Closed Bug 1922972 Opened 1 year ago Closed 1 year ago

Encryption keys are not assigned to one account holding two emails in different identities.

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 115
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: skaltar, Unassigned)

Details

Steps to reproduce:

I have two OpenPGP keys on one account, using two emails on two identities.

  • I use one account with a default identity.
  • I add a second identity with a new email.
  • I add an OpenPGP key to one account, on the default identity.
  • I swap the default identity.
  • I add an OpenPGP key to the one account, on the second identity updated as the default.

Actual results:

Only the default identity encrypts and decrypts with the OpenPGP key.

Expected results:

An identity should be associated to its OpenPGP key when reading emails on one account holding email aliases.

Thunderbird does not consistently assign an OpenPGP key to the email account. As I triage the bug, I am able to define the default identity on an account to suggest the correct key. Thunderbird would be expected to handle identities with unique encryption keys and unique aliases.

(V115 is EOL, upgrade to v128)

Not sure what you're reporting. Those settings are per identity. Which one is default shouldn't matter.

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core

The same account with different identities does not manage two OpenPGP keys simultaneously. Only the default alias and identity are associated to a key.

Did you notice that in account, when managing identities, there is an identity-specification end-to-end encryption section, which can be used to assign other keys to the separate identities?

Is this what you are looking for? If not, can you please explain why this doesn't help?

Flags: needinfo?(skaltar)

I noticed this in one single account managing two identities of two aliases to the same account. The End-To-End Encryption only shows the keys to the default identity. If I create a new key to a second identity, by selecting the identity, then the key is missing and states it must be imported.

I will update Thunderbird. The keys are managed partially. The second key is created, except is not associated with the account on the End-To-End Encryption options.

Flags: needinfo?(skaltar)

I updated to v128. The End-To-End Encryption settings do not recognize a generated key as part of an identity, except of the default. The key seems to associate correctly when drafting a new message, however. This is different than in v115. I will still need to test the encryption while drafting and reading mail, and not only on the settings page.

The OpenPGP key is not correctly associated with an identity under the same account, neither in settings nor drafting. The issue seems to be in the selection process because the same key is sometimes found correctly, but it is otherwise found missing.

(In reply to Magnus Melin [:mkmelin] from comment #2)

(V115 is EOL, upgrade to v128)

Not sure what you're reporting. Those settings are per identity. Which one is default shouldn't matter.

The settings are per identity. The default seemed to adjust the selected key during encryption. The second identity does not correctly associate to its own key, neither in settings nor when reading or drafting emails. There is a chance the key is found or left missing.

I believe I understand what you are saying, but I cannot reproduce.
Here is what I did, using tb 128

configured email account "y"

added second identity "y2"

went to default e2e settings
generated a new key for y

go to identity settings
set y2 as default

(my observation: The default identity changes to y2, and the secondary identity is y.
the default e2e settings no longer show an assigned key (for y2), but when using identity settings, a key is still assigned to y.)

go to default e2e settings
generate new key for y2

go back to identity settings
click manage identities

i used "edit" for both, and I see the correct keys assigned

If you want to use an openpgp key with a configured account or identity, the user ID in the openpgp key MUST contain an email address that matches the email account of the identity.

Is that maybe your problem? Is Thunderbird unwilling to use a key that doesn't contain a matching user id?

Updating the version fixed the issue.
(In reply to Jaime from comment #6)

I updated to v128. The End-To-End Encryption settings do not recognize a generated key as part of an identity, except of the default. The key seems to associate correctly when drafting a new message, however. This is different than in v115. I will still need to test the encryption while drafting and reading mail, and not only on the settings page.

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.