Comment # 16
on bug 1093836
from Manfred Hollstein
This is getting more and more complex. According to what we have found out so
far, I had assumed that the following should work, but it doesn't:
0. This is all on openSUSE Leap 42.3 using gpg2-2.0:
1. Export all my private keys (I have two different ones) as ascii armored
files
gpg2 -a --export-secret-key "$key" > "$key"-secret-gpg.key.asc
2. Export all the public keys I have a trust relationship with
gpg2 -a --export "$key" > "$key"-public-gpg.key.asc
3. Export the owner trustdb
gpg2 --export-ownertrust > ownertrust-gpg.txt
4. Log out to terminate all processes potentially using ~/.gnupg
5. Run the following in some vt as normal user "manfred":
mkdir -p ~/.OS/os42.3/.gnupg/.backup; chmod 700 ~/.OS/os42.3/.gnupg
cp -p "all-exported-files-from-above" ~/.OS/os42.3/.gnupg/.backup/
mv ~/.gnupg ~/.gnupg-SAVE
mkdir ~/.gnupg; chmod 700 ~/.gnupg
6. Run the following in some vt as user "root":
mount --bind /home/manfred/.OS/os42.3/.gnupg /home/manfred/.gnupg
7. Now log in as user "manfred" again (I use XFCE as a DE):
8. Import the secret keys:
for key in ~/.gnupg/.backup/*-secret-*.asc; do
gpg2 --import < "$key"
done
9. Import the public keys:
for key in ~/.gnupg/.backup/*-public-*.asc; do
gpg2 --import < "$key"
done
10. Import owner trustdb:
gpg2 --import-ownertrust < ~/.gnupg/.backup/ownertrust-gpg.txt
11. Define my default GPG key:
echo "default-key manfred.h@gmx.net" >> ~/.gnupg/gpg.conf
12. Test with thunderbird and enigmail-1.9.9-9.1:
EVERYTHING's OK
13. Upgrade enigmail:
sudo zypper in -t patch openSUSE-2018-470
14. Test again with thunderbird and enigmail-2.0.4-12.1:
ENCRYPTED E-MAILs CANNOT BE DECRYPTED
15. Downgrade to enigmail-1.9.9-9.1:
sudo zypper in --oldpackage enigmail-1.9.9-9.1
16. Test again with thunderbird and enigmail-1.9.9-9.1:
WORKS AGAIN AS USUAL, i.e. ENCRYPTED E-MAILs CAN BE DECRYPTED AGAIN
Note: I never booted into any other OS during the above commands, hence I
always only used gpg2-2.0 from Leap 42.3, hence2 no conversion of the key
format should have happened.
Do you agree that this should have worked?