Autocrypt and encrypted/signed mail from a key in pubring

Kevin J. McCarthy kevin at 8t8.us
Sun Aug 18 22:29:50 UTC 2019


On Mon, Aug 19, 2019 at 12:04:14AM +0200, Eike Rathke wrote:
>For an encrypted and signed mail for which the key is both in the
>regular pubring and in the autocrypt pubring (and autocrypt.db), the
>signature apparently is verified using the autocrypt keyring.

Yes, this is currently a problem with putting the key in both keyrings. 
Take another look at 
<https://muttmua.gitlab.io/mutt/manual-dev.html#autocryptdoc-keyrings> 
and especially read the third paragraph there.

Another choice would be to point $autocrypt_dir at ~/.gnupg (you can 
copy the autocrypt.db file over to save yourself having to recreate 
accounts).  However, this will then cause Autocrypt header keys to be 
imported into ~/.gnupg.  If that's okay with you, this will give you 
Web of Trust signature messages instead.

I've been debating switching the order, to try decrypting from the 
normal keyring first instead.  That would remove the need for 
$autocrypt_reply.  However it makes the logic more complicated and 
invasive.  We need to turn off "normal" error handling all over the 
place then, so that an initial decrypt failure in both classic-pgp and 
gpgme don't cause an abort, but only if we would subsequently be trying 
autocrypt.  Right now, the changes are in gpgme only, and are very 
clean...

-- 
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20190818/8c9105ed/attachment.asc>


More information about the Mutt-dev mailing list