Testing GPG EMail encryption

david at gbenet.com david at gbenet.com
Wed May 23 22:39:04 CEST 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 23/05/12 20:28, Robert J. Hansen wrote:
> On 5/23/12 3:07 PM, david at gbenet.com wrote:
>> Now I have 3 Linux Laptops. I started testing Linux distros with gpg2
>> - enigmail with Thunderbird - all 100 per cent Openpgp failed to
>> initialise with pgp2 and in fact Openpgp always signed to my private
>> key not my public key when  using percipient rules. Here is a list of
>> main Linux distros which all fail to initialise pgp2:
> 
> As you were told on the Enigmail list, thousands of people have found
> that GnuPG 2 works well with Enigmail on Linux.  I demonstrated this to
> you by sending to the list a correctly-signed email written on an Ubuntu
> 12.04LTS system using GnuPG 2.
> 
> If you're having troubles getting Enigmail to work there are many people
> who are willing to help you.  However, talking about how GnuPG 2 is
> completely broken on Linux, and how Enigmail is clearly too buggy to
> use, and everything else, is not exactly constructive.
> 
> GnuPG 2 works just fine for the overwhelming majority of Linux users.  I
> don't know what your particular problem is, but it can likely be resolved.
> 
>> Be warned - any encryption done will be to your private key and not
>> to your public key. Enigmail may fail to initialise (gpg2).
> 
> If it were encrypting to the private key, this would be a digital
> signature.  That's what a digital signature is -- an encryption
> operation using the private key.  I don't understand your complaint.  If
> you're saying "Enigmail will sign emails," well, yes, it's designed to
> do that -- but I don't think that's what you're trying to say here.
> 
>> There is no compatibility in above Linux distros  with
>> Enimail/Openpgp and gpg2 - you are best advised to stick with gpg
>> (GnuPG) 1..4.11.
> 
> I have been using Enigmail with GnuPG 2.x for literally years, and over
> that time I have had no trouble interoperating with people using other
> Linux distros or even entirely different operating systems.  This is the
> first time in all my years of using Enigmail that I have heard anyone
> tell me that Enigmail's output is not interoperable with other systems.
>  This is not to say that you're not having trouble with Enigmail -- far
> from it! -- but claiming there is "no compatibility" is a fairly extreme
> claim, and I'm going to need to see some supporting evidence.
> 
>> Now testing with a fellow Linux user revealed that if you have both
>> gpg 1.4.11 and gpg2 installed you don't get any problems. So I can
>> only conclude that gpg2 is an add-on widget to gpg 1.4.11 - gpg2 only
>> recognises gpg 1.4.11 commands.
> 
> GnuPG 2 is not an add-on widget to GnuPG 1.4.
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
I ran the debugging programme with Openpgp debugging options to console and I got the
message that with gpg2 installed one was not able to digitally sign an e-mail whilst
encrypting  to their public key which in all the named distros it encrypted to my private
key - fact.

Another user who was using Fedora-16 64 bit with gnome stated that Openpgp would not
initialise pgp2 - and me? I ran Fedora-16 32 bit - I had to reboot before openpgp would work
(so badly as was useless) with gpg2. Fact I even when and installed Fedora-16 64 bit fact
and encountered the same issues, Fact.

It is a fact that Openpgp will only work if BOTH gpg 1.4.11 and the widget gpg2 is then
added. Fact. Most Linux users have BOTH by default. Fact. That's why no one's reporting aany
problems. Fact. If you remove from your system gpg 1.4.11 then  you have real problems with
open Openpgp - even Kleopatra. Fact

Now if you don't like these facts then  that's not a problem. I have decided to tell every
one not to use gpg2 without having installed  gpg 1.4.11. Now as I haave spent the last 10
days playing with all these Linux distros and sending all these test e-mails which have
provided factual evidence as stated I  can only conclude that Openpgp will only work with
1.4.11 installed. Now I have not mentioned anything about Windows XP and the latest version
of PGP4Win which some times encrypts to my girlfriends private and not to my public key I've
not figured out that one yet - unless I install gpg 1.4.11!!

I will say this I am running Linux Mint LXDE 32 bit - on a 64 bit Acer Laptop with all
updates. My gpg-agent's running because I added it to my .xsession file. Now I  have
un-ticked the box - use agent. Now Openpgp is pretty variable in how long my passphrase
lasts - it could last all day yet it could last to the next e-mail.

But I don't trust Openpgp to honour per-recipient rules. It does not work ie it will not
encrypt to the e-mail address as set out in its own rule. Fact.

Now if you can't even trust the software to do what it says on the tin - then  you have to
go back to basics as I have done. Fact.

Now I have pointed out some serious short comings that are spread over Linux Distros and
Windows XP with Thunderbird and enigmail/Openpgp installed. Fact.

I am not angry - far from it - I got a lot of brain ache burning DVDs installing various
Linux Distros and playing with them. I would have tested more - but hey - I pointed out the
facts of my discovery. Now all my 3 Linux laptops are Mint Linux LXDE 32 bit installed with
TB gpg 1.4.11 enigmail/Openpgp - No probs. Fact. But I still do not trust enigmail/openpgp
to do anything on the tin. Fact.

Now on the whole as no one's interested in these facts - I don't much care. I worry about
sending an encrypted mail to some one's public key in case it does not work. It digitally
signs e-mails - but I have no confidence no assurance of encrypting to a public key. My
girlfriend who only sends me encrypted mail sometimes sends me encrypted mail that I cannot
read. Why? The answer is very very  simple - sometimes Openpgp/enigmail signs to your
private key and not the person your e-mailing's public key. Fact. I'm not angry about that -
why? Because the error does not happen all the time. Fact.

All I do is repeat the facts. Get 50 variants of popular Linux distros KDE/Gnome?LXDE do not
install gpg 1.4.11 just gpg2 TB Enigmail/Openpgp and have fun.

David

- -- 
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No
delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPvUroAAoJEOJpqm7flREx6c8H/21/QifwXOuHbj03rYFtJvkG
cBHVSBvt+z3z8NBSPWPkzZDQY2tKqESTU3BbPtVv8qw5/GJkv3FUNQUVeoiXZSwp
lbVeC+V36+nB9NWpLB8FuAxvggFfbrq4/+pnP+slHk9WSFtgX6Ow7D/GcPnOzC26
EQAYBb0+gimmPrrjbVjaS3sB6Qz0Y75a+ZEp+2lntr8Igna5V01R2sOfMzQFrvQF
hiIgB5OcmfD0UbPyeWgshlYHtEOO8TR53sVaOBxnMqXMT4AEYCisMyAaSkJsGPU5
5o3rEEbKcDAMd7NHs8kkilw2qKhgYYTh3RKOKiHdkumD5MgwCl2n2hviXswiJIs=
=2dcQ
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list