Autocrypt and encrypted/signed mail from a key in pubring
Kevin J. McCarthy
kevin at 8t8.us
Sun Aug 18 22:29:50 UTC 2019
On Mon, Aug 19, 2019 at 12:04:14AM +0200, Eike Rathke wrote:
>For an encrypted and signed mail for which the key is both in the
>regular pubring and in the autocrypt pubring (and autocrypt.db), the
>signature apparently is verified using the autocrypt keyring.
Yes, this is currently a problem with putting the key in both keyrings.
Take another look at
<https://muttmua.gitlab.io/mutt/manual-dev.html#autocryptdoc-keyrings>
and especially read the third paragraph there.
Another choice would be to point $autocrypt_dir at ~/.gnupg (you can
copy the autocrypt.db file over to save yourself having to recreate
accounts). However, this will then cause Autocrypt header keys to be
imported into ~/.gnupg. If that's okay with you, this will give you
Web of Trust signature messages instead.
I've been debating switching the order, to try decrypting from the
normal keyring first instead. That would remove the need for
$autocrypt_reply. However it makes the logic more complicated and
invasive. We need to turn off "normal" error handling all over the
place then, so that an initial decrypt failure in both classic-pgp and
gpgme don't cause an abort, but only if we would subsequently be trying
autocrypt. Right now, the changes are in gpgme only, and are very
clean...
--
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20190818/8c9105ed/attachment.asc>
More information about the Mutt-dev
mailing list