Hi everyone!
I am switching to the mailing list for this because it is more accessible than the forum (I am blind and use a screen reader). As a prelude, please read this not long forum thread: https://sourceforge.net/p/enigmail/forum/support/thread/6818ce6f/ After thinking about this more for the last 36 hours, I have a few questions I hope Patrick can answer for me. First, the situation: I was a Thunderbird/Enigmail user for a long time, then used a Mac for a longer period, including Apple Mail and GPG Mail, since TB isn't accessible to VoiceOver on the Mac. I have now returned to Windows, on a fresh machine, and did the following, in this order: 1. From a backup, copied my gnupg user folder back to its expected location. The key ring hadn't changed much while I was on MacOS, so doing this was OK. 2. Installed Thunderbird and set it up with my mail accounts. 3. Installed GPG4Win, as I had not read the updated Enigmail documentation and didn't know at the time that Enigmail now would have done this for me upon installation. 4. Installed Enigmail from the Add-On repository, directly in Thunderbird. Here's what happened: It installed, found GnuPG, and then went straight into pEp mode. It created a new key pair, even though the existing key ring contained a public/private key for the primary e-mail address, even though it also contains aliases. I quickly noticed that new e-mails were signd with a different key than I expected, and I was pretty surprised by that. Also, that machine is set to automatic mode, which is the default, and always decides to go for Junior Mode when I start TB. I then, as I had a second machine to set up, did some reading on https://pep.security, especially the FAQ. I also read up on the latest available documentation on properly setting up Enigmail, but that predates the 2.0 release and doesn't mention pEp anywhere. For that second machine, I then decided to: 1. Not copy my key ring in just yet. 2. Install Thunderbird and set it up. 3. Start TB on machine 1, since I had read about peer-to-peer in the FAQ and thought that it *might* work. 4. Install Enigmail on the second machine. 5. Enigmail then downloaded GPG4Win for me, which I installed with defaults. 6. It then created another key pair. It was again in pEp mode. 7. Then, from the first machine, I decided to initiate the AutoCrypt setup. That worked, now, my second machine had both the key pair created on machine 1, and the one that was created initially when I installed Enigmail just now. 8. What it didn't do, but which I kind of expected, was transfer the keys it had on machine 1 over to machine 2. 9. Since I didn't have my key ring on machine 2, I decided to do a full export on machine 1 and an import into machine 2. Now, I had 3 key pairs for my primary e-mail address. My old one, the one created on machine 1, and the one created on machine 2. That's when I wrote the above linked forum post. After getting a hint from there that it should be possible to use an existing key pair for pEp, I fiddled around a bit, then decided to run the startup wizard. I chose Advanced Mode, and when prompted, chose my old pre-pEp key pair. And that's when pEp was being turned off for me. Automatic mode no longer decided to go for junior/pEp mode at all. The only way to turn pEp back on was through the TB privacy settings and forcing it on. Along the way, I had also deleted the superfluous private/public key pairs transferred from machine 1, and the one generated on machine 2. I left machine 1 fully untouched, which proved very lucky. :) But the moment I forced on pEp mode, the first thing Enigmail does, reliably: It creates a new public/private key pair. Every single time. I then ended up comparing values in about:config for my identities, and changing them to match those of machine 1, especially what pEp and PGP settings were concerned. At some point, after deleting a bunch of settings from machine 2, automatic detection worked again. I then transferred over the pEp key from machine 1 once more, deleted the superfluous ones created during my attempts, and am now on a similar setup on both machines where they *seem* to be using the newly created key pair for new stuff, but use the older keys when they need to. And now the big questions: 1. What is the *intended* behavior for someone who was using OpenPGP for years and is setting up stuff fresh? I know there are ways to export settings from Enigmail now, but back when I stopped using Thunderbird on Windows temporarily, Enigmail didn't have those features yet, and I didn't save the whole profile, just my keyring settings from GnuPG: Is Enigmail really supposed to create a new pair of keys automatically when I supply GnuPG with a key ring that has exactly one pub/sec key pair in it? 2. And the second question: Is there really no way for me to use pEp *and* my original key pair? Is the fact that this contains aliases the factor that prevents Enigmail from picking it up and using it, and recreating its own set of keys? If that is the case, is there a way for Enigmail to create key pairs for the aliases / different identities I added for the same e-mail account? Or am I going about this all wrong, and shouldn't even be using pEp mode? I realise my particular circumstances may be a bit unique, but I am really wondering what the expected outcome of this would be... Thanks for sticking with me through this long read! Marco _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
