Problems with message decryption when throw-keyid is set in ~/.gnupg/gpg.conf
Hey!
Following up on a quick tweet exchange on this with Lukele.
I've set throw-keyid in my gpg config to prevent leaking
recipient key-IDs to which a message was encrypted to.
When sending Email with Mail.app/GPGMail on Yosemite the resulting
messages correctly do not contain the recipient's key-IDs which is
perfect.
On the recipient side I see a few interesting problems though that may or may not be related to GPGTools. I think they're interesting nonetheless.
Thunderbird + Enigmail: Seems to be inable to decrypt such
messages at all. Decrypting the same message on the command line
with gpg(1) works fine.
Mail.app + GPGMail: I see warnings about “Message Signing key
has expired” when it actually hasn't and is shown to be valid
and not-revoked in GPG Keychain and on the command line. I'm not
entirely sure if that is related to the issue, just an observation
that is timely related to me activating throw-keyid.
Best regards
@MacLemon
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Luke Le on 24 Mar, 2016 02:17 PM
Just reviewed your test-email and I can partly reproduce your results, however in my case they were (mostly) correct:
- GPGMail successfully decrypts the message (as you said), but displays the key as expired - I checked GPG Keychain and it was expired there as well (so what GPGMail is saying is true) - Next I updated your key from the keyserver which made it valid again - Back in GPGMail the decrypted message still shows the key as expired (possibly due to short caching) - Upon restart of Mail.app, your message decrypts fine and displays the correct info that you're key is also fine.
I'm wondering, is it possible that you as well ran into a cache problem or one of your recipients? For now it might be necessary to re-start mail after refreshing a key in order for the changes to be picked up.
Support Staff 2 Posted by Steve on 08 Apr, 2016 08:38 AM
Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.
All the best, steve
Steve closed this discussion on 08 Apr, 2016 08:38 AM.