GPGMail does not respect default key for encryption
Hello,
Thank you for providing gpg for MacOSX!
My setup is:
gpg2 --version
gpg (GnuPG/MacGPG2) 2.0.26
GPGMail v 2.5b3 build 797b
OSX 10.10.1
I have 2 different keys
- Key 1: A4F9 F0DF
- Key 2: 2995 1F17
I have set A4F9 F0DF as the default key in GPGPreferences; both
keys show up here as expected.
GPGMail is set to sign by default, not encrypt by default
When I compose an email to my self and tick encrypt there is no
option select the non-default key; only the default key shows
up.
Encryptions seems to take place as expected upon entering the
passphrase for the default key and the mail is sent.
When I try to open the mail GPGMail asks for the passphrase for the
non-default key which was not used for encryption.
It correctly decrypts when the passphrase for the non-default key
is entered, even though this key was not used for encryption.
When I click on the signature icon in the mail decrypted with the
non-default key, it shows that the mail was signed with the correct
default key.
The same behaviour is observed if both encrypt and sign pr default
is set in Mail prefs.
The same behaviour is observed if neither encrypt nor sign is set
in Mail prefs, but activated by ticking the relevant icons when
composing the mail.
Best
/T
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by T on 31 Dec, 2014 11:15 AM
Same behaviour observed with beta4.
BR/T
Support Staff 2 Posted by Steve on 12 Jan, 2015 09:49 PM
Hi T,
have you installed GPG Suite Beta 4 (as opposed to using the automatic update)?
Is this still happening for you? I just created the same scenario here in the last days and it seemed to work fine here with the latest Suite installed.
Let me know how this is behaving for you.
All the best,
steve
3 Posted by Thomas Jon Jens... on 12 Jan, 2015 10:14 PM
Hi Steve,
Thanks again for making this available.
Yes, I installed the beta 4 suite from downloaded disk image.
Same behaviour as described. I just retested; still use passphrase from one key to encrypt and the passphrase from the other key to decrypt!
This is a screenshot of versions from GPG prefs:
BR/Thomas
Support Staff 4 Posted by Luke Le on 06 Feb, 2015 04:27 PM
Hi Thomas,
a few questions:
- do you currently only have one account setup in mail? - does this account have two secret keys associated with it? - when composing a new email, are you seeing only one entry in the "From: " field where you select your account to send the message from?
5 Posted by Thomas on 06 Feb, 2015 05:05 PM
Hi Luke,
Yes to all three questions.
BR/T
Support Staff 6 Posted by Luke Le on 06 Feb, 2015 05:19 PM
Hi Thomas,
that's quite a coincidence, since we just fixed this bug a few hours ago.
It should be available in a nightly build soon.
7 Posted by Thomas on 06 Feb, 2015 09:57 PM
Hi Luke,
Sounds great!
I am on version 2.5b4 build 802b; looking forward to next release.
BR/T
Support Staff 8 Posted by Steve on 06 Feb, 2015 11:23 PM
Hi Thomas,
could you please download and install our latest nightly build and see if the problem persists. That page also has sig and SHA1 to verify the download.
All the best, steve
Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.
9 Posted by Thomas on 07 Feb, 2015 09:01 AM
Hi Steve,
I am sorry to report that the issue persist after installing 882n.
BR/T
Support Staff 10 Posted by Luke Le on 07 Feb, 2015 12:49 PM
Hi Thomas,
are you still not being given the option to select the key to use from the "From:" menu?
11 Posted by Thomas on 07 Feb, 2015 02:43 PM
Hi Luke,
No, there is absolutely no change in what I see compared to original post.
BR/T
12 Posted by Thomas on 07 Feb, 2015 02:54 PM
Hi again,
I AM actually given the option to select the non-default key now. Sorry, don't know how I missed that when I retested
But, when I encrypt to the default key (A4F9 F0DF) the mail goes out as expected, but asks for the non-default key (2995 1F17) to decrypt the mail.
BR/T
Support Staff 13 Posted by Luke Le on 07 Feb, 2015 03:15 PM
Ah ok, so this might be a different "issue"
Are you sending a message to yourself to test?
Or are you asked for that key when trying to decrypt the message in the sent folder?
14 Posted by Thomas on 07 Feb, 2015 03:36 PM
I am sending a test mail to myself - one account only configured on this machine.
Two different keys are associated with this account.
When I send it out it is encrypted with the default key (which is the newest one).
This where I now - with the new nightly build 882n - am able to select either key; this was not the case before.
But when I receive the same mail in my inbox it requires the (older) non-default key to decrypt the message; even though it was encrypted with the other key.
Support Staff 15 Posted by Luke Le on 07 Feb, 2015 03:52 PM
Ah ok, that explains it.
The message is encrypted to both keys in your Test because we always encrypt to the sending Account, so you yourself are still able to decrypt the message, otherwise you wouldn't be. So for that, we use the public key associated with your secret key which you select from the "From:" menu.
For the recipients we indeed select any key matching the email address, since it's currently not possible to choose which one to use.
16 Posted by Thomas on 07 Feb, 2015 04:16 PM
Ok, so what you're saying is that this is behaving as intended.
If I try to read the test mail I sent in my sent box GPGMail first asks for the older key; if I enter the appropriate pass phrase it decrypts. If I hit cancel GPGMail then indeed asks for the newer default key and also decrypts as expected.
And it does the same when looking in the Inbox.
This, as I recall, is new to the nightly build; I believe I tried cancelling decryption when I saw the 'wrong' key previously - without then getting asked for the second key's passphrase.
Thank you for getting this cleared up!
Support Staff 17 Posted by Steve on 07 Feb, 2015 04:19 PM
Perfect. What you write is indeed the intended behavior.
Glad, this is solved for you. I'm closing this discussion. If you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best, steve
Steve closed this discussion on 07 Feb, 2015 04:19 PM.