Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Avatar for Username

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

End-to-end encryption issue...

  • 2 antwurd
  • 1 hat dit probleem
  • 1 werjefte
  • Lêste antwurd fan christ1

ian102
ian102
more options

I have updated two e-mail clients to V.78. Both under OS-X.

On the first I created a PGP certificate for one e-mail account and saved that. E-mails show the certificate attached with Open PGP. That worked just great.

On a mobile device I can see that certificate signed using Open PGP for encryption (obviously requiring PK exchange before encryption can take place).

On the other mac, previously equipped with several CACert Identity verification certificates for a number of accounts, I have installed the certificate exported from the first machine on its mirror account - that verifies ok - this is not a certificate import/export problem. BUT the account will not send using PGP. It defaults to S/MIME and then complains that the CACert ID certificate is non-existent or expired - in fact it was expired and was deleted months ago and so is now non-existent.

Note that on this second machine there are 5 or 6 accounts, three of which have CACert ID certificates but the account which I was working on with the PGP certificate is no longer covered by a CACert ID certificate although it was previously so covered.

Is there a way to force Thurderbird to just stick with the PGP encryption certificate and to not try to find a non-existent CACert ID certificate for this account (or at all)?

Best regards,

Ian Beeby

I have updated two e-mail clients to V.78. Both under OS-X. On the first I created a PGP certificate for one e-mail account and saved that. E-mails show the certificate attached with Open PGP. That worked just great. On a mobile device I can see that certificate signed using Open PGP for encryption (obviously requiring PK exchange before encryption can take place). On the other mac, previously equipped with several CACert Identity verification certificates for a number of accounts, I have installed the certificate exported from the first machine on its mirror account - that verifies ok - this is not a certificate import/export problem. BUT the account will not send using PGP. It defaults to S/MIME and then complains that the CACert ID certificate is non-existent or expired - in fact it was expired and was deleted months ago and so is now non-existent. Note that on this second machine there are 5 or 6 accounts, three of which have CACert ID certificates but the account which I was working on with the PGP certificate is no longer covered by a CACert ID certificate although it was previously so covered. Is there a way to force Thurderbird to just stick with the PGP encryption certificate and to not try to find a non-existent CACert ID certificate for this account (or at all)? Best regards, Ian Beeby

Keazen oplossing

RESOLVED - The issue was that there was a residual record that I had a key for that account:

Tools-> Account Settings -> End-to-end Encryption -> Manage S/MIME Certificates

Then find the name/e-mail address and delete the certificate authority for that account. The e-mail address you are looking for is the one which you now seek to protect with the PGP certificate.

Ian

Dit antwurd yn kontekst lêze 👍 0

Alle antwurden (2)

ian102
ian102 Fraacheigener
more options

Keazen oplossing

RESOLVED - The issue was that there was a residual record that I had a key for that account:

Tools-> Account Settings -> End-to-end Encryption -> Manage S/MIME Certificates

Then find the name/e-mail address and delete the certificate authority for that account. The e-mail address you are looking for is the one which you now seek to protect with the PGP certificate.

Ian

christ1
christ1
  • Top 25 Contributor
more options
On the other mac ... I have installed the certificate exported from the first machine on its mirror account

When exporting the key on the first machine, did you include the private key?

BUT the account will not send using PGP. It defaults to S/MIME

In a Write window, from the Security drop-down menu in the Composition Toolbar you can select which Encryption Technology to use - OpenPGP or S/MIME.

You can also select which one shall be preferred, if both, OpenPGP, and S/MIME is set up for the account. That's underneath End-To-End Encryption in the Account Settings for the particular account.