GPGMail: Why no interface to choose specific key from multiple valid options for same address?

maymay's Avatar

maymay

13 Aug, 2015 09:31 PM

Hi,

Earlier today, I tried to send an email to a friend, but they were unable to decrypt it. After verifying that the key I had for their account was the correct one, I noticed that I actually had two different keys for them, an old one (which was not expired and not revoked) and a new one (which they created more recently and were expecting me to use). It turns out my friend had lost the first public key's secret, so that's why they had created a new key.

Unfortunately, when I wrote email to them, GPGMail was always selecting the older (but still "valid") key for encryption, even though a newer (and stronger) key was also available. The only way for me to resolve this issue was to remove the older key from my GPG Keychain. When I did that and re-started Mail, GPGMail began encrypting with the right key.

My question is this: Given that there are some situations in which multiple valid keys for a given recipient are in a keyring, why is there no interface for choosing which key to use? It makes sense for GPGMail to pick one even at random, in the absence of any better information, but I've frequently seen more than one unexpired/unrevoked (valid!) key when searching for a particular email address from a keyserver. If I imported more than one of those keys, then would GPGMail simply never use one and always use the other?

For reference, this situation feels similar to this other one, to me: http://support.gpgtools.org/discussions/feedback/1547-choose-public...

Ideally, I'd like there to be some (hidden-by-default?) option for me to manually select which key to use to encrypt an email to in GPGMail rather than having to remove keys from my keyring to make GPGMail encrypt to the right key.

Thanks for listening.

Cheers,
-maymay https://maymay.net
https://Cyberbusking.org

  1. Support Staff 1 Posted by Steve on 19 Aug, 2015 02:59 PM

    Steve's Avatar

    Hey Maymay,

    thanks for taking the time to bring this problem to our attention.

    The scenario you describe addresses a few of the rather hard to solve issues when using OpenPGP technology. So I'm trying to go through those one by one and address them.

    1. Lost unrevoked keys: an undesired situation which a user much too easily can find themselves in. It happened to myself and we keep seeing users in support who are running into that situation. Just today I replied to a user who had his laptop stolen and did not have a backup.
      Make keys expire: expiry dates are a great idea and we default to having one, when a new key is created. We should def display an info message explaining the implications should that option get deselected. We have a pending ticket for that. Actively ask users to create a backup right after key creation: we have a ticket for that. We should explain why it is important to a) have a backup and b) store that in an external location. Create a revocation certificate whenever a new key is created: We added this functionality already and the first stable which included this was GPG Suite 2015.06. It does not help, if you get your computer stolen, but is a great to have safety net for a lot of other cases.
    2. Add option in GPGMail to select which key to use if more than one key for an email address exist in GPG Keychain: You are probably tired of hearing this but, we do have a ticket covering that. The discussion you link to is exactly such a case and the linked ticket is now linked to this discussion here as well.

    What happens if you deactivate the key in GPG Keychain instead of having to remove it? GPGMail then should only use the correct key. To do that, open GPG Keychain, double click the public key you want to deactivate and at the bottom of the "Key" tab you'll find the option to deactivate that key.

    Kind regards,
    steve

  2. 2 Posted by maymay on 19 Aug, 2015 05:50 PM

    maymay's Avatar

    Hi Steve,

    Wow, that is a fantastically detailed and thorough response. Thank you so much! I think you addressed all of my questions. The only thing I remain curious about is where the tickets you mentioned are listed? Do you have a Trac, a GitHub tracker? Is the issue tracker this project uses public?

    Since I’ve already removed the old key, I can’t test simply deactivating it, but if I run into a similar situation again I will try that rather than deleting the key next time.

    Thanks again for the detailed and thoughtful response.

    Cheers,
    -maymay

  3. Support Staff 3 Posted by Steve on 20 Aug, 2015 06:11 PM

    Steve's Avatar

    We use Lighthouse as our ticket tracker. A few projects are public, GPGMail is private though.

    https://gpgtools.lighthouseapp.com/projects/65684/tickets/257
    https://gpgtools.lighthouseapp.com/projects/65684/tickets/349

    It's proven to be most effective to not have too much traffic on the ticket tracker. We prefer to discuss problems on the support platform and then create tickets as needed. But we try to be as open for suggestions as possible.

  4. Steve closed this discussion on 20 Oct, 2015 11:54 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac