[opensuse] Thunderbird 78.4.0 and PGP - doesn't work for me.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have updated today to that version in subj, but no wizard triggered to import things. What do I do? I see no enigmail helper. I see nothing in preferences labeled PGP or GPG. I have now set "mail.openpgp.allow_external_gnupg = true" and restarted Th. I try to write a message, but I can not sign it. I go to mail account settings, and under "ent-to.end encription, I can add a key and choose "use external key". I have to type the secret key id, which is a nuisance, it doesn't do search. I fire up Kleopatra, I see my key and the ID, but I'm not allowed to copypaste it. I open instead "seahorse". I see the short ID, I can select it and paste to thunderbird, but on "write message" it says it can not find my key. I see in seahorse the fingerprint. I try pasting that. Same error, can not sign. I try removing the spaces in the fingerprint, no go. If I go to an email of mine and try to find the public keys, it fails. It tries to "Import {$name} (B533181C6D8D47D5)?" which yes, it is the fingerprint of my key. And yes, it is of course published. If I go to Th/OpenPGP Key Manager, and try Keyserver/Discover keys online, and type either the fingerprint, the ID, or the mail address, it claims it can not find a key with that criteria. Which is false: cer@Telcontar:~> gpg --recv-keys 6D8D47D5 gpg: key B533181C6D8D47D5: "Carlos E. R. (cer) <robin.listas@telefonica.net>" 5 new signatures gpg: key B533181C6D8D47D5: "Carlos E. R. (cer) <robin.listas@telefonica.net>" 5 signatures cleaned gpg: Total number processed: 1 gpg: new signatures: 5 gpg: signatures cleaned: 5 cer@Telcontar:~> How do you do it? (mail sent with Alpine) - -- Cheers Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCX6qPcxwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVReIAn23Krjbyldln9M5PbyIa BA1aowVvAJ46zrybhLE45IBKlhAVHtXjgmoMrg== =QEIL -----END PGP SIGNATURE-----
On 2020-11-10 7:02 a.m., Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I have updated today to that version in subj, but no wizard triggered to import things. What do I do?
I see no enigmail helper. I see nothing in preferences labeled PGP or GPG.
When you first ran TBird 78.4, you should have seen a popup window (triggered by enigmail, I believe) asking if you wish to import your keys, etc. Just re-install enigmail, which will trigger that popup so you can do the import. When it is done, enigmail will be automatically disabled, and you can then remove it. If enigmail is still installed in your system, but only disabled, re-install it anyway, and it will still do as above. You'll need to use both your PGP and Thunderbird passwords during the procedure, so pay close attention to which password is being requested.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2020-11-10 at 09:43 -0600, Darryl Gregorash wrote:
On 2020-11-10 7:02 a.m., Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I have updated today to that version in subj, but no wizard triggered to import things. What do I do?
I see no enigmail helper. I see nothing in preferences labeled PGP or GPG.
When you first ran TBird 78.4, you should have seen a popup window (triggered by enigmail, I believe) asking if you wish to import your keys, etc.
Just re-install enigmail, which will trigger that popup so you can do the import. When it is done, enigmail will be automatically disabled, and you can then remove it.
If enigmail is still installed in your system, but only disabled, re-install it anyway, and it will still do as above.
You'll need to use both your PGP and Thunderbird passwords during the procedure, so pay close attention to which password is being requested. _______________________________________________ openSUSE Users mailing list -- users@lists.opensuse.org To unsubscribe, email users-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/users@lists.opensuse.org
It is disabled. If I try to enable, it says it is incompatible. I reinstalled. It still says incompatible. - -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCX6rd8Bwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfV0woAoJfvP9DY2VOT7FF6O1+t +OIu3csfAJoDZXAgAKt3wnVuOm9RmKAI+0rgMg== =4uZh -----END PGP SIGNATURE-----
On 2020-11-10 12:37 p.m., Carlos E. R. wrote:
It is disabled. If I try to enable, it says it is incompatible. I reinstalled. It still says incompatible.
No popup? I got one first time I opened the new version, and again when I re-installed enigmail. Yes, it is incompatible, and in fact (I was wrong on this) it cannot be uninstalled in the current TB version. If you haven't seen the popup window at all, go to: Tools --> Open PGP Key Manager --> Files and import your gpg keys there.
On 11/11/2020 00.35, Darryl Gregorash wrote:
On 2020-11-10 12:37 p.m., Carlos E. R. wrote:
It is disabled. If I try to enable, it says it is incompatible. I reinstalled. It still says incompatible.
No popup?
None.
I got one first time I opened the new version, and again when I re-installed enigmail.
I guess Enigmail was compatible back then.
Yes, it is incompatible, and in fact (I was wrong on this) it cannot be uninstalled in the current TB version.
If you haven't seen the popup window at all, go to:
Tools --> Open PGP Key Manager --> Files
and import your gpg keys there.
That's what I did, after exploring every menu and not finding anything else. I had not clear if that import would import only one key - and as I posted today, that import is broken: it displays a huge dialog with the buttons several displays down, unreachable. I found more issues: I can not change the "To:" to "CC", for example. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 2020-11-10 5:50 p.m., Carlos E. R. wrote:
On 11/11/2020 00.35, Darryl Gregorash wrote:
On 2020-11-10 12:37 p.m., Carlos E. R. wrote:
It is disabled. If I try to enable, it says it is incompatible. I reinstalled. It still says incompatible.
No popup?
None.
I got one first time I opened the new version, and again when I re-installed enigmail.
I guess Enigmail was compatible back then. I meant that is what happened the first time I opened 78.4 after the upgrade.
Yes, it is incompatible, and in fact (I was wrong on this) it cannot be uninstalled in the current TB version.
If you haven't seen the popup window at all, go to:
Tools --> Open PGP Key Manager --> Files
and import your gpg keys there.
That's what I did, after exploring every menu and not finding anything else. I had not clear if that import would import only one key - and as I posted today, that import is broken: it displays a huge dialog with the buttons several displays down, unreachable.
Install keys from file. Find the file in the gpg folder, and open it. You'll get a popup listing every key in the file. I sure don't get huge dialogs; they are the same scale, etc. as everything else.
I found more issues:
I can not change the "To:" to "CC", for example.
I noticed that. I don't know how to send an email to a bcc list, but maybe leave teh "To" field empty. I don't send many emails to more than one recipient, so it will be a long time before I have a chance to try that out. Note that Cc, Bcc and others are on the same line as "From"; just click on what you want, and that line will be added.
On 11/11/2020 01.26, Darryl Gregorash wrote:
On 2020-11-10 5:50 p.m., Carlos E. R. wrote:
On 11/11/2020 00.35, Darryl Gregorash wrote:
On 2020-11-10 12:37 p.m., Carlos E. R. wrote:
It is disabled. If I try to enable, it says it is incompatible. I reinstalled. It still says incompatible.
No popup?
None.
I got one first time I opened the new version, and again when I re-installed enigmail.
I guess Enigmail was compatible back then. I meant that is what happened the first time I opened 78.4 after the upgrade.
Yes, it is incompatible, and in fact (I was wrong on this) it cannot be uninstalled in the current TB version.
If you haven't seen the popup window at all, go to:
Tools --> Open PGP Key Manager --> Files
and import your gpg keys there.
That's what I did, after exploring every menu and not finding anything else. I had not clear if that import would import only one key - and as I posted today, that import is broken: it displays a huge dialog with the buttons several displays down, unreachable.
Install keys from file. Find the file in the gpg folder, and open it. You'll get a popup listing every key in the file.
I did, hours before. And I say that popup was a meter long, triple than my screen size. I had to press [enter] and hope that would do the right thing. Apparently it did.
I sure don't get huge dialogs; they are the same scale, etc. as everything else.
Well, I did.
I found more issues:
I can not change the "To:" to "CC", for example.
I noticed that. I don't know how to send an email to a bcc list,
There is a "bcc" to the right of the From and can be clicked.
but maybe leave teh "To" field empty. I don't send many emails to more than one recipient, so it will be a long time before I have a chance to try that out. Note that Cc, Bcc and others are on the same line as "From"; just click on what you want, and that line will be added.
Well, how do you say that there is no bcc then? Just leave the To empty. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 2020-11-10 9:08 p.m., Carlos E. R. wrote:
On 11/11/2020 01.26, Darryl Gregorash wrote:
I can not change the "To:" to "CC", for example.
I noticed that. I don't know how to send an email to a bcc list,
There is a "bcc" to the right of the From and can be clicked. Yes, I mentioned that. I thought what followed made it clear: if you want to blind cc to a list, will just leaving the "To" field blank do what you want?
but maybe leave teh "To" field empty. I don't send many emails to more than one recipient, so it will be a long time before I have a chance to try that out. Note that Cc, Bcc and others are on the same line as "From"; just click on what you want, and that line will be added.
Well, how do you say that there is no bcc then? Just leave the To empty. Where did I say there is no bcc? I clearly asked if leaving the "to" field blank would work. I wasn't expecting to have what I wrote read back to me.
Hi carlos, sorry no help for you: similar problems here: i updated tb at a system i take care of: i was asked about import. (enigmail was installed from repository (tumbleweed), if i look there the describtion tells me its now only for import) i imported the keys (private keys without passpharse) then i set the file: secring.gpg to 0 bytes i set mail.opengpg.allow_external_gnupg=true and run into same problem then you, i am not able to sign a message. (private keys are in gnupg there) i did also not know what i have made wrong. when i restore the file secring.gpg i am able to sign messages, but i like to use the external stored keys. also i have not found settings for encrypt "per emailadress" some receifer i like to encrypt, some others not. only a global selection was possible. and if there is no key, i have no posibility to send. and the other way around is for all i like to encrypt for every mail select it every time again and again. also tb will always send the public key with the mail. i have to unselect it for every mail..... so for me at the moment its unusable. i desided to keep for other systems as long as possible the old tb. - hopefully this situation will change. (if somebody knows how to handle the problems would be great to hear.) simoN Am 10.11.20 um 14:02 schrieb Carlos E. R.:
Hi,
I have updated today to that version in subj, but no wizard triggered to import things. What do I do?
I see no enigmail helper. I see nothing in preferences labeled PGP or GPG.
I have now set "mail.openpgp.allow_external_gnupg = true" and restarted Th. I try to write a message, but I can not sign it.
I go to mail account settings, and under "ent-to.end encription, I can add a key and choose "use external key". I have to type the secret key id, which is a nuisance, it doesn't do search.
I fire up Kleopatra, I see my key and the ID, but I'm not allowed to copypaste it.
I open instead "seahorse". I see the short ID, I can select it and paste to thunderbird, but on "write message" it says it can not find my key.
I see in seahorse the fingerprint. I try pasting that. Same error, can not sign. I try removing the spaces in the fingerprint, no go.
If I go to an email of mine and try to find the public keys, it fails. It tries to "Import {$name} (B533181C6D8D47D5)?" which yes, it is the fingerprint of my key. And yes, it is of course published.
If I go to Th/OpenPGP Key Manager, and try Keyserver/Discover keys online, and type either the fingerprint, the ID, or the mail address, it claims it can not find a key with that criteria. Which is false:
cer@Telcontar:~> gpg --recv-keys 6D8D47D5 gpg: key B533181C6D8D47D5: "Carlos E. R. (cer) <robin.listas@telefonica.net>" 5 new signatures gpg: key B533181C6D8D47D5: "Carlos E. R. (cer) <robin.listas@telefonica.net>" 5 signatures cleaned gpg: Total number processed: 1 gpg: new signatures: 5 gpg: signatures cleaned: 5 cer@Telcontar:~>
How do you do it?
(mail sent with Alpine)
-- Cheers
Carlos E. R. (from 15.1 x86_64 at Telcontar)
_______________________________________________ openSUSE Users mailing list -- users@lists.opensuse.org To unsubscribe, email users-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/users@lists.opensuse.org
-- B e c h e r e r GmbH Sondermaschinenbau Mauermatten Strasse 22 79183 Waldkirch Germany Tel.: (+49) (0)7681 3134 Fax: (+49) (0)7681 4378 Mail: info@becherer.de Web: www.becherer.de USt-ID-Nr.: DE 814912198 Registergericht: Freiburg HRB 701860 Geschäftsführer: Dipl.-Ing. (FH), EWE Simon H. Becherer Gerichtsstand / Sitz: Waldkirch Es gelten ausschließlich unsere allgemeinen Liefer- und Zahlungsbedingungen / Einkaufsbedingungen: www.becherer.de/AGB
On 2020-11-10 10:36 a.m., Simon Becherer wrote:
i set mail.opengpg.allow_external_gnupg=true
That preference does not even exist here. mail.openpgp.allow_external_gnupg does, and is set to "false". Also make sure mail.openpgp.enable is set to "true".
Hi,
That preference does not even exist here. mail.openpgp.allow_external_gnupg does, and is set to "false". my fault, i have written this mail from from my brain, i have used what you have written here. set this to true
simoN Am 10.11.20 um 18:32 schrieb Darryl Gregorash:
On 2020-11-10 10:36 a.m., Simon Becherer wrote:
i set mail.opengpg.allow_external_gnupg=true
That preference does not even exist here. mail.openpgp.allow_external_gnupg does, and is set to "false".
Also make sure mail.openpgp.enable is set to "true". _______________________________________________ openSUSE Users mailing list -- users@lists.opensuse.org To unsubscribe, email users-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/users@lists.opensuse.org
-- B e c h e r e r GmbH Sondermaschinenbau Mauermatten Strasse 22 79183 Waldkirch Germany Tel.: (+49) (0)7681 3134 Fax: (+49) (0)7681 4378 Mail: info@becherer.de Web: www.becherer.de USt-ID-Nr.: DE 814912198 Registergericht: Freiburg HRB 701860 Geschäftsführer: Dipl.-Ing. (FH), EWE Simon H. Becherer Gerichtsstand / Sitz: Waldkirch Es gelten ausschließlich unsere allgemeinen Liefer- und Zahlungsbedingungen / Einkaufsbedingungen: www.becherer.de/AGB
Hi,
That preference does not even exist here. mail.openpgp.allow_external_gnupg does, and is set to "false". my fault, i have written this mail from from my brain, i have used what you have written here. set this to true
simoN Am 10.11.20 um 18:32 schrieb Darryl Gregorash:
On 2020-11-10 10:36 a.m., Simon Becherer wrote:
i set mail.opengpg.allow_external_gnupg=true
That preference does not even exist here. mail.openpgp.allow_external_gnupg does, and is set to "false".
Also make sure mail.openpgp.enable is set to "true".
-- www.becherer.de
Hi, Am 10.11.20 um 18:32 schrieb Darryl Gregorash:
On 2020-11-10 10:36 a.m., Simon Becherer wrote:
i set mail.opengpg.allow_external_gnupg=true
That preference does not even exist here. mail.openpgp.allow_external_gnupg does, and is set to "false".
Also make sure mail.openpgp.enable is set to "true".
my fault, i have written this mail from from my brain, i have used what you have written here. both are set to true but it will not sign. simoN -- www.becherer.de
On 11/11/2020 07.30, Simon Becherer wrote:
Hi,
Am 10.11.20 um 18:32 schrieb Darryl Gregorash:
On 2020-11-10 10:36 a.m., Simon Becherer wrote:
i set mail.opengpg.allow_external_gnupg=true
That preference does not even exist here. mail.openpgp.allow_external_gnupg does, and is set to "false".
Also make sure mail.openpgp.enable is set to "true".
my fault, i have written this mail from from my brain, i have used what you have written here. both are set to true but it will not sign.
Both? I didn't realize there were two. mail.opengpg.allow_external_gnupg=true mail.openpgp.enable ? I don't know what the second variable does, first time I see it mentioned. I have it set to true (default). Ah, <https://wiki.mozilla.org/Thunderbird:OpenPGP> says it disables enigmail. Ah, and we need Enigmail version 2.2.x minimal with version 78 of Thunderbird - we have 2.1.5 on Leap 15.1: Bug? I can sign - the trick is first importing the public signatures from ~/.gnupg/pubring.gpg - because that file includes the public part of your own signature, then it can find it by ID. I think that using external gnupg makes saving drafts break, it doesn't know how to save encrypted drafts. Maybe if I can disable encryption ? There is no visible setting for that, unless it is hidden. Yes, there is, it is mail.identity.id10.autoEncryptDrafts Problem is finding first the ID for the account. Ah, that can be found on mail.identity.id10.draft_folder I can not test that on the current email. Create a new one... no, saving keep failing. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 11/11/20 4:45 AM, Carlos E. R. wrote:
I think that using external gnupg makes saving drafts break, it doesn't know how to save encrypted drafts. Maybe if I can disable encryption ? There is no visible setting for that, unless it is hidden. Yes, there is, it is
What will happen will all current drafts and templates that are in Thunderbird stored encrypted by enigmail and gpg? Does the new GPG handle decryption of all messages that are saved encrypted? -- David C. Rankin, J.D.,P.E.
On 16/11/2020 01.34, David C. Rankin wrote:
On 11/11/20 4:45 AM, Carlos E. R. wrote:
I think that using external gnupg makes saving drafts break, it doesn't know how to save encrypted drafts. Maybe if I can disable encryption ? There is no visible setting for that, unless it is hidden. Yes, there is, it is
What will happen will all current drafts and templates that are in Thunderbird stored encrypted by enigmail and gpg? Does the new GPG handle decryption of all messages that are saved encrypted?
Good point. So I just had a look, found one encrypted draft, and I opened it without a problem; it just prompted for my password. And the password is cached, I can view other encrypted drafts (not all are). It doesn't mark which messages are encrypted in the list panel, though. Only after clicking on one to display it, I see if it is pgp protected or not. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2020-11-10 at 14:02 +0100, Carlos E. R. wrote:
Hi,
I have updated today to that version in subj, but no wizard triggered to import things. What do I do?
I opened "OpenPGP Manager" in Th, then file import and selected ~/.gnupg/pubring.gpg (I had to search for it). It was thinking for a while, then it prompts me with a dialog that is taller than my display. At the top it says "import following keys?" But the buttons are out of the display. I can not move it up, because it has no item on the panel. I manage to move it up once, clicking on the top bar, but there is more down below. I have to press [enter] blindly, and appears to have imported a bunch. Now I try to send a message, and this time it does find my key, as my public key is imported. But the email is not really signed. I repeat the try, making sure I click on sign - this time it is indeed signed. It does not recognize my email in this thread as signed. This morning it did, but could not import the key. No PGP context or local menu. Alpine uses inline PGP. Th appears to recognize my just sent test email in the sent folder as signed (but flags as "uncertain"). I mark the key as trusty, and now it displays a little green check mark. What a mess. - -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCX6rj5hwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVVlAAoIWAOjCQ3/aRBGSzgclq 398gjJrfAJ4xgIDy0LAPYNI1idIMZpmMKyZk8Q== =i7z4 -----END PGP SIGNATURE-----
On 10/11/2020 20.03, Carlos E. R. wrote:
On Tuesday, 2020-11-10 at 14:02 +0100, Carlos E. R. wrote:
It does not recognize my email in this thread as signed. This morning it did, but could not import the key. No PGP context or local menu. Alpine uses inline PGP. Th appears to recognize my just sent test email in the sent folder as signed (but flags as "uncertain"). I mark the key as trusty, and now it displays a little green check mark.
What a mess.
- -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar)
-----BEGIN PGP SIGNATURE-----
And it does a mess of quoting - se above. Further: I can not select "sign" as default. If I click sign, it also clicks attach signature, so I have to go in and deselect that. I can not save drafts, not even to local folders. What a mess. Addons: all are not compatible. Google Calendar Toggle wordwrap Send later check and send What a mess! :-/ Worst version of the decade! -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 2020-11-10 1:03 p.m., Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tuesday, 2020-11-10 at 14:02 +0100, Carlos E. R. wrote:
Hi,
I have updated today to that version in subj, but no wizard triggered to import things. What do I do?
I opened "OpenPGP Manager" in Th, then file import and selected ~/.gnupg/pubring.gpg (I had to search for it). It was thinking for a while, then it prompts me with a dialog that is taller than my display. At the top it says "import following keys?" But the buttons are out of the display. I can not move it up, because it has no item on the panel. I manage to move it up once, clicking on the top bar, but there is more down below. I have to press [enter] blindly, and appears to have imported a bunch.
Now I try to send a message, and this time it does find my key, as my public key is imported. But the email is not really signed.
I repeat the try, making sure I click on sign - this time it is indeed signed.
It does not recognize my email in this thread as signed. This morning it did, but could not import the key. No PGP context or local menu. Alpine uses inline PGP. Th appears to recognize my just sent test email in the sent folder as signed (but flags as "uncertain"). I mark the key as trusty, and now it displays a little green check mark.
What a mess.
Did you also import your secret keys?
On 11/11/2020 00.37, Darryl Gregorash wrote:
On 2020-11-10 1:03 p.m., Carlos E. R. wrote:
On Tuesday, 2020-11-10 at 14:02 +0100, Carlos E. R. wrote:
Hi,
I have updated today to that version in subj, but no wizard triggered to import things. What do I do?
I opened "OpenPGP Manager" in Th, then file import and selected ~/.gnupg/pubring.gpg (I had to search for it). It was thinking for a while, then it prompts me with a dialog that is taller than my display. At the top it says "import following keys?" But the buttons are out of the display. I can not move it up, because it has no item on the panel. I manage to move it up once, clicking on the top bar, but there is more down below. I have to press [enter] blindly, and appears to have imported a bunch.
Now I try to send a message, and this time it does find my key, as my public key is imported. But the email is not really signed.
I repeat the try, making sure I click on sign - this time it is indeed signed.
It does not recognize my email in this thread as signed. This morning it did, but could not import the key. No PGP context or local menu. Alpine uses inline PGP. Th appears to recognize my just sent test email in the sent folder as signed (but flags as "uncertain"). I mark the key as trusty, and now it displays a little green check mark.
What a mess.
Did you also import your secret keys?
No. And I will not. I'm using "mail.openpgp.allow_external_gnupg = true" -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 2020-11-10 5:44 p.m., Carlos E. R. wrote:
On 11/11/2020 00.37, Darryl Gregorash wrote:
Did you also import your secret keys?
No. And I will not. I'm using "mail.openpgp.allow_external_gnupg = true"
So you've imported the public keys, but not the secret keys? I don't know if that's going to work -- but that's just a guess. Did you also set mail.openpgp.alternative_gpg_path ?
On 11/11/2020 01.31, Darryl Gregorash wrote:
On 2020-11-10 5:44 p.m., Carlos E. R. wrote:
On 11/11/2020 00.37, Darryl Gregorash wrote:
Did you also import your secret keys?
No. And I will not. I'm using "mail.openpgp.allow_external_gnupg = true"
So you've imported the public keys, but not the secret keys? I don't know if that's going to work -- but that's just a guess.
It does work, this email should be signed. It also insists on attaching my key to the post, I don't know how to disable that default, it adds useless size to posts. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 2020-11-10 21:10:42 Carlos E. R. wrote:
On 11/11/2020 01.31, Darryl Gregorash wrote:
On 2020-11-10 5:44 p.m., Carlos E. R. wrote:
On 11/11/2020 00.37, Darryl Gregorash wrote:
Did you also import your secret keys?
No. And I will not. I'm using "mail.openpgp.allow_external_gnupg = true"
So you've imported the public keys, but not the secret keys? I don't know if that's going to work -- but that's just a guess.
It does work, this email should be signed. It also insists on attaching my key to the post, I don't know how to disable that default, it adds useless size to posts.
It is, in fact, signed. Leslie --
On 2020-11-10 9:10 p.m., Carlos E. R. wrote:
On 11/11/2020 01.31, Darryl Gregorash wrote:
On 2020-11-10 5:44 p.m., Carlos E. R. wrote:
On 11/11/2020 00.37, Darryl Gregorash wrote:
Did you also import your secret keys?
No. And I will not. I'm using "mail.openpgp.allow_external_gnupg = true"
So you've imported the public keys, but not the secret keys? I don't know if that's going to work -- but that's just a guess.
It does work, this email should be signed. It also insists on attaching my key to the post, I don't know how to disable that default, it adds useless size to posts. Perhaps check Account Settings, End to End Encryption, Default settings for sending messages, Add digital signature by default.
The corresponding about:config preference is mail.identity.id1.sign_mail (or id2, id3, etc for multiple email accounts).
Hi, i tried to answer to a nother mail of this thread, but i got a reply mail: Your mail to 'users@lists.opensuse.org' with the subject Re: [opensuse] Re: Thunderbird 78.4.0 and PGP - doesn't work for me. Is being held until the list moderator can review it for approval. The message is being held because: Message contains administrivia Either the message will get posted to the list, or you will receive notification of the moderator's decision. ============ what was wrong with my mail? i do not understand: Message contains administrivia simoN Am 11.11.20 um 06:11 schrieb Darryl Gregorash:
On 2020-11-10 9:10 p.m., Carlos E. R. wrote:
On 11/11/2020 01.31, Darryl Gregorash wrote:
On 2020-11-10 5:44 p.m., Carlos E. R. wrote:
On 11/11/2020 00.37, Darryl Gregorash wrote:
Did you also import your secret keys?
No. And I will not. I'm using "mail.openpgp.allow_external_gnupg = true"
So you've imported the public keys, but not the secret keys? I don't know if that's going to work -- but that's just a guess.
It does work, this email should be signed. It also insists on attaching my key to the post, I don't know how to disable that default, it adds useless size to posts. Perhaps check Account Settings, End to End Encryption, Default settings for sending messages, Add digital signature by default.
The corresponding about:config preference is mail.identity.id1.sign_mail (or id2, id3, etc for multiple email accounts). _______________________________________________ openSUSE Users mailing list -- users@lists.opensuse.org To unsubscribe, email users-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/users@lists.opensuse.org
-- www.becherer.de
On Wed, 11 Nov 2020 07:27:12 +0100 Simon Becherer <simon@becherer.de> wrote:
Message contains administrivia
Google says: https://www.gnu.org/software/mailman/mailman-admin/node14.html administrivia This option specifies whether Mailman will search posted messages for admimistrivia, in other words, email commands which usually should be posted to the -request address for the list. Setting this to Yes helps prevent such things as unsubscribe messages getting erroneously posted to the list. If a message seems to contain administrivia, it is held for moderator approval.
On Wed, 11 Nov 2020 10:48:16 +0000 Dave Howorth <dave@howorth.org.uk> wrote:
On Wed, 11 Nov 2020 07:27:12 +0100 Simon Becherer <simon@becherer.de> wrote:
Message contains administrivia
Google says:
https://www.gnu.org/software/mailman/mailman-admin/node14.html
administrivia This option specifies whether Mailman will search posted messages for admimistrivia, in other words, email commands which usually should be posted to the -request address for the list. Setting this to Yes helps prevent such things as unsubscribe messages getting erroneously posted to the list.
If a message seems to contain administrivia, it is held for moderator approval.
There's also https://mail.python.org/pipermail/mailman-users/2007-April/056435.html which seems to indicate that using the option is just as likely to irritate both users and administrators as it is to be useful :(
On 11/11/2020 06.11, Darryl Gregorash wrote:
On 2020-11-10 9:10 p.m., Carlos E. R. wrote:
On 11/11/2020 01.31, Darryl Gregorash wrote:
On 2020-11-10 5:44 p.m., Carlos E. R. wrote:
On 11/11/2020 00.37, Darryl Gregorash wrote:
Did you also import your secret keys?
No. And I will not. I'm using "mail.openpgp.allow_external_gnupg = true"
So you've imported the public keys, but not the secret keys? I don't know if that's going to work -- but that's just a guess.
It does work, this email should be signed. It also insists on attaching my key to the post, I don't know how to disable that default, it adds useless size to posts. Perhaps check Account Settings, End to End Encryption, Default settings for sending messages, Add digital signature by default.
Yes, but we want to disable attaching the signature to every email. Could be this one, but it is already false: mail.identity.id10.attachPgpKey;false The other is mail.identity.id10.attach_signature;true No google hit on either (mail.identity.*.attachPgpKey) Ah, it is a bug: <https://bugzilla.mozilla.org/show_bug.cgi?id=1675122> Duplicate of: <https://bugzilla.mozilla.org/show_bug.cgi?id=1654950> No, it is not a duplicate, that's wrong. We are doomed, then. Question here: <https://support.mozilla.org/en-US/questions/1299571> Hack here: <https://bugzilla.mozilla.org/show_bug.cgi?id=1654950#c29> The hack no longer works, says another comment. A comment says a patch was submitted 7 days ago. Hope that a 78 version gets it. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 11/10/20 1:03 PM, Carlos E. R. wrote:
Now I try to send a message, and this time it does find my key, as my public key is imported. But the email is not really signed.
I repeat the try, making sure I click on sign - this time it is indeed signed.
It does not recognize my email in this thread as signed. This morning it did, but could not import the key. No PGP context or local menu. Alpine uses inline PGP. Th appears to recognize my just sent test email in the sent folder as signed (but flags as "uncertain"). I mark the key as trusty, and now it displays a little green check mark.
What a mess.
TB 68.12 -- and happy, see no reason to experiment with my production mailer. (will wait for your future reports of success :) -- David C. Rankin, J.D.,P.E.
On 11/11/2020 10.04, David C. Rankin wrote:
On 11/10/20 1:03 PM, Carlos E. R. wrote:
Now I try to send a message, and this time it does find my key, as my public key is imported. But the email is not really signed.
I repeat the try, making sure I click on sign - this time it is indeed signed.
It does not recognize my email in this thread as signed. This morning it did, but could not import the key. No PGP context or local menu. Alpine uses inline PGP. Th appears to recognize my just sent test email in the sent folder as signed (but flags as "uncertain"). I mark the key as trusty, and now it displays a little green check mark.
What a mess.
TB 68.12 -- and happy, see no reason to experiment with my production mailer.
Too late for me. I forgot to lock the package. And on laptop1 I already updated to Leap 15.2, so also too late. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 11/11/20 3:08 AM, Carlos E. R. wrote:
On 11/11/2020 10.04, David C. Rankin wrote:
On 11/10/20 1:03 PM, Carlos E. R. wrote:
Now I try to send a message, and this time it does find my key, as my public key is imported. But the email is not really signed.
I repeat the try, making sure I click on sign - this time it is indeed signed.
It does not recognize my email in this thread as signed. This morning it did, but could not import the key. No PGP context or local menu. Alpine uses inline PGP. Th appears to recognize my just sent test email in the sent folder as signed (but flags as "uncertain"). I mark the key as trusty, and now it displays a little green check mark.
What a mess.
TB 68.12 -- and happy, see no reason to experiment with my production mailer.
Too late for me. I forgot to lock the package. And on laptop1 I already updated to Leap 15.2, so also too late.
Phew! I'm running 15.2 here and forgot to lock t-bird 68 too, but so far it looks like it's working for me and my users. Comments: First, I'd like to thank Thunderbird's devs and maintainers for making Thunderbird possible. It's one of those critical Linux applications that make it possible for us to use Linux in our production desktop environment. Without it and its support for PKI Smartcards we'd be using Windows 10 on desktops, and openSUSE on the back-end servers. Second, I'm happy to report that message signing and encryption works with Smartcards! This is The Key capability in Thunderbird for us. We're using the standard pcscd driver and opensc packages for the middleware. libcoolkey is falling behind and doesn't support PIV Smartcards. Third, the look and feel is certainly different, but I'm sure we can adapt. Forth, I believe that running 78 updates your .thunderbird profile to the point where you can't go back to 68. I've seen this happen with the Windows version of Thunderbird, so it might be prudent to make a backup of ~/.thunderbird before running 78 for the first time just in case. Regards, Lew
11.11.2020 18:40, Lew Wolfgang пишет:
Second, I'm happy to report that message signing and encryption works with Smartcards!
How exactly encryption is related to smartcard? Encryption is using public key of recipient while smartcard contains your own secret key. That's serious question, I probably miss something obvious here.
On 11/11/2020 18.29, Andrei Borzenkov wrote:
11.11.2020 18:40, Lew Wolfgang пишет:
Second, I'm happy to report that message signing and encryption works with Smartcards!
How exactly encryption is related to smartcard? Encryption is using public key of recipient while smartcard contains your own secret key.
That's serious question, I probably miss something obvious here.
Good point. Maybe because encrypted posts are also signed. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 11/11/20 9:29 AM, Andrei Borzenkov wrote:
Second, I'm happy to report that message signing and encryption works with Smartcards! How exactly encryption is related to smartcard? Encryption is using
11.11.2020 18:40, Lew Wolfgang пишет: public key of recipient while smartcard contains your own secret key.
That's serious question, I probably miss something obvious here.
Smartcard-based encryption is the key usage case for them. To the best of my knowledge, they don't interoperate with PGP. I'm certainly no expert on this, but you're correct, the private key lives on the smartcard and can't be used as the argument to the RSA encryption software until unlocked with a PIN. Even then it never leaves the card itself, only the encryption products leave the card. Thus the smartcard is an integral component of its PKI environment. With the smartcard pin, you have true two-factor authentication and security. Getting Thunderbird working with smartcards in the beginning wasn't easy. The error messages were opaque and there were too many moving parts. The Muscle packages, then PCSC with it's various reader drivers, the libcoolkey middleware, then Thunderbird itself and the handling of root certificate authorities made for many interesting problems. Our most recent problem was an incompatibility with new PIV smartcards, which was solved by using OpenSC instead of coolkey. Considering the PGP problems we've been hearing about, it was a relief to see that the smartcard ecosystem still works with the new Thunderbird version. All of my hundreds of saved public certs are still there and usable too! If it's any consolation, our Windows users have more problems with smartcards than do my openSUSE users. Regards, Lew
11.11.2020 22:45, Lew Wolfgang пишет:
Considering the PGP problems we've been hearing about, it was a relief to see that the smartcard ecosystem still works with the new Thunderbird version. All of my hundreds of saved public certs are still there and usable too!
You mean that a) you have (a lot of) public keys on smartcard and b) Thunderbird actually uses these keys and not public keys imported and managed by Thunderbird? While I somehow doubt the former[1], but I guess it is possible - the latter is simply impossible according to all available information. Either you misinterpret what you see or I would be really interested to know how to configure Thunderbird to use externally managed public keys. Or you are talking about pre-78 version of Thunderbird that used external GnuPG which continues to use existing keyring and smartcard for existing *secret* keys. [1] Smartcards usually do not store public keys at all, and certainly not "hundreds" of them. They store URL to fetch public key corresponding to secret key.
On 11/11/2020 21.38, Andrei Borzenkov wrote:
11.11.2020 22:45, Lew Wolfgang пишет:
Considering the PGP problems we've been hearing about, it was a relief to see that the smartcard ecosystem still works with the new Thunderbird version. All of my hundreds of saved public certs are still there and usable too!
You mean that a) you have (a lot of) public keys on smartcard and b) Thunderbird actually uses these keys and not public keys imported and managed by Thunderbird? While I somehow doubt the former[1], but I guess it is possible - the latter is simply impossible according to all available information. Either you misinterpret what you see or I would be really interested to know how to configure Thunderbird to use externally managed public keys.
Or you are talking about pre-78 version of Thunderbird that used external GnuPG which continues to use existing keyring and smartcard for existing *secret* keys.
[1] Smartcards usually do not store public keys at all, and certainly not "hundreds" of them. They store URL to fetch public key corresponding to secret key.
I don't think he said that the imported public keys reside in the card. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 11/11/20 12:38 PM, Andrei Borzenkov wrote:
11.11.2020 22:45, Lew Wolfgang пишет:
Considering the PGP problems we've been hearing about, it was a relief to see that the smartcard ecosystem still works with the new Thunderbird version. All of my hundreds of saved public certs are still there and usable too!
You mean that a) you have (a lot of) public keys on smartcard and b) Thunderbird actually uses these keys and not public keys imported and managed by Thunderbird? While I somehow doubt the former[1], but I guess it is possible - the latter is simply impossible according to all available information. Either you misinterpret what you see or I would be really interested to know how to configure Thunderbird to use externally managed public keys.
Or you are talking about pre-78 version of Thunderbird that used external GnuPG which continues to use existing keyring and smartcard for existing *secret* keys.
[1] Smartcards usually do not store public keys at all, and certainly not "hundreds" of them. They store URL to fetch public key corresponding to secret key.
Sorry to be confusing. Correct, I was referring to public certs collected and stored by Thunderbird. The smartcard can store multiple public/private keysets, but only for the card owner. I've seen them store four, used for different purposes. ID, email encryption, and software-signing are some of the purposes. Thunderbird has collected and stored hundreds of smartcard public certs for me. It can harvest them from signed emails, LDAP, or on-line cert stores. You can also manually load and trust them using Thunderbird's certificate manager. It will also allow management of root certs, for example, untrusting and/or removing the Hong Kong Post Office root cert. Note that Thunderbird maintains its own cert store, separate from Firefox. Chrome stores its own on Linux too. But in the Windows world, the operating system stores the certs in the registry. Firefox and Thunderbird for Windows maintain their own, as on Linux. Chrome currently uses Microsoft's cert store, but I just heard that Chrome will start using its own in a future release. They want to control their trust environment, not wanting to trust Microsoft to do it for them. Regards, Lew
On 11/11/20 1:45 PM, Lew Wolfgang wrote:
Getting Thunderbird working with smartcards in the beginning wasn't easy. The error messages were opaque and there were too many moving parts. The Muscle packages, then PCSC with it's various reader drivers, the libcoolkey middleware, then Thunderbird itself and the handling of root certificate authorities made for many interesting problems. Our most recent problem was an incompatibility with new PIV smartcards, which was solved by using OpenSC instead of coolkey.
Why on God's Green Earth would anyone care about encryption from a smartcard? (no, using a public computer with a key on a card doesn't make sense) If my OS booted, and I'm logged in, then authentication is done. I'm a Linux user, I just want Thunderbird to work with my gpg keys. (as was done for more than a decade) Why we are throwing gpg out for some half-baked Windows PGP replacement that can play with smartcards? To me, that is another shining example of why radical usage breaks should be forks of projects and not lurches in a different direction of an existing project. No wonder small businesses won't gamble on Linux desktop, we keep slapping them in the face with costly tail-chasing changes that cost just as much to support as changes by the other side. When I have a "free day" to spend going through the transition, I'm sure that after reading the wiki, bug reports, the unhelpful Mozilla help pages, that it will all work out. It's the Oh Crap, I just updated and can't go back and have to spend that "free day" today that is akin to shooting yourself in the foot in the middle of a foot race. -- David C. Rankin, J.D.,P.E.
On 11/15/20 4:10 PM, David C. Rankin wrote:
On 11/11/20 1:45 PM, Lew Wolfgang wrote:
Getting Thunderbird working with smartcards in the beginning wasn't easy. The error messages were opaque and there were too many moving parts. The Muscle packages, then PCSC with it's various reader drivers, the libcoolkey middleware, then Thunderbird itself and the handling of root certificate authorities made for many interesting problems. Our most recent problem was an incompatibility with new PIV smartcards, which was solved by using OpenSC instead of coolkey. Why on God's Green Earth would anyone care about encryption from a smartcard? (no, using a public computer with a key on a card doesn't make sense) If my OS booted, and I'm logged in, then authentication is done. I'm a Linux user, I just want Thunderbird to work with my gpg keys. (as was done for more than a
Sorry if I wasn't clear, David. Smartcards are used for two-factor authentication and encryption. A user has to possess the token (smartcard) and the knowledge to unlock the token (PIN). The authentication is used to access restricted web sites, digital signing of messages is used for non-repudiation, and of course there's the encryption part. The cards wouldn't normally be used on public computers, they would lack the readers and software. Plus, organizational policy would usually forbid it. Only organizationally approved computers are used, to the best of my knowledge.
Why we are throwing gpg out for some half-baked Windows PGP replacement that can play with smartcards? To me, that is another shining example of why radical usage breaks should be forks of projects and not lurches in a different direction of an existing project. No wonder small businesses won't gamble on Linux desktop, we keep slapping them in the face with costly tail-chasing changes that cost just as much to support as changes by the other side.
The Smartcard stack is independent from gpg and decendents. Smartcard support in Thunderbird has existed for many years, I was relieved that this new PGP didn't interfere with existing Smartcard support. https://blog.identityautomation.com/two-factor-authentication-2fa-explained-... Regards, Lew
On 10/11/2020 14.02, Carlos E. R. wrote:
Hi,
I have updated today to that version in subj, but no wizard triggered to import things. What do I do?
I see no enigmail helper. I see nothing in preferences labeled PGP or GPG.
I just noticed another problem: all previous contacts in the address book are gone. But I see the "Phone contacts" which seems complete (with entries that have no phone but email). They seem to be my gmail account contacts. I don't know if there is some way to import them from backup and which file would it be. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 11/18/20 4:48 AM, Carlos E. R. wrote:
I just noticed another problem: all previous contacts in the address book are gone.
But I see the "Phone contacts" which seems complete (with entries that have no phone but email). They seem to be my gmail account contacts.
I don't know if there is some way to import them from backup and which file would it be.
Uugh... Let us know when you get this one solved (and how), I have 1,000+ contacts that would not be nice to lose. -- David C. Rankin, J.D.,P.E.
On 10/11/2020 14.02, Carlos E. R. wrote:
Hi,
Created <https://bugzilla.opensuse.org/show_bug.cgi?id=1179057> -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
participants (8)
-
Andrei Borzenkov -
Carlos E. R. -
Darryl Gregorash -
Dave Howorth -
David C. Rankin -
J Leslie Turriff -
Lew Wolfgang -
Simon Becherer