[Users] Decryption fails since changing key

[Christian Lerrahn]

Hi,
> I am not sure if this is a CM or a GPG Agent problem. I am also sure I
> have solved it before but I can't figure it out any more. So, I have
> to start somewhere.
> 
> My GPG key expired recently and I generated a new one. Now, I have the
> problem that while I can still decrypt all the old emails which were
> encrypted with the expired key, all emails which were encrypted with
> the new key will just show a "Couldn't decrypt: Decryption failed"
> without me ever being asked for a password.
> 
> I have played with all the settings I can find but I just can't figure
> out why it's always the expired key that's matched instead of the
> current one.
> 
> What am I doing wrong?

I haven't worked out what I am doing wrong but I do know where the
disconnect happens. While for the old key the keygrip which is sent to
gpg-agent is known to gpg-agent, with the new key an unknown keygrip is
sent.

I have generated another new key for a different email address and the
problem is the same there. The old key has a know keygrip while the new
one has an unknown one.

Unfortunately, I can work out how to correlate the keygrips in
gpg-agent with secret keys to know what keygrip gpg-agent expects or if
it even lists a keygrip for the secret key. For now, I only know the
number of entries:

gpg-connect-agent 'keyinfo --list --ssh-fpr' /bye  -> 39 entries, 29
with an SSH-style fingerprint

gpg --list-secret-keys -> 22 secret keys

Any suggestions how to debug this? Has something changed in more recent
PGP keys that would result in the keygrips being calculated differently
in gpg-agent but not in claws-mail? I seem to only have on version of
libgcrypt though.

Any suggestions how to tackle this?

Cheers,
Christian