Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail to encrypt with untrusted public keys #42

Open
denmaddin opened this issue Jul 16, 2010 · 5 comments
Open

Fail to encrypt with untrusted public keys #42

denmaddin opened this issue Jul 16, 2010 · 5 comments
Labels
minor

Comments

@denmaddin
Copy link

Every try to send/encrypt an mail results in the following message (loosely translated into english):

GnuPG Error
gpg: F79E2C97: There is no guarantee that this key really belongs to the listed owner.
gpg: [stdin]: encryption failed: unusable public key.

Decryption howerver, works fine.
Using Enigmail (same gpg.exe) to encrypt the same mail, fine too.
The problem is reproduceable on at least 3 different machines with an equal enviroment.
Eventually the add-in not fully compatible with an x64 OS?

The enviroment:
Outlook 2007 (12.0.6535.5005) SP2 MSO (12.0.6535.5002)
Windows Vista (x64) 6.0.6002 Service Pack 2 Build 6002
GnuPG 1.4.10 (2009-09-02)
Enigmail 1.0.1 (20100122-0953)
@doegox
Copy link
Collaborator

doegox commented Aug 5, 2010

This is because those keys are not properly linked in your trust chain.
If e.g. you sign locally those keys, it'll work.
The trick Enigmail is using is that by default it bypasses any trust chain check:
pref("extensions.enigmail.alwaysTrustSend",true);
which has as effect to append "--always-trust"(for gpg < 1.4) or "--trust-model always" (for gpg >=1.4) to the gpg options

Now there is still a bug in OutlookGnuPG plugin because normally it should have prompted you with a confirmation box à la "do it anyway or cancel".
Tech note for the developer to solve this issue: we catch in the code the GPG error with:
ex.Message.StartsWith("gpg: C4771111")
while here the error starts with "gpg: F79E2C97" so we should be more robust to detect this case.

Meanwhile the workaround for you is either to sign locally the keys or to set "trust-model always" in your gpg config file

@doegox
Copy link
Collaborator

doegox commented Aug 6, 2010

Mmm someone else got the message
gpg: 504EA351: There is no assurance this key belongs to the named user.
So we've really to find a way to detect consistently this type of error no matter the exact code & phrasing...
One idea: in case of error, make an internal attempt with "--trust-model always" to see if it works and if yes, then only prompts the user to confirm & send it anyway.

@doegox doegox mentioned this issue Jan 27, 2012
Closed
@janusqa
Copy link

janusqa commented Jan 30, 2012

Where can I find the gpg config file?
Thanks.

@doegox
Copy link
Collaborator

doegox commented Jan 30, 2012

To find out where your GnuPG HomeDir is, run gpg --version and check the Home: line.

@janusqa
Copy link

janusqa commented Jan 30, 2012

Ok this work-around seems to have worked exactly as you said. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
minor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@doegox @denmaddin @janusqa