EnigMail and OpenPGP with Mozilla Thunderbird (OS X, Debian Linux, Windows XP)

Today I have successfully installed and used EnigMail with gnupg in Mozilla Thunderbird on three different platforms: OS X 10.4, Debian Linux (testing/etch), and Windows XP sp 2. Incredibly, things just worked on OS X and Linux, but required some tinkering in Windows. Here’s what went wrong, and how I fixed it.

I created my keypair in OS X, since I installed everything there first. I then exported the key (OpenPGP Key Management : File : Export keys to File) to a file and copied it to my Linux machine, where I used the corresponding “Import Keys from File” command to import the keypair. This just worked; beautiful.

I then copied the exported keyfile to my Windows machine. However, upon installing EnigMail in Thunderbird on Windows, a wizard opened up to help me create my first keypair and make sure Thunderbird’s settings are sane for use with EnigMail. Thinking I would just delete the generated keypair and import my “real” keypair, I let the wizard finish.

I then deleted the created keypair and imported my “real” keypair, as planned. However, upon trying to sign a message, I get the following error:

enigmail> C:\Program Files\GNU\GnuPG\gpg.exe --charset utf8 --batch --no-tty -- status-fd 2 --comment 'Using GnuPG with Mozilla - http://enigmail.mozdev.org' -- digest-algo sha1 -t --clearsign -u 0x52B4252C --passphrase-fd 0 --no-use-agent gpg: skipped "0x52B4252C": secret key not available gpg: [stdin]: clearsign failed: secret key not available
enigmail.js: Enigmail.encryptMessageEnd: Error in command execution
enigmail.js: Enigmail.encryptMessage: Error in command execution

I did a good bit of googling and didn’t find anything useful; all the tests I did using my imported “real” keypair with gpg manually were successful. It was then that it dawned on me: 0x52B4252C is the identifier for the keypair that the wizard created, and not my “real” keypair. Strange, why didn’t EnigMail forget about that key when I deleted it? At any rate, it didn’t. And the wizard hard-coded the key to be used for signing things. To fix this, go to:

OpenPGP : Default Composition Options : Signing/Encryption Options… :
Use Specific OpenPGP Key ID (0x1234ABCD)

0x52B4252C (the digest of a my non-existent key) was in the box; select your “real” key and you should be good to go! I find it absolutely incredible that these very good tools are available and work well on all three operating systems. 2006 is a good year.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s