TKKan/0W6DqYoldCQB2EhV5pC2/dKAJ/HO4fUK/6u/W4drvQZxhDklQ
B48vXkKFkFt7jfh4yRVqEYLr6wvLuBOfFWA+FIwRYw+uq22Mgf2PjHZzRq5+z6cn
qjdEXaVRajJ1w2IXE/jVpPNgZS2Jzu7W5lODKZUPIojAo8qnJFy8phA+o3V0TkHB
hNwdsO58A+jbCtsFAZ3bUf66ifDQB/vKZvOF7Hx/d96jv/oIlztutkurxHQz/wA=
=avZp
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] test implementation for auto encryption available in test-branch

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



On 22/04/2014 01:30, Daniel Kahn Gillmor wrote:
 Hi Nico--
 
 thanks for your work on this; i'm really glad to see people thinking it 
 through in detail.
 
 Responses in more detail below, along with a more radical proposal that 
 hopefully we can use to think through the desired behavior.
 
 On 04/21/2014 04:11 PM, Nicolai Josuttis wrote:
 
 Let me try to find a wording both experts and novices can live with (IMO
 that's key for a better acceptance of PGP).
 
 yes, clearer understanding is important.
 
 We have owners.
 
 I'd say we have keys, and there are people who control those keys. Some
 keys might be held or controlled or owned by multiple people.

Yes, quite so.
 
 We can specify how much we trust them.
 
 since the term trust is so beleaguered, perhaps we should say we can 
 specify how much we're willing to rely on any given key to certify other 
 certificates.
 
Yes in principle. BUT attention -- the 'given key' may already have been
compromised since I (the user in question) stated how much I was willing to
trust it some time ago.  And it is today that I am sending the message.  We
should not be too reliant on historically conferred trust.

 We have keys. Keys belong to email addresses.
 
 again, i'd say that keys are distributed within certificates, and (most) 
 certificates have e-mail addresses associated with them.
 
 So the hard part is how the following: - a key is valid means different
 thing for experts and novices
 
 I think we should be talking about a (key,userid) being valid, or a key 
 being valid for a given e-mail address.  Saying a key is valid isn't 
 really what we want to say.  In particular, a key could be valid for one 
 e-mail address, and it could be not valid for another e-mail address.

I believe Daniel said previously that he had added an email to an existing
certificate and had not taken the time (or effort) to get it re-signed.  So
would someone be justified in sending an encrypted email to him on that new
address using the key which has not been re-signed for that email address ?

I think so yes, providing that the sender has some level of knowledge of the
recipient and trust in him that is of a different nature to the trust of 'web
of trust' type. The 'level of knowledge' required of the recipient is a
function of the type of secret being transmitted and associated risks.

This is, in my opinion, the most important aspect of trust required and has
comparatively little to do with key validity and 'web of trust' trust.  The
element connected with key validity and 'w.o.t' which is important within the
proposals of this auto-encrypt dialog is the amount of time elapsed between
the acceptance of a key as valid and the time the encrypted email is sent.

A key, userid pair could, of course, be compromised very soon after it has
been given 'valid' status but the greater the elapsed time, the greater the
risk of compromise.  Of course, if the secrets are trivial, the risk is of no
importance but then neither would the encryption be really vital.

This, for me, is the greatest element of risk in 'auto-encryption'.
 
 - we trust a key is nothing useful for an expert but for a novice.
 
 i'm not sure what you mean by this.  can you explain more?
 
 Now we have to formulate an option: - we accept all keys except
 disabled/expired/revoked ones. AH, may be accept is a word we can use 
 (I used it here incidentally...)
 
 accept needs to be clearer, i think, because it may not be just we are
 willing to encrypt to this key -- it may also be we are willing to 
 believe that signatures made by this key actually come from the person 
 identified in the user ID of the key's certificate
 
Again the time delay aspect enters into consideration.
 
 So may be we allow to change both options into the following:
 
 Accepted keys to send encrypted: - All valid keys according to the web of
 trust - All except disabled/expired/revoked keys
 
 how about:
 
 For a given e-mail address, encrypt messages to:
 
 * all keys valid for that e-mail address * all usable keys that claim to
 belong to that e-mail address
 
 Note that enigmail's current default behavior is to simply choose the 
 *first* key in GPG's keyring that claims to be associated with the e-mail
 address in question.  This is true, even if the first key in the keyring
 with a given e-mail address is *not valid* for that e-mail address, and
 another later key *is valid* for that e-mail address :(
 
Whoops !

 Automatically send encrypted - never - if we have accepted keys for all
 e-mail addresses
 
 
 
 And for the first option of the first option we NEED a very short but 
 compelling explanation (ideally as help text), which I still try to find
 reading all the documentation. May be: - According to the web-of-trust, a
 key is valid if: - it is your key (has ultimate owner trust) - you signed
 it - another owner you fully trust signed it - at least 3 other owners
 you marginally 

Re: [Enigmail] test implementation for auto encryption available in test-branch

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/04/2014 00:12, Nicolai Josuttis wrote:
 
 
 Am 20.04.2014 21:38, Philip Jackson schrieb/wrote:
 Hi Nicolai,
 
 I've downloaded and installed the 1.7a1pre-test version. Patrick's link
 shouldn't just be clicked on though.  Firefox downloaded it and tried to
 install and then rejected it as 'not being suitable for Firefox' and then
 presumably deleted it (because I couldn't find it in the downloads
 directory).
 
 However, one question :  in the preferences/sending tab, how do your new
 options cohabit with the second check box item 'Always trust people's
 valid keys' ?
 
 
 Does that option cancel your 3 options for full, marginal, unknown trust
 levels?
 
 No, it's the other way round: Currently the options don't affect each other
 (which might be wrong).
 
 That is: - I can select to auto send encrypted emails to people for which
 the keys have unknown trust although always trust is NOT selected. - I
 was thinking about some alternatives, though. One is that if not always
 trust all keys is selected I disable the last (two) options. That would be
 a visual feedback for what you asked. - Another is that the
 auto-send-options only ask whether to send encrypted if all keys are known
 and trusted and what trusted means is derived from the always trust
 all keys option.

In any case, I think the display of your new options at the same time
as the second check box item (Always trust people's valid keys)
presents a confusing display.  A display logic should be decided
that prevents them both being displayed at the same time.

 In any case I am not sure whether the whole approach I programmed is
 good/intuitive. So allow me to explain some details of the current
 implementation:
 
 - Option always trust all keys is enabling or disabling the option 
 --trust-model always This is documented in the GPG manual as:
 Skip key validation and assume that used keys are always fully
 trusted.
 You generally won't use this unless you are using some external
 validation scheme.
 This option also suppresses the [uncertain] tag printed with
 signature checks when there is no evidence that the user ID is bound to the
 key. Sounds pretty dangerous (but is often selected).

see below -

 
 - My options affect whether and how the Key Validity and Owner Trust 
 columns of the key management are considered. For example, if I need
 marginal trust, both columns have at least to have that level. (Note that
 validity/trust is sorted according to: - disabled/revoked/expired -
 explicit mistrust - unknown trust - marginal trust - full/ultimate trust ) 
 auto send encrypted would never happen with keys being in the first two
 groups. No option should change that IMO. For the other three groups, I
 have provided the three auto-send-enc-options.
 
 However, now we have different trust models (one by GPG and one by the key
 manager) THis also can be confusing. On the other hand, dealing with what
 is defined in the key management dialog can be more intuitive than dealing
 with the rules of the web of trust.
 
 Consider for a moment we would have no recipient rules and people don't
 know the rules of the web of trust. The simple approach for the novice
 either would be: a) You can disable auto encrypt. Then you have your
 general default about whether to encrypt which you can change for each
 mail. b) You can select to auto encrypt if all keys are known (ignoring the
 trust level, but not mistrust or revoke/expired). This is like selecting
 always trust all keys (and as dangerous)

The question of 'dangerous' puzzles me somewhat.  Where is the danger in
trusting a key ?   You are implying that one should not encrypt to a person
whose key is untrusted - whether in the sense of its validity or of its
owner's trust.

There could be danger to some people in the mere act of being seen, by an
observer, to be using encryption and in those circumstances, the
trustworthiness of the owner or the key would be irrelevant.

But even if the key validity has been fully ascertained, and the owner is
'fully trusted' in the sense that applies to the web of trust, one would have
to consider the nature of the material (secrets) being written in the message
- - and here again, the gpg trustworthiness of the owner and the key validity
are not the most relevant factors.   What is more relevant are the personal
qualities of the owner - will he betray you ?, is he a stooge planted by the
enemy/competitor?  These are not questions that gpg web of trust or key
validity can answer.

My thoughts are that the more emails that can be encrypted, the better.  A
higher volume of encrypted mails provides a better safety screen for all so it
is better to 'trust all keys' and to be extremely careful what you write if
you do not know the recipient.

 c) You can select to auto encrypt only if keys are known AND you have
 declared some trust. In my implementation you can either require at least
 either marginal or full trust

Re: [Enigmail] trust the keys of all recipients is problematic text

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi :

On 25/03/2014 23:21, Daniel Kahn Gillmor wrote:
 hi enigmail folks--
 
 1ee310b5bcdb86f225cc11ca0ae2138a7aaba992 addresses bugs 212 and 179 with a 
 menu option called trust the keys of all recipients.
 
 I think what this implies is that when sending a message to 
 f...@example.com, enigmail will just use the first key it happens to find
 in the user's keyring that has f...@example.co in one of its user ids.
 
 i think this is the wrong language to use for this feature, because it 
 conflates the idea of trust (which has a specific meaning about how much 
 you're willing to rely on certifications made by the keyholder) with the 
 idea of validity (how much you believe that a given key belongs to the 
 person/address named in the user ID).
 
This is an important point.  The difference between the ideas of trust and
validity are not always evident to newcomers to enryption.  A common usage of
the notion of 'trust' in the english language could cover both concepts.
Keeping 'validity' out of the realm of 'trust' is important.

 I'm having a hard time coming up with a pithy replacement (possibly
 because i'm not entirely sure this behavior is a great thing to do), but i
 think it should be something like:
 
 encrypt this message regardless of key validity
 
 or
 
 don't check validity of recipient keys for this message
 
 or
 
 ignore key validity when sending

ignore key validity when encrypting this mail  would seem to do the trick.

 also, i don't think this menu option should be present (or maybe it should 
 be greyed out) when the message is not intended to be encrypted.

Yes - greyed out is good for signature only use.

 Probably the text in the preferences pane (Always trust people's keys) 
 should be changed as well to use more sensible language.

Also important.


 Lastly, in the key management dialog box, the Key Validity column 
 (should it be UserID validity?) should probably choose its values from 
 the set {invalid,revoked,expired,-,unknown,marginal,valid} instead of 
 {invalid,revoked,expired,-,unknown,marginal,trusted}

A logical consequence to remove 'trusted' from the values set and I would go
with the change of the column to 'UserID validity' too.

 At the moment, it's possible to have a key that is Key Validity:
 trusted, but Owner Trust: untrusted, which is a pretty confusing thing
 to see. --dkg


- -
Philip Jackson
Domaine le Theron
Chemin du Theron
34210 Siran
France

Tel : (+33) 468 49 80 53GnuPG Public Key :0x23543A63.asc
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJTMtYzAAoJECa9UAojVDpj5f0H/3gMGKzVFxkhEW6wTKPT3RaP
fsHNL7q8gNiAyMTAmn1A/TecdojnuyqkVfB7BxrezF+WdjL/HFMw/+IDFXwIm/uL
xEyXgtPLya4htc2A0rVJWJNTtL0pfNjXkhM6zDOV0IqLwWQYU1K49/b65kKfBZAm
RUxckFB/mfaWb+V6zv+orxrfWPsn+md6p02eWP7H3bvKKVnAYcjgToSr+6eSsoZp
F7a2Si8xw4gjU/nKPEtBMmlpdOgp0D6HA6Jvr67J+sTVWXOV20hU5MQq9tmGGz8d
OS3/p+mMakHiIsgWVs00OH1r8L8eJS4FDYycxBCnebC/49w5SelPGpmEjCSMXGY=
=6lDq
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] trust the keys of all recipients is problematic text

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

I have already responded to the specific items in DKG's email.

I note in the discussions of the two bugs he quotes, that there is a
reluctance amongst some people to encrypt, or to permit encryption of,
messages to unverified key / identity owners.   My opinion differs.

I am in favour of generally encrypting to as many people as possible on the
grounds that the higher the volumes of encrypted traffic, the harder the task
of tracking those messages and the easier it is to hide in the crowd.

All encrypted contents are not necessarily of a sensitive nature.

It is completely a different question for the treatment of contents which have
a sensitive nature.  One must be stupid to send sensitive contents, encrypted
or not, to a person whose identity is not proven and trusted.

- -
Philip Jackson
Domaine le Theron
Chemin du Theron
34210 Siran
France

Tel : (+33) 468 49 80 53GnuPG Public Key :0x23543A63.asc
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJTMtj3AAoJECa9UAojVDpjffcH/jc+8w3z2W87Sr1qfewEHn2l
nmNQe5Rb0HkaP+3Z8qbz41900nY2WPYwUZwnQd5WGNrAFSsSW8/E0mND+VP3PmRj
CAGf1ARc4Y8ANDWEU63LkczZjtd4hV2nSSvmMtDrTAapxEGQbhqw7pBDGaipsdLY
AuoQFS2OKVYZpkwq+nLa55yzCEWgNaUeMGToU3WGoZSE6+7IXN9bAtWcaJ32t5oa
zHc49IEhVxShEfBCoCdmvTu4W5Nxti2jzx2xSO2vaxYPnS5TiJpNWdkk5VMjFdgC
5tdD7nbhZA3QtEz4XJAIDBikvXsH47NzwEHr+yXGsvkH04NzhH2cc36H1WCFJ+Q=
=06iH
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Hello, World!

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Wayne :

I sent you an encrypted message to yourt email address.
Pnj

On 05/03/2014 19:15, Wayne Ernst wrote:
 Hi, Folks,
 
 Just looking for someone to test public/private key stuff with. Anybody
 who'd be willing to help me test my encryption/etc would make my day.
 
 Thanks, a bunch!
 
 Wayne
 
 
 
 ___ enigmail-users mailing
 list enigmail-users@enigmail.net 
 https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJTF27TAAoJECa9UAojVDpjGcwIAJA0vs0k3WeMOrZRI3i7zNOO
dnUjtSPbUiTIULgfmRFR6+TVNEnUrXwT7VC7zbiX/r2bvIBNNEtE/bmhD/L7mztW
Ac6WEjcb4Z8IIPAUt6Ml+wYAI8HfZmMCvI89YmyMg0OF6tdjk5gQ045QU8v7LRA5
TiDzhTpbTKk7QGU8yUqqcNPc3SH6gkyCY4Qp3J6bhhCcxE/ZOYiWFwAAxBQA2TA0
Ray1iHF7PCUJ7X0nmf+YI0KlWgEUa4YSQohLp+OfVwVCcPgmxCNOUqb+zv5NWEKZ
9tLEqYXswRLBGaJXnEDArn75PXM+bZjA4lRkQYv5PN3GydX07thV96FhXI+5wmY=
=Bqqs
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] security violation

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Receiving the 'reminder' email sent out by enigmail with passwords in clear
text was a bit of a shock.  It is as though enigmail doesn't believe in its
mission.

Could we try to make sure that this doesn't happen again ?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJTEiUpAAoJECa9UAojVDpjOCcH/0XOZT1d5HzPnWiNZbNs2kjR
4QmJxxMdHcKGhoMl+nGjw4JmvOdRsPU0QM6rWwtIRCei42ufLy0eku6eU1rcvZ2K
EfdSyePD2OwFe0hjDiLJISDrEnpQulbiNK3k8CBzcdkMem7Nicg6uIKi1mqDkChI
AiRX8C9I6utNmeh3Nh3v8mm+yBHGYWxy03oSePpgU26GsjUTIqrb5ZIb5FHCDK19
s5crUIDFIJhRtdglrX/vt/kfFZWuUCMiVh8qHwUd+lh4okUoNAbWqhQ0h57PZ2ZN
NL4c7jrluO/1utVl1U7d8Nv6/KGJNpsh/IghGxcz63MoxnQATvt0flLz4Vn92eU=
=8RD1
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Public key for enigmail

[Philip Jackson]

I'm lost here Nico.  Which are the 2 menu bars ? Are you talking about the
'Write' window ?
Philip Jackson

On 14/02/2014 18:07, Nicolai Josuttis wrote:
 BTW,
 having two OpenPGP entries in two menu bars seems
 to be a bit confusing.
 Should we change the second to something like
  Privacy or PGP Privacy or PGP Options or so?
 
 Am 14.02.2014 17:58, Patrick Brunschwig schrieb/wrote:

 The easiest way is to open the OpenPG Key Manager (menu OpenPGP -
 Key Manager), search for your email address and use Edit  Copy
 public keys

 -Patrick

 


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] keymanager - column display

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/02/2014 20:31, David wrote:
 On 2/2/2014 12:40 PM, Philip Jackson wrote:
 Hi :
 
 I have now managed by pulling and pushing borders to get a display of key
 manager with 5 columns : Name, KeyID, Type,  Key validity, Expiry.  This
 is quite acceptable.
 
 On 02/02/2014 16:42, Patrick Brunschwig wrote:
 There is ... you have to drag the column border on the _left_ side of
 the rightmost column to make it smaller (not my decision -- Thunderbird
 standard functionality...)
 
 When I add 'fingerprint', 'name' shoves off the left hand side. You are
 quite right that by dragging the border on the left-hand side of the
 rightmost wide fingerprint column, I can reduce its width.  But the
 result just pushes the excess width to the second right column.  Grabbing
 the left-hand border of the 2nd right column and dragging to the right
 just pushes the rightmost column out of the window.  You can get it back
 by using the scroll button but then you lose the left hand columns.
 
 The problem seems to come down to this :-- the 'name' column has not
 disappeared but has collapsed down to leaving a small trace - the up/down
 arrow which is situated at the right-hand edge of each column and which
 indicates the sorting direction. A single click on this remnant does
 change the sorting direction correctly (ie according to 'name' values).
 Also visible is the series of small arrows, the expand gadget, normally
 at the left-hand edge of the name column and which serves to expand each
 key.  These also work but additional IDs are not visible because the name
 column no longer has the width needed.
 
 This remnant of the collapsed 'name' column can just be seen in the image
 keymanager2.png attached to my previous email.
 
 In Thunderbird, for the email fields, I have 19 possible optional columns
 in addition to the 'subject' column (equivalent to 'name' in enigmail ie
 the column which cannot be deselected).  I can select all 19 optional
 columns at the same time without the 'subject' column collapsing.  Of
 course, even if I expand Thunderbird to full screen, you get very limited
 info in some of the columns.  But they are all visible.
 
 My conclusion is that there must be some difference in the implementation
 of the key manager display and the Thunderbird display.
 
 But since this does not seem to affect anyone else, and I now have an
 acceptable display of Key Manager, there seems no point in continuing
 this thread.  Thank you all for your assistance in helping me get a
 better display.
 
 
 In the top right corner the is an area with a '-' sign for minimuse and a
 square box to full screen and a red 'X' to close. Can you display what all
 you want when you click the 'square'?
 
David : no - full screen mode doesn't change anything.  The problem seems to
be that the 'name' column (enigmail's key manager default column) collapses at
the left hand edge of the key manager window.

See comments above re: Thunderbird's behaviour when all mail (20) columns are
opened.
Philip
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJS7qasAAoJECa9UAojVDpjKLcIAJecTl/IJIE4MMPwInGjna5I
YqsNGsf29Lie3eZG8MmjtDLNZ4LO7zJ7O7Tolv4Ut31jZaS85yWxIYpA7MU5633b
hHI/U0Ixbr55hObDj8sS7mTVijNQ1X+uh1J8o8c1OlH1X20w51lwIpEReKPm0sJ9
lQ8RmCEgRCEHk8tjIk7k1L1OE4AUiSbHiN1h15cgTJ9yQeIn7IkYHm9OObtYmbl6
hVI55Na7AL+sBnCYTPULiFqWtfIajBs9AgVDGkhq/qNgSp4UMvKxfUmqYn0M07Iy
3PFnzsFq2v/1zXEj1cEcjMWxHsEWLO8vNTxXxhVY/5HspaYQ1NOohvyxYHDzW7A=
=EKBj
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] keymanager - column display

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/02/2014 22:01, Ludwig Hügelschäfer wrote:
 On 02.02.14 18:40, Philip Jackson wrote:
 
 (...) My conclusion is that there must be some difference in the
 implementation of the key manager display and the Thunderbird display.
 
 No, there isn't.
 
 (...) But since this does not seem to affect anyone else
 
 I just managed to make the name column what you call collapse. In fact,
 the column separator between name and Key ID does not vanish completely.
 Pull here, and the name column will be visible again.
 
 HTH
 
 Ludwig

Hi Ludwig,

I was already able to see the column separator between name and KeyID - the
cursor changes form to a small double headed arrow ( - ) but
clicking/holding/sliding does not work for me on this one like it does on all
the other columns.

I can even click on what I called the small remnant of the collapsed name
column and I can drag that to a position between the KeyID and Type columns.
But even there I cannot drag it open.  This remnant is the width of the expand
gadget and its left-hand column margin can be dragged left and right to change
the width of the KeyID column to its left.

The right-hand column separator can still be seen but cannot be dragged.
Clicking on the header changes the sort order and clicking on any expand
gadget, creates a gap where additional IDs should be shown.

I just had need to edit a per-recipient rule.  That window displays perfectly
and all columns can be adjusted.

Thanks, Philip
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJS7rk4AAoJECa9UAojVDpj6koH/04kKZxRZFioc7Rh+VHwxZYM
kbTHTcedlxqtwTKqsem2VZ+CFcZcB6XsHVvabBNGtfQ0IdDEaOjaWQ4VWOzvl4k/
XwFrvo+jaC5Yqt+ksVqLW/waCvwXaNOL3FHbVKZ86fZ3W9OLhtPj3ohXKeC8S5JH
mK5HACng76TZH69kwudJWNELYxDOvn9IbURyu4OWfO+XgCcoWGeG7+tygyL5oIfg
M7Jf4G0gDMKpdhxBVWHtAFZWSrfRPY+6JcUt3YrTkXSNT8LEG480njZbJd3NqNCi
FaBBJWeIZ2Twnd8gmx2AnAP1g3Z1fd/bIo/SvrfZXHRMs20R14TVSXo+SNo7LRE=
=QI6w
-END PGP SIGNATURE-

___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] expired keys

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Enigmail,

I always thought that the Enigmail key manager only displayed 2 columns (Name,
Key ID) but Ludwig's reply caused me to look again.

It took me 5 minutes to find the tiny icon which permits you to select another
5 columns.  This is very well disguised.  The first place I looked was in the
key manager 'view' menu item but there is no way to find the extra columns in
any of the File, Edit, View, Keyserver or Generate text items on this bar.

Strangely enough as well, I cannot display all seven columns at once.
Selecting the fingerprint column, kills the name column.  The screen is wide
enough.

Philip

On 01/02/2014 21:38, Ludwig Hügelschäfer wrote:
 Hi,
 
 On 01.02.14 20:36, David wrote:
 Windows 7 Pro with Thunderbird 24.2.0.
 
 I try to keep pubring.gpg free of expired keys. Is there a way in 
 Enigmail to remove expired keys as a group without having to scan the
 entire pubring.gpg and mark them individually?
 
 Yes. Please open the Enigmail key manager: Menu OpenPGP - Key Management.
 Check the Display all keys by default checkbox. Make sure the column key
 validity is visible. Sort by validity by selecting the key validity
 column. Scroll down until the revoked keys are visible. Select the first
 key line marked revoked. Scroll down until you see the last revoked key.
 Mark with Shift click. Now all revoked keys in your keyring should be
 selected. Right click - Delete key.
 
 Attention: NEVER EVER delete your own secret revoked key(s) if you still
 have stuff encrypted to this key you need!
 
 HTH
 
 Ludwig
 
 ___ enigmail-users mailing
 list enigmail-users@enigmail.net 
 https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJS7WDUAAoJECa9UAojVDpj/woH/0YEf4fq1i1mQelojq2eb411
NRG6edn7G9wyZLzzzYHhrkr4iab1wzOdLGATsQ6UxhZ2ps9JB6m2vNV5O4XxBkAW
Z3WZaZ7lOuyRo2qMH7e9dSt8J8E+ET1kjMUu+5GnjKULRGkJp6gSpCisYK4F7Rfh
eaY7kWzRb+ey5U734Ux04y4OP5FEy+OXXQR0ihpiykKbrL5gPsV3NjgS1Kmgg+Lf
sd+wqR3hMwQV4U7by/F2Tw9yOT/xtoTmZSRi7KIbRd8zQ+eb1xXoadoJnfdNAkPz
kag5sOkV1IM4t7xclYeXjbBd+K6deqSeoGCl10Y9zA6Jq3FqKcscd1qbHxKTB/0=
=0jTp
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] default settings for key servers in enigmail

[Philip Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

I've never had success with importing a sender's key using enigmail.  After a
lengthy delay, I always end up with the following error message :

gpg: requesting key XZXZXZXZ from hkp server subkeys.pgp.net
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

Then I swap to using Kleopatra and get the key from keyserver 'keys.gnupg.net'
with no difficulty.  So today I started to check why this could be so.

I use enigmail with the default settings for key servers I found when I
installed enigmail :

subkeys.pgp.net, pool.sks-keyservers.net, sks.mit.edu, ldap://certserver.pgp.com

Selecting import key in enigmail brings into use the first of these servers
and this is the one that never works for me.  If, instead, I select the second
in the drop down list, it works fine.

I had thought that all key servers were sychronised but apparently there must
be something wrong with 'subkeys.pgp.net'.  If that is the case, maybe
enigmail should be shipped without that server being listed ?

Has anyone else seen this ?

- -
Philip Jackson
GnuPG Public Key :0x23543A63.asc
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.21 (MingW32)

iQEcBAEBAgAGBQJSyGy3AAoJECa9UAojVDpjxEEIAKE45mgFPqHb00u5K9C1T5DV
ynF7o1JUrmWI9nf7dQrm7MY72JEON4t3g2Vy1eG6YcbWC+iWOQCi1VBRCPfXwioD
AgoVJy+brEblZuPhWSRRAUWEeuB84Cw+y3JfkCiDe9Fa2Fpwru1ryiG4Qw3658qz
GacLp8quK5CKzRCmAq20PbT2qZZUTHRkFSvxLB56PN+7yKIHUi8ERjuR4j2mKa7Y
JTcVSiKG2xB2AI4Ius/bQkG6sG9NrfO8dZO6LrgXI3m2v0l08CgE+l7Oqp5JsHAr
4VAAuP2C2JkofFofun2xZaDR+NNXikurAuwlYgqdoN42Ks/pHu4OOkkZP4wQkk0=
=bgXV
-END PGP SIGNATURE-


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] photoID

[Philip Jackson]

On 29/12/2013 16:38, Patrick Brunschwig wrote:
 On 23.12.13 23:33, Philip Jackson wrote:
 Hi,
 
 During recent testing with enigmail 1.7a1pre, I found that
 sometimes under the 'Details' button there was the usable option to
 'View OpenPGP photoID'.  That surprised me because I thought it had
 always been greyed out in 1.6.0 (Kleopatra specifically says that
 it does not support photoID) and I didn't realise that so many
 people used it.
 
 Tonight I've gone back to 1.6.0 to check and I confirm the
 following :
 
 Enigmail 1.6.0 :
 
 Of six recent respondents on this mailing list whose public key I
 have on my keyring, none of their emails (multiple in most cases)
 has a usable 'view photoID' option.  Checking via enigmail's key
 manager shows that they all have photoID integrated into their
 keys.
 
 Enigmail 1.7a1pre :
 
 Three of the above have a usable 'view photoID' option under
 'Details' button and this works for each email instance of these
 three respondents.
 
 Three respondents have greyed out options for each email although
 the photoID is present in their keys.
 
 Something has been changed in respect to photoID in 1.7a1pre but it
 doesn't work all the time.
 
 Your observation is correct. I already fixed something about photo IDs
 a few weeks ago, and I just spotted yet another error. Tomorrow's
 nightly build should now hopefully work correctly in this respect.
 
 -Patrick

I tried again on Windows7, Thunderbird 24.2.0 with lates nightly build
 (build date: 2013-12-30, version: 1.7a1pre, git rev:
8d7aac055ab6f05a2d9aee5bae735383f1c1404d) :

all the verified signed emails of sender keys I have on keyring now show a valid
option under the Details button and this option works in each case.

Looks like this problem is fixed.

Philip
 
 ___
 enigmail-users mailing list
 enigmail-users@enigmail.net
 https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
 


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] behaviour of enigmail 1.6 in Thunderbird 24.2.0

[Philip Jackson]

On 20/12/2013 15:48, Patrick Brunschwig wrote:
 On 18.12.13 00:24, Philip Jackson wrote:
 On 17/12/2013 14:38, Anne Wilson wrote:
 On 15/12/2013 17:43, Philip Jackson wrote:
 1.  import public key : this seems to work and the imported key
 is immediately displayed in Kleopatra but not in Thunderbird
 key manager until Thunderbird is restarted

 This may not be entirely an Enigmail problem.  I have seen
 exactly that behaviour in Linux over a long period, when KMail
 couldn't see newly imported signatures but Kgpg reported them.
 As with Thunderbird, it required a restart to see them, so I came
 to the conclusion that maybe the signature file is read once
 only, when starting up.  Of course the reason could be something
 entirely different :-)

 Anne
 Olav's suggestion to try the 'Reload key cache' works fine.  The
 newly imported 'sender key' is then displayed in the Key Manager.
 
 This also explains why in one of my cases, the option  'View key
 properties' under the 'Details' button did not do anything.  Until
 the key cache is reloaded and the key info is present in the key
 manager, 'View key properties' does nothing - not even an error
 message.  As soon as the key cache has been reloaded, 'View key
 properties' works correctly.
 
 Is there any error message in the Thunderbird Error Console (menu
 Tools  Error console)?
 
 -Patrick
Nothing found in the Thunderbird error console.  I'm trying to read the enigmail
debug file but it's quite difficult (in fact, quite a bugger) with lines that
don't wrap. Copy and paste to a text editor needs returns and new lines put in
manually.

I'm still checking and I'll make a bug report over the weekend.
Philip


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] behaviour of enigmail 1.6 in Thunderbird 24.2.0

[Philip Jackson]

On 17/12/2013 14:38, Anne Wilson wrote:
 On 15/12/2013 17:43, Philip Jackson wrote:
 1.  import public key : this seems to work and the imported key is
 immediately displayed in Kleopatra but not in Thunderbird key manager until
 Thunderbird is restarted

 This may not be entirely an Enigmail problem.  I have seen exactly that
 behaviour in Linux over a long period, when KMail couldn't see newly imported
 signatures but Kgpg reported them.  As with Thunderbird, it required a
 restart to see them, so I came to the conclusion that maybe the signature
 file is read once only, when starting up.  Of course the reason could be
 something entirely different

 Anne
Olav's suggestion to try the 'Reload key cache' works fine.  The newly imported
'sender key' is then displayed in the Key Manager.

This also explains why in one of my cases, the option  'View key properties'
under the 'Details' button did not do anything.  Until the key cache is reloaded
and the key info is present in the key manager, 'View key properties' does
nothing - not even an error message.  As soon as the key cache has been
reloaded, 'View key properties' works correctly.

This behaviour is probably worth a bug report on its own. (when I find out how
to do so)
before you do, please verify with the latest nightly build that this bug is
still present and thus is endependent from the fix committed for bug #75.
Olav

I just tried again with 19 Dec nightly download 1.7a1pre and the behaviour is
the same.

With 1.6, I never found a usable option for 'view OpenPGP photoID' under the
'Details' button - it was always grayed out.  With 1.7a1pre, sometimes it is
there and it works.  Other times it is grayed out but the photoID is present and
can be viewed through the key manager.  I can't spot any differences between the
cases where the option is available and those where it is grayed out.  Any 
ideas ?

Philip




0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] behaviour of enigmail 1.6 in Thunderbird 24.2.0

[Philip Jackson]

Hi all,

I thank you all (Daniel, Ludwig, Anne, Olav) for your comments on my note re:
the Details button.  I'll think about some suggestions for improving the
messages given by Enigmail when the 'Details' button is solicited and then file
a bug report.

Anne - I should have added that I was using Windows 7 (not Linux).

Ludwig - thank you for some of the additional info you provided.

Olav - all languages have their little traps.  I realise that enigmail generates
the message but it is 'displayed in Thunderbird'.  Thanks too for the tip about
'reload key cache' - I'll try that next time I import a key. Kleopatra does not
need to be reloaded - the new key (downloaded through efforts of Enigmail)
appears in Kleopatra before your eyes.

Seasonal obligations mean that I'll need a little time to get back to you all.
Philip


On 17/12/2013 15:28, Olav Seyfarth wrote:
 Hi Philip,
 
 Because the bit about signing followed immediately after the key ID, I
 hadn't realised that it referred to message signature time/date. In that
 case, it would be clearer if the message header displayed in Thunderbird
 said :
 
 Part of the message signed; click on 'Details' button for more
 information Key ID: 0xXZXZXZXZ / Message signed on: 15/12/2013 18:29
 
 first:  thank you for your systematic writeup and well-stated objections
 second: note that it's not TB that does things (see TB said above), but EM.
 third:  please file a bug, even for such little things as wording, since it
 will be forgotten otherwise.
 
 Olav
 
 ___
 enigmail-users mailing list
 enigmail-users@enigmail.net
 https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
 
 This message has been processed by Firetrust Benign.
 


0x23543A63.asc
Description: application/pgp-keys
___
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net