End-to-end encryption issue...
I have updated two e-mail clients to V.78. Both under OS-X.
On the first I created a PGP certificate for one e-mail account and saved that. E-mails show the certificate attached with Open PGP. That worked just great.
On a mobile device I can see that certificate signed using Open PGP for encryption (obviously requiring PK exchange before encryption can take place).
On the other mac, previously equipped with several CACert Identity verification certificates for a number of accounts, I have installed the certificate exported from the first machine on its mirror account - that verifies ok - this is not a certificate import/export problem. BUT the account will not send using PGP. It defaults to S/MIME and then complains that the CACert ID certificate is non-existent or expired - in fact it was expired and was deleted months ago and so is now non-existent.
Note that on this second machine there are 5 or 6 accounts, three of which have CACert ID certificates but the account which I was working on with the PGP certificate is no longer covered by a CACert ID certificate although it was previously so covered.
Is there a way to force Thurderbird to just stick with the PGP encryption certificate and to not try to find a non-existent CACert ID certificate for this account (or at all)?
Best regards,
Ian Beeby
Chosen solution
RESOLVED - The issue was that there was a residual record that I had a key for that account:
Tools-> Account Settings -> End-to-end Encryption -> Manage S/MIME Certificates
Then find the name/e-mail address and delete the certificate authority for that account. The e-mail address you are looking for is the one which you now seek to protect with the PGP certificate.
Ian
Read this answer in context 👍 0All Replies (2)
Chosen Solution
RESOLVED - The issue was that there was a residual record that I had a key for that account:
Tools-> Account Settings -> End-to-end Encryption -> Manage S/MIME Certificates
Then find the name/e-mail address and delete the certificate authority for that account. The e-mail address you are looking for is the one which you now seek to protect with the PGP certificate.
Ian
On the other mac ... I have installed the certificate exported from the first machine on its mirror account
When exporting the key on the first machine, did you include the private key?
BUT the account will not send using PGP. It defaults to S/MIME
In a Write window, from the Security drop-down menu in the Composition Toolbar you can select which Encryption Technology to use - OpenPGP or S/MIME.
You can also select which one shall be preferred, if both, OpenPGP, and S/MIME is set up for the account. That's underneath End-To-End Encryption in the Account Settings for the particular account.