[Enigmail] Default encryption key.

John Clizbe John at Mozilla-Enigmail.org
Mon Jun 2 14:49:46 PDT 2008


Charly Avital wrote:
> Hi,
> 
> I am trying to find out why, in my configuration, Enigmail is not using
> *also* my default key, when I encrypt to other recipient(s)
> 
> In Enigmail's on-line documentation:
> <http://enigmail.mozdev.org/documentation/gpgsetup.php#restore>

Yeah, that's the /Windows/ Step-by-step installation Barry Porter and I wrote.

> GnuPG user defaults can be set in the plain text configuration file
> gpg.conf  which resides in the GnuPG HomeDir. Based on our experience we
> suggest the following entries, but you may choose to add or remove
> entries based on your reading:
> 
>   default-recipient-self
>   [snip]
> 
>>From man gpg:
> --default-recipient-self
> Use the default key as default recipient if  option  --recipient
> is  not  used  and don't ask if this is a valid one. The default
> key is the first one from the secret keyring or the one set with
> --default-key.
> 
> In my gpg.conf I have set the following options:
> 
> --default key  [16 last hexadecimal characters of fingerprint]
> --trusted key  [ditto]
> --default-recipient-self

Obscuring key IDs serves little purpose for security though it does hinder folks
from pointing out obvious errors.

You do have those lines *without* the leading -- in gpg.conf, right?

Since your default key pair should already have ultimate trust, there is no need
to specify that it is a trusted-key, unless it's offline in which case it makes
no sense to have it specified as the default signing key.

When all else fails, read the man page. "Use the default key as default
recipient if option --recipient is not used..."
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> (I have no option --recipient enabled)

Enigmail will add each of the To addresses as recipients. Check the Enigmail
console when sending an encrypted message to verify what is being done.
> 
> When I encrypt to any recipient, and click send, Enigmail displays a
> sheet where only the recipient's key ID is indicate (I have enabled in
> OpenPGP Preferences/Sending 'Always confirm before sending')
> 
> 
> Is something wrong, and what, with my pgp.conf options, or is this a bug?

I hope you mean gpg.conf in that last sentence. Anyway...

Enigmail knows *nothing* of the options in gpg.conf. So it can hardly know of
your default key or to add that key to the recipient list. For the "default"
key, Enigmail specifies either the Key ID or email address of the sending
account, depending on the selection on the OpenPGP security tab. If specified by
email address, GnuPG will use the first matching valid key it finds as the
signing key.

Not knowing options set in gpg.conf, Engmail can't display your key in the
confirmation dialog. *GnuPG* adds your key to the recipient list *after*
Enigmail passes it the message for processing when it parses the options file.

The real test is whether or not you are able to read the messages in the Sent
folder.

Enigmail handles this on the Sending tab under Advanced preferences. The 'Add my
own key to the recipients list' option will add "--encrypt-to <sending email
address>" to Enigmail's command line issued to GnuPG. Handy, except it means the
first matching key is the one used, not necessarily the key you mean. A disabled
key could be selected

You probably want "encrypt-to [UltraSuperSeekritKeyID]" in gpg.conf.

At the most, it's a documentation bug on a nearly four year-old page.

-- 
John P. Clizbe                      Inet:   John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?"        / "two words: good decisions."
"what's the key to good decisions?" /  "one word: experience."
"how do i get experience?"          / "two words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold conversations?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
Url : http://www.mozdev.org/pipermail/enigmail/attachments/20080602/cbdcb2c0/attachment.bin 


More information about the Enigmail mailing list