Mail.app does not recognize when a public key changes for an email

Ephi's Avatar

Ephi

02 Aug, 2017 05:56 PM

I was sending encrypted mail to someone, but he started having issues on his end and needed to generate a new public key, which he sent me. In the keychain, I deleted the old key and imported the new one that has the same email address.

When I restart mail and send the same email an encrypted message, he can't open it -- it seems that the old key is used. If I encrypt the message manually using the new key and paste it into a message body (not encrypted of course), he can open it just fine.

Is this a bug, or is there an option I'm not seeing to specify which public key should be used when encrypting a message in Mail?

  1. Support Staff 1 Posted by Steve on 07 Aug, 2017 03:15 PM

    Steve's Avatar

    Hi Ephi,

    welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.

    The problem of multiple keys existing for the same email address is quite common. Either a fake key was created with bad intentions to create confusion or the secondary key was created simply by accident. If a message is encrypted with the wrong public key, the receiving person will end up with a message they are unable to decrypt.

    The following steps will help you resolve this problem and avoid known potential conflicts that may arise.

    When it comes to OpenPGP key management it is important to understand, that everybody can create keys with any name and email address. So how do you know which key is the right one to use when communicating with your contact?

    1. In case you are the owner of both keys, revoke one of the two keys. See How to revoke a key.

    2. In case you are not the owner but have two public keys for the same email address in GPG Keychain:

      • if you know which public key the correct key is, try disabling the wrong key. See Disable key.
      • if you are unsure, which key the correct key is, it is highly recommended, to verify the public key of your contact. See How to verify and sign a key.

    In your case it could be that the second key was automatically downloaded due to the auto-retrieve key option, when browsing emails and clicking on a message signed with the old key.

    Let me know if you were able to resolve the situation using the KB articles linked above.

    All the best,
    Steve

  2. Support Staff 2 Posted by Steve on 22 Oct, 2017 04:36 PM

    Steve's Avatar

    Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.

    All the best, steve

  3. Steve closed this discussion on 22 Oct, 2017 04:36 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac