-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, with the latest update to Thunderbird 45 I also updated Enigmail to 1.9.1 and had therefore switch from GnuPG 1.4.X to 2.0.30 (I'm using Windows 8.1 and therefore used Gpg4win-Vanilla as recommended in https://www.enigmail.net/index.php/en/faq?view=category&id=13 ). I had some issues with the update. Maybe this post helps others or some points can even be added into the faq? First of all, maybe one should add a node in the section about "What happens to my keys after the upgrade?" that in GnuPG 2.1 the secring is not longer used https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring There is no final Gpg4win-Vanilla with GnuPG 2.1 yet but sooner or later it will be released and then people should know what files to backup. Interestingly an empty (in my case) private-keys-v1.d folder is already being created with GnuPG 2.0.30. A more difficult problem was that I specified - --homedir "D:\somehwere\gnupg" as additional parameter for GnuPG in the Enigmail settings (better portability, easier backups, no need to change system variables if an other setup should be used). Unfortunately this homedir parameter seems not to be forwarded to the new introduced agent. So I could view my keyring etc. in the enigmail key management but never encrypt (there was just never a question for my passphrase so of course no access to my private key). This problem was already reported in 2014 http://wald.intevation.org/tracker/?func=detail&atid=126&aid=6528&group_id=11 and should be fixed in GnuPG 2.1 (which I didn't install as there is no final Gpg4win with this version so I don't know if it is really works) After I set the system variable GNUPGHOME D:\somehwere\gnupg it works for GnuPG 2.0. As far as I can see this issue is not yet mentioned in the "Resolving issues with GnuPG 2.x and gpg-agent" section in the FAQ. A third issue that I don't understand yet is that I get errors if I update some keys from the key servers (others are working). To have less "random" results (depending on which server is chosen from the default pool) I explicitly set keys.gnupg.net as key server. If I choose to update one single key, for some of them the error log states the following (sorry that it is in German, the Umlaute are also wrong in the displayed text and some final letters seem to be missing as well. I don't know if this is an issue of GnuPG or Enigmail) Herunterladen der Schlüssel ist fehlgeschlagen gpg: fordere Schl ]ssel BB1D9F6D von hkp-Server keys.gnupg.net a gpg: Hinweis: Signaturen mit dem MD5 Hashverfahren werden zur ]ckgewiesen gpg: Schl ]ssel BB1D9F6D: Keine g ]ltigen User-I gpg: dies k├Ânnte durch fehlende Eigenbeglaubigung verursacht worden sei gpg: Anzahl insgesamt bearbeiteter Schl ]ssel: gpg: ohne User-ID: 1 The key in this example is actually one of the keys of the Heise Kryptkampagne https://www.heise.de/security/dienste/PGP-Schluessel-der-c-t-CA-473386.html and is marked as "Ungültig" (which translatets to "Invalid" but is different to "Abgelaufen" ("Expired")) in the Enigmail key manager. Is this related to the rejection of old (md5?) keys or what could explain this category? I'm not 100% sure but I think this was not like this in gpg 1.4. If I choose to update all keys ("Keyserver - Update all keys" or some similar wording) I run into yet an other issue Herunterladen der Schlüssel ist fehlgeschlagen gpg: Hinweis: Signaturen mit dem MD5 Hashverfahren werden zur ]ckgewiesen gpg: fordere Schl ]ssel F0D6B1E0 von ldap-Server keyserver.pgp.com a gpg: Keine g ]ltigen OpenPGP-Daten gefunden gpg: Anzahl insgesamt bearbeiteter Schl ]ssel: gpg: Schl ]sselserver-Daten ]bertragunsfehler: Nicht gefund gpg: Schl├╝sselserver-Daten├╝bertragunsfehler: Fehlerhafter ├Âffentlicher Schl├╝ gpg: WARNUNG: Schl├╝ssel F0D6B1E0 kann per ldap://keyserver.pgp.com nicht aktualisiert werden: Fehlerhafter ├Âffentlicher Schl├╝s gpg: 20 Schl ]ssel werden per hkp://keys.gnupg.net aktualisier gpg: fordere Schl ]ssel 8ABDF3D7 von hkp-Server keys.gnupg.net a .... Why is actually a different key server ldap://keyserver.pgp.com used for the first key? As I said, I set keys.gnupg.net as only key server in the Enigmail settings and this server is used for all others but the first key. I hope that you can help me to get a better understanding what is going on there. Kind regards, Hauke -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEUEARECAAYFAlchT1QACgkQjz8jfoq989fLJQCXQA+sVqvBoTH+YZZECFK5uM0a AQCfZgrYIp463tRKPzYeRs9AZrE7W3Q= =7kpU -----END PGP SIGNATURE----- _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
