Enigmail Forum

[Dead1nside]

Hi there,

Just built a new computer, copied over my Thunderbird profile and am using that now. I can't however decrypt my messages. Error is:


OpenPGP Security Info

Error - secret key needed to decrypt message

gpg command line and output:
C:\\GnuPG\\gpg.exe --charset utf8 --batch --no-tty --status-fd 2 -d --passphrase-fd 0 --no-use-agent
gpg: encrypted with ELG-E key, ID 5C6E4067
gpg: encrypted with ELG-E key, ID 8AEAD985
gpg: decryption failed: secret key not available

Thanks in advance for the help.

[Adam]

When you generate a key pair with Enigmail, it's really GnuPG that does the work. Your public/private keys are therefore stored in the GnuPG home directory and not Enigmail's directory. In order to use the same key on another machine, you will need to copy the GnuPG home directory from your old computer to your new one.

On Windows 2000/XP, the default directory is C:\Documents and Settings\USER\Application Data\GnuPG - simply copy the contents of this folder on your old PC to the GnuPG home directory on your new PC (it will be the same location unless you're using a different OS, or you have changed the settings).

Hope this helps

[john]

You need to copy your keyring files to the new computer.

The short name on windows is %APPDATA%\GnuPG or ~/.gnupg on *nix.

Copy gpg.conf as well as the three .gpg files:
pubring.gpg
secring.gpg
trustdb.gpg

[Dead1nside]

Thank-you, I'll go and do that now, does it matter if I'm installing a newer version of GnuPG?

I've heard this term keyring, the last time I asked a question here. When I asked about cross-platform, the guy said I can keep my keyring on a USB stick. How would I go about this also? Thanks very much for your help. It's a really great extension. I encrypt my important documents with it and then email them to myself.

[Adam]

Thank-you, I'll go and do that now, does it matter if I'm installing a newer version of GnuPG?

No, this will not matter.

I've heard this term keyring, the last time I asked a question here. When I asked about cross-platform, the guy said I can keep my keyring on a USB stick. How would I go about this also? Thanks very much for your help. It's a really great extension. I encrypt my important documents with it and then email them to myself.

If you go into your gpg home directory, you will find secring.gpg and pubring.gpg - these are your "keyrings". These are simply the files that hold all your keys, and the public keys of your contacts. If you want to move these to a USB stick, simply copy them across. You may have to "tell" GnuPG on the host computer where the keys are before you can use them.

HTH

[john]

Thank-you, I'll go and do that now, does it matter if I'm installing a newer version of GnuPG?

Nope. The files are the same regardless of version. Due to security updates, you should update older installations of GnuPG to the current release, 1.4.6.

I've heard this term keyring, the last time I asked a question here. When I asked about cross-platform, the guy said I can keep my keyring on a USB stick. How would I go about this also?

Windows, right? For Windows 2000 and newer:

Insert USB stick. Run the Disk Manager snap-in (Start --> Run --> diskmgmt.msc [OK]). Find your USB stick in the lower panel and right-click on the drive. Select 'Change Drive Letter' from the context menu. On the drop-down menu of drive letters, select something near the end of the alphabet. This will assure that each time it is inserted, Windows will assign it the same drive letter.

Either open a command window or Explorer and move to your new USB stick and create a directory for GnuPG. For ease, call it GnuPG.

Copy the three .gpg files from your old GnuPG home directory to you new key directory. Leave gpg.conf - You can copy gpg.conf as a backup, but a copy needs to stay in the home directory, %APPDATA%\GnuPG.

Open gpg.conf in your home directory with a text editor, eg. Notepad, gvim, etc...

We need to tell GnuPG where to find its files. Note: I use O: for my keyrings:

no-default-keyring
keyring O:\GnuPG\pubring.gpg
primary-keyring O:\GnuPG\pubring.gpg
secret-keyring O:\GnuPG\secring.gpg
trustdb-name O:\GnuPG\trustdb.gpg

After you have tested that it is working and you are certain that is, change the extension of the .gpg files in %APPDATA\GnuPG (the OLD location) to anything else you wish, and test again. 'gpg --list-secret-keys' is a good choice of test command. If that works, it is safe to delete the keyring files from the OLD location under %APPDATA%\GnuPG.

If unsure, please ask for assistance first. Losing your secret keys is a BAD THING and it cannot be 'undone'.