Why can I not encrypt an email without my own private key?
I'm familiar with using GPG at the command line. I'm easily able to encrypt documents to send to others, once I have their public encryption key in my keyring, with a command such as "gpg --output encrypteddoc --encrypt --recipient [email blocked] doc". It's not required to have any of my own personal encryption or signing keys in my keychain for this to work successfully. Signing isn't necessary to encrypt a document for sending to a recipient.
I'm in a position where I'd like to use Mac Mail to send encrypted email to a recipient without having to sign my messages. I realize this means that the information is confidential but that verification that I sent the message is impossible. Yet it seems that even though the gpg command line would allow me to create encrypted text, GPG services nor GPGMail for Mac Mail won't let this happen.
Would someone comment on why this is? Is there a technical reason in some agreed-upon encryption protocol with email (that I'm not aware of) that requires that the encrypted email bodies to be signed as well?
Thanks a bunch!
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by Arjan on 05 Apr, 2017 11:08 AM
What makes you think you can't just encrypt messages without signing them? See screenshot (red box), the encrypt option is ticket but the sign option is off. This equals to what you want: you don't need your private key since the sign option is off.
What version are you running? I'm on the most recent nightly build.
2 Posted by taylor on 05 Apr, 2017 01:37 PM
Arjan,
Do you have a private / public keypair for the sender ([email blocked]) in your gpg keychain?
I want to be able to encrypt email without needing to have a keypair for the sender in my keychain. Of course, I still need to have the public key of the recipient.
3 Posted by Arjan on 05 Apr, 2017 01:39 PM
Yes I do, I now see your point. When I select an email address as sender for which I do not have a private/public keypair in my keychain then I'm not able to encrypt indeed, the encrypt option disappears.
Support Staff 4 Posted by Steve on 10 Apr, 2017 08:34 PM
Hi Taylor,
welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.
Thanks for taking the time to file your report. There is no technical limitation for this.
We have a ticket to allow encryption no matter if a secret key for the account which is used to send exists or not. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll stay in the loop and get notified as soon as we have news. Feel free to open a new discussions should you run into further problems or need assistance.
All the best,
steve
5 Posted by taylor on 10 Apr, 2017 09:08 PM
Thanks, Steve. Would you give me some visibility into when we'll see this issue (#676) resolved?
Support Staff 6 Posted by Luke Le on 10 Apr, 2017 09:17 PM
Hi Taylor,
this is a limitation which is imposed by the implementation of S/MIME in Apple Mail. Since we take advantage of the implementation details of some S/MIME methods, which is the case for this particular "shortcoming", it would be very challenging to change this at the moment. So unfortunately we won't be able to tell you, when we'll be able to work on this.
The only workaround for the time being is, to encrypt in GPG Services and then copy and paste the info over.
We're sorry that we have no better solution for you at this time.
Steve closed this discussion on 07 Aug, 2017 05:00 PM.
Steve closed this discussion on 23 Jul, 2019 10:32 PM.