PGP Enigmail Problem, can no longer decrypt or sign my own messages
From one day to another my Enigmail Thunderbird Plug-In stopped working and I can no longer decrypt messages send to me encrypted with my public key. Even if I wrote these messages myself.
Every time I try to decrypt a message the following error shows up:
Fehler - Entschlüsselung fehlgeschlagen
Öffentlicher Schlüssel MYKEYCODE zur Überprüfung der Unterschrift benötigt
gpg: Entschlüsselung fehlgeschlagen: Geheimer Schlüssel ist nicht vorhanden
Hinweis: Die Nachricht wurde mit folgenden Benutzer-IDs / Schlüsseln verschlüsselt:
0xMYKEYCODE (Robert Lastname <[email protected]>)
I use a German Thunderbird, so here is my translation:
Error - Decryption failed
Public Key MYKEYCODE needed to verify signature
gpg: Decryption failed: Secret (private) key not found
Hint: Message was encrypted with the following User-Ids/Keys:
0xMYKEYCODE (Robert Lastname <[email protected]>)
How can the private key be missing? I personally encrypted the message before sending it to myself. I have been trying now for hours to solve this. I have reinstalled Enigmail a couple of times. I also reinstalled GnuPG a couple of times. I deleted all my keys and reimported them. What drives me especially crazy is, that I have another Laptop using Enigmail with the very same public-private key pair and there everything works just fine.
What makes me suspicious is that 0xMYKEYCODE from the error message is different from the code of my public-private key pair in my key manager, how can this be?
Thanks a lot in advance and cheers, Robert
EDIT: Maybe this helps: I can not sign messages on the computer that cannot decrypt, but I can sign on my other machine. So, apparently Enigmail cannot use my private key, why?
EDIT2: If I try to sign a message, it refuses with the failure "Error - wrong passphrase". That got me thinking, after re-importing all my keys, I was never ever asked to provide the passphrase that secures my public-private key pair anywhere!?
EDIT3: If I evoke
echo RELOADAGENT | gpg-connect-agent
on the laptot where encryption works, it tells me that gpg-connect-agent
is not installed??? Could it be that on the laptop where it works the keys are actually managed by the gnome key ring (despite Enigmail telling me that they are managed by gpg-agent)?
However, on the laptop where the decryption no longer works, I can evoke echo RELOADAGENT | gpg-connect-agent
. Thus gpg is taking care and maybe makes a mess in combination with the gnome key ring?
Solution 1:
I had this problem on OSX with gpg v2 and fixed it by installing gpg v1 alongside it. Not sure if this is applicable to Ubuntu.
Solution 2:
Ok I had a very simple solution to that. When sending mails to myself they were automatically encrypted. When I wanted to open them I had the same error.
Sidenote: They were automatically encrypted as my mailadress was known to my mail client and assigned a key.
Solution:
Uncheck something like "never ask for passphrase" in the enigmail settings. And then open the mail again and type in the correct passphrase.
Additional info:
I thought enigmail with thunderbird was dumb so I used the commandline instead and tried to figure out my passwort by decrypting the message there with gpg --decrypt <Message>
. Oddly when I typed in the correct password it didn't showed me the encrypted mail. However, in thunderbird it did then.
Solution 3:
In my case, setting useGpgAgent to true actually fixed my problem. Thunderbird version 38.5.1, Enigmail 1.8.2 (20150416-1748), gpg (GnuPG) 2.0.28, libgcrypt 1.6.3.
Solution 4:
You're missing the private keys. Reinstalling GnuPG and Enigmail probably won't help, as this is a problem with your GnuPG key ring.
It seems somehow your private key ring got corrupted. Recover a working version of ~/.gnupg
from your backups. If you haven't got one, (start doing so now and) fetch the keys from your other computer, either by copying the whole ~/.gnupg
folder, or by exporting the private key:
gpg --export-secret-keys [keyid] > secret-keys.pgp
and importing it on the computer with the broken keys:
gpg --import secret-keys.pgp
It might happen you have to delete the key before.