This morning, an update installed itself on my Linux computer ‘Phoenix’, that brought the version of my ‘
libgcrypt‘ libraries to ‘
1.6.3-2+deb8u3‘. This is under Debian / Jessie, a version of Linux. These libraries are supposed to give access to GnuPG encryption capabilities, to certain applications.
Within my ‘Thunderbird’ email client, I have an add-on installed from the package manager, called ‘Enigmail’ (version ‘
2:1.8.2-4~deb8u1‘), which gives a full suite of encryption capabilities to my email.
The latest ‘
libgcrypt‘ update has broken Enigmail, which was working fine before today.
More specifically, it is no longer possible to encrypt an email to oneself. Being able to do so, is essential for two purposes:
- When we send an encrypted email to the public key of a contact, we are also asking the software to encrypt the same email to ourselves,
- The way we may sometimes configure our Drafts folder, is to encrypt any Draft emails saved there, so that we need to enter the passphrase to unlock our Private Key, before we can reopen our Saved, Draft emails. This is a nifty capability, to secure the emails on our hard-drive, before we’ve made the decision to Send them.
(Edit : )
I have identified the true cause of my problem. In order to make this explanation more clear, I should also add that I’ve recently revoked some keys, and created a new, main email-key.
There exists a configuration file for GnuPG, which under Linux systems is stored at:
What can happen is that settings in this file, override whatever settings we choose in our GUI-application, such as with Enigmail, in Thunderbird. More specifically, I had entries which went something like this:
default-key 586A6C0052A087C0 ###+++--- GPGConf ---+++### utf8-strings encrypt-to 586A6C0052A087C0 keyserver hkp://pool.sks-keyservers.net ###+++--- GPGConf ---+++### Tue 16 Aug 2016 01:42:05 PM EDT # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines.
The problem was, that the
encrypt-to entry did not at first match my default-key entry, and referred to an old, revoked key. The
encrypt-to entry has as effect, that GnuPG will always try to encrypt any messages that are meant for use with hybrid encryption, also to the specified key.
I edited this file manually, to make the two entries equal. I suppose that another way to solve this problem could have been, just to remove the
The reader might wonder, by what sort of black magic that setting got into the configuration file, and, It’s usually not advised for users to edit this file directly, with a text-editor…