Simple PGP email problem-help!

Discussion in 'encryption problems' started by kamas, Apr 16, 2013.

Thread Status:
Not open for further replies.
  1. kamas

    kamas Registered Member

    Joined:
    Feb 24, 2013
    Posts:
    6
    I am having a simple problem. I am using PGP with thunderbird. These are the instructions I followed:
    http://www.movements.org/how-to/entry/send-receive-encrypted-email/

    I got everything working perfectly. The problem is, when I try to repeat it again on a separate computer, it will not decrypt the email. It keeps saying "Error- secret key needed to decrypt message; click on 'Details' button for more information"

    How can I solve this problem? I am following all instructions EXACTLY the way I did when I got it working before, but now it won't work on a separate computer.
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,095
    As a starting point, it would help to know what the Details button provided as information.

    Obviously, the secret key needed to decrypt the message is not available/missing or not registered/imported to your pgp key ring. Perhaps you thought you followed the instructions for setup of using Enigmail on both computers identically, however, the evidence indicates that this may not the case.

    When I follow instructions such as in your linked source for Enigmail setup, I keep a log of precisely what I do in terms of a detailed checklist so that I can backtrack myself to help debug situations such as this. I suggest you do the same.

    -- Tom
     
  3. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Keep in mind that you don't need new keys (pub and priv) when you want use PGP on another computer - so don't need to repeat "Step 7".
    If you want be able to use PGP with you key on separate computer you have to copy both: private and public keys on it.
    Look into this directory on your first computer (where you created your public and private key):
    Code:
    C:\Users\<USER>\AppData\Roaming\gnupg\
    and copy these files: pubring.gpg and secring.gpg
    Copy these files to your second computer to exactly the same directory.

    Also I believe that from Thunderbird app you should be able to do backup of your keys.
    For better keys management you can use GNU Privacy Assistant (GPA), Kleopatra or WinPT.
     
  4. kamas

    kamas Registered Member

    Joined:
    Feb 24, 2013
    Posts:
    6
    Ok, thanks for your replies. I am still having trouble but I'll work on what you said and see if it works.

    The "details" problem I mentioned before, when I click that it does not really give me any details, it just repeats the message ""Error- secret key needed to decrypt message" so it was not helpful.


    "Keep in mind that you don't need new keys (pub and priv) when you want use PGP on another computer - so don't need to repeat "Step 7"."
    I forgot to mention that I did not repeat step 7 in this case.

    "and copy these files: pubring.gpg and secring.gpg
    Copy these files to your second computer to exactly the same directory."
    I just tried this, and it seems to do something I'm not quite sure if its working right yet. Shouldn't this actually make it work on the new computer exactly the way my first computer does, since its cloning the key ring isn't it?

    I seem to have messed something up. On my first computer, I happened to setup TWO separate email addresses for PGP. on top of that, I actually somehow made two different keys for one of my email addresses. Do I have to revoke one or can I just delete one of those extra keys?

    I just found something out. My GNU Privacy Assistant (GPA) key ring has a default key, but that default key works to decrypt emails from my other account.
    Let me try to explain what i have:

    john@email.com (johns secret key)
    john_duplicate@email.com (johns duplicate secret key) -i made this by mistake

    smith@email.com (smith secret key)

    In order to open john@email.com, I will type in johns secret key. However, somehow I realized that "smith secret key" is actually the selected default key on my GNU Privacy Assistant key. I also found that whenever I decrypt any email, "smith secret key" is actually able to decrypt email when I SHOULD BE USING "Johns secret key".

    Did that make sense? Somehow, smith secret key is able to decrypt things I never meant it to decrypt.

    How can it do that? Its not supposed to be able decrypt the wrong email but it did! i just want to cancel it all and start over i know its not supposed to be so complicated.

    I appreciate your help and suggestions. would be nice to have a chat room here or something, that way i can get it setup quickly.

    Is there any way to change the "selected default key" on GPA? or is there any need to even change it?
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    It's really very simple.

    You created a GnuPG key pair on the first computer for your email address. On the first computer, you can (I'm assuming) decrypt messages sent to your email address that are encrypted to that public key.

    If you "followed the instructions" on the second computer, you created a new GnuPG key pair. The new private key can't decrypt messages that are encrypted to the first public key. If you encrypted messages to the public key from the second computer, you could decrypt them on the second computer, but not on the first.

    The solution is to export the key pair (private and public keys) from the first computer, and import it into the second one. First delete your key pair in the second computer. In Thunderbird, select OpenPGP in the menu, and then Key Management.
     
  6. kamas

    kamas Registered Member

    Joined:
    Feb 24, 2013
    Posts:
    6
    Ok, that sounds more clear, I think I am getting there! Thank you.

    When I encrypt a message, how do select which public key I want to encrypt it to? Do I do it from this menu:

    http://gyazo.com/c527be09c1c422f5bb3e42facb014806

    Do i need to select this option?:
    "Use email address of this identity to identify OpenPGPkey"
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    No, that dialog selects the private key that you will use to sign messages, and to decrypt messages that you receive.

    You specify which public key to encrypt messages to using "OpenPGP / Edit-Per-Recipient-Rules". You associate each recipient email address with the public key that they're using.
     
  8. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    It also may be called "Encrypt To Self" depending on what combo of stuff you're using.

    PD
     
Thread Status:
Not open for further replies.