Closed Bug 1896327 Opened 1 year ago Closed 11 months ago

Imported GPG key not recognized, when sending - if private key is imported - works if only public key is imported

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 115
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: systems, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Steps to reproduce:

I have imported a GPG key. This is also visible in the key management. But when I want to send an e-mail to the address from the key, I always get the error that there is no key for this address.

Actual results:

The only error that appears is that no key can be found.

Expected results:

That the mail is sent in encrypted form.

After a few tests, I can describe exactly when it happens.
If TB only has the public key -> everything is ok
If TB also imports the private key -> The error occurs.

Please describe in more detail what you did.

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core
Summary: Imported GPG key not recognized, when sending. → Imported GPG key not recognized, when sending - if private key is imported - works if only public key is imported

Hello,
I have the public and the private key of a key pair, which was generated by gpg.
Then I first imported the private key into the TB and tried to send an e-mail to the address stored in the key. However, this fails with the error message that a GPG key can be found for the e-mail address.
However, if I only import the public key (after deleting the private key) it works.

And if you import the public key after you imported the private key?
I don't know if such a thing is possible, but it sounds like the public part of the the key was not imported to Thunderbird.

With modern OpenPGP keys, I have never seen that a private key, only was imported. The public key usually comes together with the public key.
However, I don't want to rule it out, so the test that Magnus suggested could be useful.

Although, here is an idea:

Maybe the private key was backed up to a file at a different time, and the meta information available there is outdated?

If you want to repeat the experiment, import the private only, then use the internal OpenPGP key manager to look at its details. Does it show all the meta information you expect, user IDs and validity dates are correct?

No response to my question in 6 months.

Status: UNCONFIRMED → RESOLVED
Closed: 11 months ago
Resolution: --- → INVALID
Resolution: INVALID → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.