You are not logged in.
Pages: 1
Hello!
I hope somebody can clear me up on this.
I have created a couple of GPG keypairs and imported them into Thunderbird. I can now send encrypted emails between those emailaccounts and Thunderbird (as it should) shows me this message indicating all is fine.
Now I'd like to send encrypted emails from the terminal (same computer). So I do this:
gpg -eas --local-user 0x123456789 -r 0x123456789 test.txt
this will prompt me to enter the passphrase and then produce a file test.txt.asc which I can then send using this command:
cat test.txt.asc | mailx -s "subject" -S smtp-use-starttls -S smtp-auth=login -S smtp=smtp://$smtp -S from=$sender -S smtp-auth-user=$sender -S smtp-auth-password=$password $recipient
I receive the mail in Thunderbird but and the encryption part is fine. However Thunderbird shows me this warning message
Why is that? Is this some limitation of Thunderbird perhaps or am I doing something wrong on the terminal?
Offline
It seems you did not mark sender’s key as verified in Thunderbird’s key manager. Go to the manager, open key properties for sender’s public key, mark it as verified.
While this particular case seems like your mistake, in general using PGP in Thunderbird became pain after Enigmail’s demise. So expect a lot more bumps ahead.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
Thanks for the tip!
However I do not see any option to mark my keys (I have both secret and public key since they were imported by me) as verified. Basically I see this window
This shouldn't even be the case since any email sent from Thunderbird correctly marks it already on the receiving part as verified. I feel like it is either some sort of bug or I am missing some option on the terminal.
Hopefully I am not asking for too much but are you (or anyone else) in the position to reproduce the steps I took?
Create 2 email accounts in Thunderbird
Create 2 sets of GPG keys
Import GPG keys in Thunderbird for both accounts via Tools -> OpenGPG Key Manager
Send a encrypted and signed email from one account to the other account
Result: Thunderbird should show 2 green checkmarks indicating that both encryption and signature is verified
Create file text.txt with some text as content
Run the following command to sign and encrypt the previously created text.txt file and substitute appropriate values. The first command helps identifying they keyid for both GPG keys (0x1234567, ...)
gpg --keyid-format 0xLONG -k
gpg -eas --local-user $key-id-sender -r $key-id-receiver test.txt
Send email via
cat test.txt.asc | mailx -s "subject" -S smtp-use-starttls -S smtp-auth=login -S smtp=smtp://$smtp -S from=$sender -S smtp-auth-user=$sender -S smtp-auth-password=$password $recipient
Result: Thunderbird shows for some reason that the signature has not yet been verified
Expected Result: Email sent via terminal should already be shown as verified in Thunderbird but it is not as Situation 2 shows.
Thank you
Last edited by gary8588 (2023-03-25 20:16:40)
Offline
However I do not see any option to mark my keys (I have both secret and public key since they were imported by me) as verified. Basically I see this window
This is a window for your own key. For other people’s key properties window looks like this.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
This is a window for your own key. For other people’s key properties window looks like this.
Yes exactly, both keys (private/public) on both accounts are my own. I can't mark them as verified since the key properties window does not offer the option to do this.
I start to believe this might be a bug/limitation in Thunderbird.
Offline
I did not know that. If that’s the case: I can’t confirm with 100% certainity. But — given my experience with Thunderbird’s approach to the subject — I would say it is very likely its limitation.
Remember you do not need to use your actual key for tests. You may create a separate one in GnuPG just for testing.
At this point the obligatory reminder about having backups of your keys, as the chance of removing the real private key is higher during testing. :)
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
I did not know that. If that’s the case: I can’t confirm with 100% certainity. But — given my experience with Thunderbird’s approach to the subject — I would say it is very likely its limitation.
Alright thanks, I'll just gloss over it then, no big deal.
Remember you do not need to use your actual key for tests. You may create a separate one in GnuPG just for testing.
Agreed, I now did create another pair of keys without importing them into Thunderbird, just importing and accepting the publickey from a email sent from terminal does give me the option to correctly verify my publickey and all is fine. However once I also import my private key into Thunderbird it will state "accepted, not verified" again. Strange but I'll not bother with this any longer.
At this point the obligatory reminder about having backups of your keys, as the chance of removing the real private key is higher during testing.
Thanks for the reminder! I do have all keys backed up in my keepassxc database file and this is replicated onto several computers as well as a backup in "the cloud".
Offline
Pages: 1