[Users] Decryption fails since changing key
Christian Lerrahn
sc at penpal4u.net
Thu Nov 10 05:54:24 CET 2016
Hi,
> I am not sure if this is a CM or a GPG Agent problem. I am also sure I
> have solved it before but I can't figure it out any more. So, I have
> to start somewhere.
>
> My GPG key expired recently and I generated a new one. Now, I have the
> problem that while I can still decrypt all the old emails which were
> encrypted with the expired key, all emails which were encrypted with
> the new key will just show a "Couldn't decrypt: Decryption failed"
> without me ever being asked for a password.
>
> I have played with all the settings I can find but I just can't figure
> out why it's always the expired key that's matched instead of the
> current one.
>
> What am I doing wrong?
I haven't worked out what I am doing wrong but I do know where the
disconnect happens. While for the old key the keygrip which is sent to
gpg-agent is known to gpg-agent, with the new key an unknown keygrip is
sent.
I have generated another new key for a different email address and the
problem is the same there. The old key has a know keygrip while the new
one has an unknown one.
Unfortunately, I can work out how to correlate the keygrips in
gpg-agent with secret keys to know what keygrip gpg-agent expects or if
it even lists a keygrip for the secret key. For now, I only know the
number of entries:
gpg-connect-agent 'keyinfo --list --ssh-fpr' /bye -> 39 entries, 29
with an SSH-style fingerprint
gpg --list-secret-keys -> 22 secret keys
Any suggestions how to debug this? Has something changed in more recent
PGP keys that would result in the keygrips being calculated differently
in gpg-agent but not in claws-mail? I seem to only have on version of
libgcrypt though.
Any suggestions how to tackle this?
Cheers,
Christian
More information about the Users
mailing list