I can't stop encryption being done with a wrong key

Charly Avital shavital at mac.com
Thu May 26 21:26:39 CEST 2011

Anne Wilson wrote on 5/26/11 2:06 PM:
> I have a friend whose gpg key became corrupt.  He created a new key, and I 
> imported it.  Then we discovered that KMail insists on trying to encrypt using 
> the old key, even though I have changed his addressbook entry to reflect the 
> new key.
> At this point we thought it was a KMail issue, so I moved to Thunderbird for 
> answering his mail.  Signed mail in both directions is no problem.

That's normal.
You are verifying your friend's signature with the new public key he
created and that you imported.
Your friend is verifying your signature with your public key that is
valid and in use.

> He can 
> send an encrypted message and I can read it.  The new key is fine.

When your friend encrypts a message to you, he is using your existing
public key. This has nothing to do with your friend's new key.

> However, 
> when I send an encrypted message to him we hit the rocks.
> In Thunderbird I have only a minimal addressbook.  I set his record to use the 
> new key for encryption, and I can't see any way that Thunderbird should know 
> about the old key.  However, the test email I sent him was signed by the RSA 
> subkey of his old key.

I can't remember how KMail sets the usage of keys. I'm a Mac user, but I
have "dabbled" occasionally in Linux and some of KMail.

In Thunderbird, key usage is set in 'Per Recipient rules', that is not
the Address Book.
> Can someone please explain to me how this could be happening, and what I need 
> to do to correct it?  Should I remove his old key from my keyring?  If I do, I 
> assume that I won't be able to read his older messages.

You don't have to remove his "old" public key from your keyring.

You have to edit "Per Recipient Rules" so that your friend's new public
key (in your public keyring) is linked to his User ID (e-mail address),
and used to encrypt to him.

In Thunderbird's menu please go to OpenPGP/Edit Per-Recipient Rules,
that will launch the "Per-Recipient Rules Editor". Use the search field
to search for the entry that corresponds to your friend's user ID (his
e-mail address) or choose it manually at your convenience, click
'Modify' and make the necessary adjustments to choose your friend's new
public key as the key that will be used to encrypt to him.

Your quoted posted was composed using:
User-Agent: KMail/1.13.7 (Linux/; KDE/4.6.3;
i686; ;	), and not Thunderbird.

(Testing Shredder 3.4a1pre for Mac).

More information about the Gnupg-users mailing list