Hi all,
I'm in the process of writing instructions on how to use PGP with a
bunch of different clients, and I believe I've identified some issues
with Enigmail.
People today read their mail on many different devices and, therefore,
it is needed to copy your private key between the devices. Currently
this is harder than it should in Enigmail. Assume we have two machines,
A and B. A has the main PGP keypair, while B is the machine we want to
set up. Also assume that we want to do the key exchange by email (not
everyone has a USB key available, not all devices have USB support, etc.).
These seem to be the steps necessary:
1. On machine B generate a new, temporary, keypair. Go to Key Management
and select Send Public Keys by Email.
2. Open the mail on A, import the attachment directly using the context
menu. This allows us to securely send the main private key to B.
3. Go to Key Management, and export your main key to a file.
4, Open a new mail, address it to yourself and attach the saved keypair.
When sending, if you don't select a key manually you may end up in
trouble because the mail may be encrypted with the wrong key (since
there are now two keys for the same email address).
5. On machine B, open the mail. Decrypt and save the attached keypair
6. Go to Key Management, delete or disable your old keypair.
7. Import your main keypair that you saved in step 5.
8. Go to Preferences -> Account settings -> OpenPGP security and change
the PGP key used for the account
A few issues comes to mind:
- Why is there not a similar option to send the private key via email as
for the public key? It is a security risk if the user accidentally sends
the wrong key, but sufficient warning should prevent this? Would it
also be possible to detect a private key as an attachment and refuse to
send it unencrypted? This would allow to combine steps 3 and 4.
- It is possible to import a keypair directly from an unencrypted mail
using the attachment context menu. Why is this not possible in an
encrypted mail? Is it a bug? This would allow combining steps 5 and 7.
- When importing a keypair with the same user information as an already
existing key, ask if the old key should be disabled. This would
eliminate step 6.
- When a key that is used by an account is deleted or disabled, prompt
the user to change the account key. Currently only a cryptic error is
given instead when trying to send any encrypted mail. This would get rid
of step 8.
So, with the above mentioned suggestions, it would be possible to go
down from 8 steps to 5. A marked improvement, IMHO. It would also
eliminate the possibility of some user errors.
Any comments? Is there already some easier way to do this?
--
Stefan Parviainen
_______________________________________________
enigmail-users mailing list
[email protected]
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
