Olav, You are a Genius! I also had to go in to the account settings "security" for Thunderbird and remove the S/MIME certificate from there and then it worked great. You were correct, I did not have X.509 certificates for my recipients and Thunderbird did not like that. It is so nice to see Enigmail working as it should. Thank you again, Bill Haas
On 7/30/2014 11:14 AM, Olav Seyfarth wrote: > Hi Bill, > >> I Write to create a message, then in "Options" there is a drop down that >> has options to select Encryption and Digitally signing. I select >> Encryption > > bingo. That Options menu is NOT from Enigmail, that's from Thunderbird itself. > The Encryption/Signing settings there are not about OpenPGP but S/MIME. > If you enable encryption there but have no X.509 certificate of all > receipients > installed in Thunderbird Certificate manager, Thunderbird will complain upon > sending. > >> then click the "Enigmail" and there is a drop down that says "Message >> will be encrypted" > > That is a different story. If you enabled "convenient" encryption in Enigmail > and it found a key for all receipients, then the Compose windows shows that it > is (conveniently) enrypted. This setting (and the corresponding icon at bottom > right) have nothing to do with S/MIME. > > Thus, if you would also have an S/MIME cert for your receipients, your message > would be double-encrypted (S/MIME _and_ OpenPGP)! > >> If you click that you have the option to "Force Encryption" and that seems >> to be the only way I can send encrypted messages. > > No. You should just not enable Options->Encryption, then you'll be fine. If > you > force encryption and it works then, you probably found a bug: it is likely > that > there is some code that disables S/MIME encryption when OpenPGP encryption is > manually set. If do, that bit of code should be adjusted to either also work > on > convenient encryption or not at all. > >>> Are you sure this is Enigmail/OpenPGP and not S/MIME? The term >>> "certificate" is more often used there. >> The Screen shows both Enigmail and S/MIME. I have both a certificate for >> S/MIME from Commodo and a OpenPGP created fron Kleopatra. > > To send something encryptedly to someone, you need the keys/certificates of > that > receipient, not just your own key/cert. To be able to digitally sign, you need > your own cert/key. In theory, you can send encrypted messages without having > an > own key/cert. Most mail clients will complain however since you would not be > able to read your own messages after sending them. > >>> You are referring to a key with a fully qualified UID, not just a >>> domain? >> Don't understand the question. However, I have a personal and public key >> and have the public keys for the people I am sending to and these show up >> in the list when I click Key management. > > With fully qualified UID I meand that the key may be referred to using the > email > address of its owner. There are keys without any name or email address in > them. > But the issue is clear from the first paragraph anyway. > >>> OK. To investigate, it might help if you sent your >>> %appdata%\Thunderbird\Profiles\<profilename>\pgprules.xml to /me/. > >>> You could also enable debugging in advanced options, restart TB, >>> reproduce the error and finally send by enforcing, close TB and send >>> <debug-dir>/ enigdbug.txt to /me/ (prune personal information you don' >>> want to share). > > Not necessary any more. > > Olav > > _______________________________________________ > enigmail-users mailing list > [email protected] > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net >
0xC3A97A32.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
