Mail signing uses wrong key
Hi,
I have a few keys of my of my own in my keyring, and several choices of "from" address. When I compose a message, the duo-down allows me to select the from along with a GPG key id, but only one key is used for the actual signing, and that is a key that I never wish to distribute in public. I have tried setting a preferred key as primary key, but I still get the wrong key at signing time.
Expected
I expect to see the selected key (not some other) when the dialogue box asking for the key phrase pops up.
macOS 10.12.5 16F73
GPG Suite 2017.1b3 1812 (d43863c)
GPGMail 2.7b3 1215 (d0b5fa0)
GPG Keychain 1.3.3b2 1271 (028a4a2)
GPGServices 1.11 916 (872e77d)
MacGPG2 2.0.30-1b2 887- (4912d26)
GPGPreferences 2.0.2b3 927 (641418e)
Libmacgpg 0.7 782 (536bf51)
pinentry 0.9.7 4 (b75069d)
- 2017-06-11_11-16_DebugInfo.gpg 52.4 KB
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 12 Jun, 2017 07:50 PM
Hi Mark,
this sounds like you are seeing a known issue with the b3 release of GPG Suite 2017.1. If multiple private keys are available for the same email address, GPGMail currently picks one at random to sign the message. As a workaround you may want to disable additional (old?) keys for the same email address to ensure the correct key is used for signing.
We are working on that issue and once it is fixed will release the next beta.
All the best,
steve
Steve closed this discussion on 18 Aug, 2017 10:12 AM.
Steve re-opened this discussion on 25 Aug, 2017 09:00 PM
Support Staff 2 Posted by Steve on 25 Aug, 2017 09:00 PM
Hi Mark,
good news - the issue where key selection in the From: field was ignored when more than one secret key existed for the same email address, has been fixed. If you want to test the fix, please download our latest nightly GPG Suite. That page also has sig and SHA1 to verify the download.
Best, steve
Disclaimer: This is a development version which has not been thoroughly tested yet, so bugs or crashes are to be expected. Thanks for helping us test this fix.
Steve closed this discussion on 16 Feb, 2018 11:25 AM.