GPGMail does not respect default key for encryption

T's Avatar

T

07 Dec, 2014 05:16 PM

Hello,

Thank you for providing gpg for MacOSX!

My setup is:
gpg2 --version
gpg (GnuPG/MacGPG2) 2.0.26

GPGMail v 2.5b3 build 797b
OSX 10.10.1

I have 2 different keys

  • Key 1: A4F9 F0DF
  • Key 2: 2995 1F17

I have set A4F9 F0DF as the default key in GPGPreferences; both keys show up here as expected.
GPGMail is set to sign by default, not encrypt by default
When I compose an email to my self and tick encrypt there is no option select the non-default key; only the default key shows up.
Encryptions seems to take place as expected upon entering the passphrase for the default key and the mail is sent.
When I try to open the mail GPGMail asks for the passphrase for the non-default key which was not used for encryption.
It correctly decrypts when the passphrase for the non-default key is entered, even though this key was not used for encryption.
When I click on the signature icon in the mail decrypted with the non-default key, it shows that the mail was signed with the correct default key.
The same behaviour is observed if both encrypt and sign pr default is set in Mail prefs.
The same behaviour is observed if neither encrypt nor sign is set in Mail prefs, but activated by ticking the relevant icons when composing the mail.

Best
/T

  1. 1 Posted by T on 31 Dec, 2014 11:15 AM

    T's Avatar

    Same behaviour observed with beta4.

    BR/T

  2. Support Staff 2 Posted by Steve on 12 Jan, 2015 09:49 PM

    Steve's Avatar

    Hi T,

    have you installed GPG Suite Beta 4 (as opposed to using the automatic update)?

    Is this still happening for you? I just created the same scenario here in the last days and it seemed to work fine here with the latest Suite installed.

    Let me know how this is behaving for you.

    All the best,
    steve

  3. 3 Posted by Thomas Jon Jens... on 12 Jan, 2015 10:14 PM

    Thomas Jon Jensen's Avatar

    Hi Steve,

    Thanks again for making this available.

    Yes, I installed the beta 4 suite from downloaded disk image.
    Same behaviour as described. I just retested; still use passphrase from one key to encrypt and the passphrase from the other key to decrypt!
    This is a screenshot of versions from GPG prefs:

    BR/Thomas

  4. Support Staff 4 Posted by Luke Le on 06 Feb, 2015 04:27 PM

    Luke Le's Avatar

    Hi Thomas,

    a few questions:
    - do you currently only have one account setup in mail? - does this account have two secret keys associated with it? - when composing a new email, are you seeing only one entry in the "From: " field where you select your account to send the message from?

  5. 5 Posted by Thomas on 06 Feb, 2015 05:05 PM

    Thomas's Avatar

    Hi Luke,

    Yes to all three questions.

    BR/T

  6. Support Staff 6 Posted by Luke Le on 06 Feb, 2015 05:19 PM

    Luke Le's Avatar

    Hi Thomas,

    that's quite a coincidence, since we just fixed this bug a few hours ago.
    It should be available in a nightly build soon.

  7. 7 Posted by Thomas on 06 Feb, 2015 09:57 PM

    Thomas's Avatar

    Hi Luke,

    Sounds great!
    I am on version 2.5b4 build 802b; looking forward to next release.

    BR/T

  8. Support Staff 8 Posted by Steve on 06 Feb, 2015 11:23 PM

    Steve's Avatar

    Hi Thomas,

    could you please download and install our latest nightly build and see if the problem persists. That page also has sig and SHA1 to verify the download.

    All the best, steve

    Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.

  9. 9 Posted by Thomas on 07 Feb, 2015 09:01 AM

    Thomas's Avatar

    Hi Steve,

    I am sorry to report that the issue persist after installing 882n.

    BR/T

  10. Support Staff 10 Posted by Luke Le on 07 Feb, 2015 12:49 PM

    Luke Le's Avatar

    Hi Thomas,

    are you still not being given the option to select the key to use from the "From:" menu?

  11. 11 Posted by Thomas on 07 Feb, 2015 02:43 PM

    Thomas's Avatar

    Hi Luke,

    No, there is absolutely no change in what I see compared to original post.

    BR/T

  12. 12 Posted by Thomas on 07 Feb, 2015 02:54 PM

    Thomas's Avatar

    Hi again,

    I AM actually given the option to select the non-default key now. Sorry, don't know how I missed that when I retested

    But, when I encrypt to the default key (A4F9 F0DF) the mail goes out as expected, but asks for the non-default key (2995 1F17) to decrypt the mail.

    BR/T

  13. Support Staff 13 Posted by Luke Le on 07 Feb, 2015 03:15 PM

    Luke Le's Avatar

    Ah ok, so this might be a different "issue"
    Are you sending a message to yourself to test?
    Or are you asked for that key when trying to decrypt the message in the sent folder?

  14. 14 Posted by Thomas on 07 Feb, 2015 03:36 PM

    Thomas's Avatar

    I am sending a test mail to myself - one account only configured on this machine.
    Two different keys are associated with this account.

    When I send it out it is encrypted with the default key (which is the newest one).
    This where I now - with the new nightly build 882n - am able to select either key; this was not the case before.
    But when I receive the same mail in my inbox it requires the (older) non-default key to decrypt the message; even though it was encrypted with the other key.

  15. Support Staff 15 Posted by Luke Le on 07 Feb, 2015 03:52 PM

    Luke Le's Avatar

    Ah ok, that explains it.
    The message is encrypted to both keys in your Test because we always encrypt to the sending Account, so you yourself are still able to decrypt the message, otherwise you wouldn't be. So for that, we use the public key associated with your secret key which you select from the "From:" menu.
    For the recipients we indeed select any key matching the email address, since it's currently not possible to choose which one to use.

  16. 16 Posted by Thomas on 07 Feb, 2015 04:16 PM

    Thomas's Avatar

    Ok, so what you're saying is that this is behaving as intended.

    If I try to read the test mail I sent in my sent box GPGMail first asks for the older key; if I enter the appropriate pass phrase it decrypts. If I hit cancel GPGMail then indeed asks for the newer default key and also decrypts as expected.

    And it does the same when looking in the Inbox.
    This, as I recall, is new to the nightly build; I believe I tried cancelling decryption when I saw the 'wrong' key previously - without then getting asked for the second key's passphrase.

    Thank you for getting this cleared up!

  17. Support Staff 17 Posted by Steve on 07 Feb, 2015 04:19 PM

    Steve's Avatar

    Perfect. What you write is indeed the intended behavior.

    Glad, this is solved for you. I'm closing this discussion. If you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Best, steve

  18. Steve closed this discussion on 07 Feb, 2015 04:19 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac