tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/75735-gpgmail-new-update-patch-seems-not-to-workGPGTools: Discussion 2019-05-29T14:18:28Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/454567802018-06-11T17:46:45Z2018-06-11T17:46:45ZGPGMail: new update patch seems not to work<div><p>Hi Dano,</p>
<p>that you are no longer able to decrypt your messages or files is related to a change introduced in GPG Suite 2018.2 in regards to security fixes. That fix is exclusive to macOS 10.13 and will be backported to older macOS versions later, which is why GPGMail on 10.12 still decrypts some messages which are not decrypting on 10.13.</p>
<p>The change prohibits the decryption of potentially unsafe OpenPGP messages and files. They are considered unsafe, since they might have been modified without the users knowledge and there is no way for GnuPG to tell wether a modification has taken place or not.</p>
<p>As it turns out, quite a few of our users are affected by this change due to the use of older keys or other circumstances. As a result we are currently working on a different solution for GPGMail and GPGServices where it will be possible to access the files after seeing a warning (in GPGServices) or manually changing a configuration (in GPGMail).</p>
<p>These changes will be included in an upcoming release soon. Thank you for your patience.</p>
<p>The causes for such messages which are no longer decrypted due to improved security measures can be various. The most common reason is very old keys being used, which are considered to be insecure. This affects 1024 bit keys or keys using weak algorithms.</p>
<p>Steps to take:</p>
<ol>
<li>
<p>create a stronger key: We recommend to create a stronger key using GPG Keychain. That will resolve the issue for future messages so the sooner you start your transition, the better. In your specific case when I looked at the key servers, I found three keys for your e-mail address. Once revoked key, a very old key from 2001 (which will likley result in problematic messages when being used) and a newer key from 2013.</p>
</li>
<li>
<p>once the new version of GPG Suite is released you can opt to weaken your security and allow decryption of messages which do not have the modification check.</p>
</li>
<li>
<p>until #2 is available you can decrypt messages on macOS 10.13 using GPG Suite 2018.1 and GPGServices: <a href="https://gpgtools.tenderapp.com/kb/gpgservices-faq/how-to-decrypt-and-verify-text-or-files-with-gpgservices">https://gpgtools.tenderapp.com/kb/gpgservices-faq/how-to-decrypt-an...</a></p>
</li>
</ol>
<p>All the best,<br>
steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/454567802018-06-11T17:47:25Z2018-06-11T17:47:25ZGPGMail: new update patch seems not to work<div><p>Re keys setup: so if possible it would probably be a good idea to revoke the 2001 key and exclusively use the 2013 key going forward.</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/454567802018-06-23T14:06:00Z2018-06-23T14:06:00ZGPGMail: new update patch seems not to work<div><p>efail fixes were backported to macOS Sierra 10.12 in GPG Suite 2018.3.</p>
<p>I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.</p>
<p>Best,<br>
steve</p></div>Steve