Re: I can't stop encryption being done with a wrong key
On Friday 27 May 2011 16:50:17 you wrote: On 05/27/2011 11:19 AM, Anne Wilson wrote: I eventually found where I could disable the key both in Thunderbird and in KMail, so all is now well. I'm glad you got it resolved! I think this is more of a demonstration that fixing this to do the Right Thing by default in gpg itself would have been a boon to both kmail and enigmail (and any other frontends). If you have thoughts on what gpg should have done in the first place, there's an open bug report titled better heuristic for choosing an encryption key based on a User ID: https://bugs.g10code.com/gnupg/issue1143 You might want to add comments there describing your preferred behavior. Regards, --dkg To be honest, I'm not sure that it is the fault of gpg. To my mind, both Thunderbird and KMail should always respect the preference marked as the default key for the user in question. It seems to me that it is more of a job for the address book interface, to ask for the default key and whether older keys are to be disabled. Or am I misunderstanding again - is that part actually handled by gpg? I'll add to the bug report mentioned above. Thanks Anne -- New to KDE Software? - get help from http://userbase.kde.org signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I can't stop encryption being done with a wrong key
On Friday 27 May 2011 16:50:17 you wrote: If you have thoughts on what gpg should have done in the first place, there's an open bug report titled better heuristic for choosing an encryption key based on a User ID: https://bugs.g10code.com/gnupg/issue1143 You might want to add comments there describing your preferred behavior. Slight problem - I created an account but can't see any way to add comments. Sorry - I'm used to bugzilla, but obviously this is quite different. Anne -- New to KDE Software? - get help from http://userbase.kde.org signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I can't stop encryption being done with a wrong key
Am 26.05.2011 21:26, schrieb Charly Avital: In Thunderbird, key usage is set in 'Per Recipient rules', that is not the Address Book. Can someone please explain to me how this could be happening, and what I need to do to correct it? Should I remove his old key from my keyring? If I do, I assume that I won't be able to read his older messages. You don't have to remove his old public key from your keyring. You have to edit Per Recipient Rules so that your friend's new public key (in your public keyring) is linked to his User ID (e-mail address), and used to encrypt to him. Thunderbird (or the enigmail extension you're most likely speaking of) uses the mail addresses on the keys UID to choose which key to use. If there is more than one key with the same mail address on the keyring, engimails behaviour becomes somewhat unpredictable and sometimes chooses the old key, sometimes the new one. You could either override it with explicit recipient rules, or remove the old key from the keyring. Since you said the old key became corrupt, I see no point in keeping it anyway. Andreas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I can't stop encryption being done with a wrong key
On Friday 27 May 2011 07:10:58 Andreas Heinlein wrote: Am 26.05.2011 21:26, schrieb Charly Avital: In Thunderbird, key usage is set in 'Per Recipient rules', that is not the Address Book. Can someone please explain to me how this could be happening, and what I need to do to correct it? Should I remove his old key from my keyring? If I do, I assume that I won't be able to read his older messages. You don't have to remove his old public key from your keyring. You have to edit Per Recipient Rules so that your friend's new public key (in your public keyring) is linked to his User ID (e-mail address), and used to encrypt to him. Thunderbird (or the enigmail extension you're most likely speaking of) uses the mail addresses on the keys UID to choose which key to use. If there is more than one key with the same mail address on the keyring, engimails behaviour becomes somewhat unpredictable and sometimes chooses the old key, sometimes the new one. You could either override it with explicit recipient rules, or remove the old key from the keyring. Since you said the old key became corrupt, I see no point in keeping it anyway. I eventually found where I could disable the key both in Thunderbird and in KMail, so all is now well. Thanks to all who answered. Anne -- New to KDE Software? - get help from http://userbase.kde.org signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I can't stop encryption being done with a wrong key
On 05/27/2011 11:19 AM, Anne Wilson wrote: I eventually found where I could disable the key both in Thunderbird and in KMail, so all is now well. I'm glad you got it resolved! I think this is more of a demonstration that fixing this to do the Right Thing by default in gpg itself would have been a boon to both kmail and enigmail (and any other frontends). If you have thoughts on what gpg should have done in the first place, there's an open bug report titled better heuristic for choosing an encryption key based on a User ID: https://bugs.g10code.com/gnupg/issue1143 You might want to add comments there describing your preferred behavior. Regards, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I can't stop encryption being done with a wrong key
Anne Wilson wrote on 5/26/11 2:06 PM: I have a friend whose gpg key became corrupt. He created a new key, and I imported it. Then we discovered that KMail insists on trying to encrypt using the old key, even though I have changed his addressbook entry to reflect the new key. At this point we thought it was a KMail issue, so I moved to Thunderbird for answering his mail. Signed mail in both directions is no problem. That's normal. You are verifying your friend's signature with the new public key he created and that you imported. Your friend is verifying your signature with your public key that is valid and in use. He can send an encrypted message and I can read it. The new key is fine. When your friend encrypts a message to you, he is using your existing public key. This has nothing to do with your friend's new key. However, when I send an encrypted message to him we hit the rocks. In Thunderbird I have only a minimal addressbook. I set his record to use the new key for encryption, and I can't see any way that Thunderbird should know about the old key. However, the test email I sent him was signed by the RSA subkey of his old key. I can't remember how KMail sets the usage of keys. I'm a Mac user, but I have dabbled occasionally in Linux and some of KMail. In Thunderbird, key usage is set in 'Per Recipient rules', that is not the Address Book. Can someone please explain to me how this could be happening, and what I need to do to correct it? Should I remove his old key from my keyring? If I do, I assume that I won't be able to read his older messages. You don't have to remove his old public key from your keyring. You have to edit Per Recipient Rules so that your friend's new public key (in your public keyring) is linked to his User ID (e-mail address), and used to encrypt to him. In Thunderbird's menu please go to OpenPGP/Edit Per-Recipient Rules, that will launch the Per-Recipient Rules Editor. Use the search field to search for the entry that corresponds to your friend's user ID (his e-mail address) or choose it manually at your convenience, click 'Modify' and make the necessary adjustments to choose your friend's new public key as the key that will be used to encrypt to him. Your quoted posted was composed using: User-Agent: KMail/1.13.7 (Linux/2.6.35.13-91.fc14.i686.PAE; KDE/4.6.3; i686; ; ), and not Thunderbird. HTH Charly (Testing Shredder 3.4a1pre for Mac). ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users