On Monday, 7 July 2025 03:07:35 British Summer Time Dale wrote: > Howdy, > > I have one friend that likes to email with encrypted emails. We have > good chats so I set up encryption ages ago. It worked for a long time. > We lost contact for a bit but recently started chatting again. I think > during a upgrade the Enigmail encryption was broken. I'm not sure > when. I've tried every setting I can think of and find and it just > refuses to work. I might add, I also lost all the accumulated keys that > I had, including my own keys.
The Seamonkey email client was working with the Enigmail plugin. Mozilla's Thunderbird now uses a different inbuilt OpenPGP encryption implementation since Thunderbird 78. I understand the RNP encryption tool implementation of Thunderbird has been released by Ribose, a Hong Kong based company. You can export your key pair(s) from Enigmail or ~./gnupg and import these in the RNP, but if you have lost them then this won't help you. From what I recall the Enigmail plugin uses the default ~/.gnupg OS keyring, which can encrypt the private key with whatever algo-cipher scheme you select. Enigmail can either use its own OpenPGP.js code to access the keyring, or utilise gnupg since it is already installed in Linux. RNP on the other hand does not use the OS gnupg keyring. Instead it uses Mozilla's master password, which itself uses a weak(er) encryption. I don't know if this option was chosen by Mozilla for <aheam!> "... your safety and convenience", or as they claim a licensing issue. > This is one reason I think something got > borked during a upgrade. The error I get is this. > > > Enigmail Security Info Error - decryption failed Error: Error during > parsing. This message / key probably does not conform to a valid OpenPGP > format. Hmm ... I suspect this error is caused because Seamonkey is no longer supported by Enigmail - see bottom post here: https://sourceforge.net/p/enigmail/forum/support/thread/b0e5a6791d/ I'm not sure, but I think the error message implies the content of the message is meant to be parsed as a stream of ciphertext and decrypted in chunks according to a more up to date GnuPG security improvements, but your Enigmail's OpenPGP.js library can't deal with it: https://github.com/openpgpjs/openpgpjs/releases/tag/v4.0.0 > If someone knows of a fix for this, I'm fine with just fixing it. Someone more clued up on these technologies could advise, but until wiser minds contribute you could: 1. Use a more up-to-date OpenPGP.js and the hope Enigmail in Seamonkey will function as expected: https://github.com/openpgpjs/openpgpjs 2. Change Enigmail's advanced preferences from using OpenPGP.js to using your Gentoo GnuPG, '/usr/bin/gpg': https://enigmail.net/index.php/en/user-manual/advanced-operations 3. Move to T'bird and put up with its RNP implementation. You can export your key pair with gpg when you find it from ~/.gnupg and import it in RNP. 4. Use a different mail client which works with OpenPGP. > If > not, how do I reset this back to scratch and set up encryption again? You can create a new key pair, using Enigmail and forget about your old key pair for now. However, if you stick with Seamonkey-Enigmail and my suggestion in 1. above still does not work, you could run into the same format problem even if you are using a newly created key pair. You could try option 2. above to see if using GnuPG as the back end for Enigmail will work with Seamonkey and any old or new keys. > I > found the folder /home/dale/.gnupg/ but I'm not sure if I can delete the > whole thing, just parts of it, just a single file or I have to do it > another way. Another way - please see above. You do not have to delete old keys to create and start using new key pairs. The old private keys are still necessary if you want to access previously encrypted files/messages. HTH.
signature.asc
Description: This is a digitally signed message part.
