Open Bug 1661969 Opened 5 years ago Updated 1 year ago

"Error while saving draft - The key [...] has expired.", even though Signing is not enabled.

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 81
Type:
defect

Tracking

(Not tracked)

People

(Reporter: tessarakt, Unassigned)

Details

Version: TB 81.0b1

When I save a draft, I get the message "Error while saving draft - The key [...] has expired."

"Signing" is not checked for the message.

Sending the message eventually works fine.

Still occurs in TB 81.0b2.

Is your key expired?

We perform a validity check of your own key at the time we're saving a draft of the message.
If it is indeed expired, then you should extend the validity of your key, or select a different, non-expired key for your account.

I assume that NO draft is saved at all, right?

If you're enabling encryption for an account, you need to ensure you have a good key configured.

To clarify, if you have OpenPGP configured for the identity drafts are always encrypted, no matter if you've checked any security settings for the particular message.

Sounds like it's working as expected.

Yes, the key was expired.

Thanks for the explanation. That was quite surprising to me, and I don't really understand what is the rationale for this behavior.

About expired keys: Maybe TB should offer extending the validity ... But that would of course be a different bug.

I have a similar problem. I do have a recently expired key (here: KEY1), which I plan to use only to decrypt older messages. Every account of mine has a newer key set as default for signing (here: KEY2). However, I still get the error message, and for a different account even!

I try to save draft / send an E-Mail from email2@provider2.com (not my default E-Mail address). I get the following error: "Error while saving draft - The key email1@provider1.net (a different address!) (Key-ID KEY1 (an older key!)) has expired"

While I understand, that saving drafts may require a valid key to be present, but not being able to do it even if the said key is present is most certainly a bug.

Flags: needinfo?(kaie)

Sounds like for the identity in question you have OpenPGP configured. If you don't want to use it for encryption, select "None" for that identity, and the problem should go away.

I agree our UI assistance isn't optimal here.

The general idea is, if you have an OpenPGP key configured for your account, you potentially send emails with encryption. If you have opted in to that protection level, you probably don't want your emails accidentally exposed by saving unprotected drafts on a remote mail server. That's why we encrypt drafts, as soon as an OpenPGP key for your account is configured.

If your key has expired, then you have still expressed the wish to potentially use encryption - but your setup is broken.

The core code doesn't allow encryption using expired keys. That means we have a conflict between the desire to use protection, and the inability to use protection.

It might be good to notify the user, if their configured OpenPGP key is no longer considered good. (The same check that we do when we decide whether to offer a key for configuration in account settings or not.)

Potentially a notification bar could be shown in the message compose window, with text like "Your OpenPGP configuration uses a key that isn't usable, you will not be able to save encrypted draft messages. Please extend or replace your key, or remove your OpenPGP configuration."

Flags: needinfo?(kaie)

I just ran into the same issue. I don't generally use PGP keys, but got the error while trying to save a draft to local files. I kept trying to understand why it was using a key to access local folders.

You need to log in before you can comment on or make changes to this bug.