PGP cannot import full key

Hello,

I’m testing eM Client’s PGP functionality and it seems there are problems importing some keys.

I’ve tried importing my own key:
https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&search=0x653909A2F0E37C106F5FAF546C8857E0…
and it failed.

If I export a minimal key from gpg then eM client imports it without problems: “gpg --export-options export-minimal --export --armor 0x6C8857E0D8E8F074”.

Unfortunately email clients (e.g. Enigmail) send full keys so eM Client cannot use them at all :-/ I believe this is a bug in eM Client as all other clients I’ve tested work with full keys.

And what to do now to receive my messages??

Wiktor, I am wondering why you want to import your public key; that is of no real use to you. Surely you want your private key?

Oh, Enigmail is not an email client. It is a Thunderbird extension.

Ton, how is that related to PGP keys?

see my yesterday’s question:

Good afternoon!

This afternoon I registered and downloaded emclient.

Two questions:

  1. Why do I receive e-mails only up to Oktober 201 6 (!!) and not from a later date, so from now?

  2. Why am I asked sometimes (so not always) for inlogcode and password? I don’t know them, but there is also no possibility to arrange new ones.

Can you pls answer me by return??

Best regards,

Ton Janssens 

Oh, sorry I didn’t provide a context. I’m evaluating eM Client as a replacement for Thunderbird/Enigmail. I setup one account on eM Client and a second one on Thunderbird and simulate an e-mail exchange to see if everything works including PGP.

Currently if I send a key from Thunderbird account (as an ASC e-mail attachment) to eM Client account the key cannot be imported. (both of these accounts and keys are mine, that’s what could’ve caused confusion here).

Wiktor, your key failed to import on Linux also! 

Ton this is not related to this issue, please create a new one if you haven’t already.

How did you do the import?

I’m testing with:

$ curl "https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&search=0x653909A2F0E37C106F5FAF546C8857E0D8E8F074&op=get" | gpg --import
 % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 134k 100 134k 0 0 134k 0 0:00:01 --:--:-- 0:00:01 253k
gpg: key 0x6C8857E0D8E8F074: 5 duplicate signatures removed
gpg: key 0x6C8857E0D8E8F074: 9 signatures not checked due to missing keys
gpg: key 0x6C8857E0D8E8F074: 5 signatures reordered
gpg: key 0x6C8857E0D8E8F074: "[redacted]" not changed
gpg: Total number processed: 1
gpg: unchanged: 1

on Windows, but I’m sure it works on Linux too as I’m frequently using this key

So your questions are not related to PGP at all. Maybe you could post them in a separate thread.

I used gpg --import filename, after saving the key from pgp.mit.edu. It failed, so I also looked at it another way without importing it. There are 178 signatures in that key.

As far as I know eM Client can’t import that. You will have to stick with a regular public key (Armoured) as you know that works.

What have I to do now to let it work well??

Could you tell me what was the error message? (for example when I save the page as HTML the header is broken: "

-----BEGIN"). Did you look at it using gpg --list-packets?

Yes, there are that many signatures because the key is well-connected in the Web of Trust.

I've never had problems with importing that key on any e-mail client. Well, most of them use gpg one way or another and eM Client uses BouncyCastle (as far as I can see from the Version header).

The key that works is not "regular" but minimized and I consider this more a workaround that standard practice, if eM Client doesn't use extra signatures maybe it would be better to just ignore it rather than fail importing a completely valid key.

I did finally manage to import it on Linux.

eM Client works differently to what I am used to though. In eM Client, a public key is considered verified without being signed or trusted. Which, when you consider that carefully, makes absolutely no sense at all. Anybody can publish a public key and eM Client will consider that a valid and trusted key.

Maybe you are correct; better to just ignore it.

I’m glad that you’ve sticked with me to the end, thanks! :slight_smile:

eM Client works differently to what I am used to though. In eM Client, a public key is considered verified without being signed or trusted. Which, when you consider that carefully, makes absolutely no sense at all.

I think this is implemented like that to keep things simple, it’s not bad for a first step and I’m very glad that eM Client supports PGP (actually it’s “OpenPGP”

Anybody can publish a public key and eM Client will consider that a valid and trusted key.

Yes, but as far as I can see eM Client does not have a mechanism for key lookup, so if you import the key you know it’s you that did that (of course this is still not 100% secure but…)

Maybe you are correct; better to just ignore it.

I guess people that use PGP more frequently will always have more signatures, so currently PGP is just for eM Client to eM Client e-mails or people that don’t use PGP frequently.

You are correct, eM Client does not have a key lookup function.

eM Client’s method with signatures is to also attach the public key to the message, so eM Client to eM Client messages will most likely work just fine, though it still involves blind trust that the message is really coming from that sender. 

On Linux, once you have imported a public key, you have to set a trust level on that key before it is considered valid for signatures in an email application such as Evolution. And one criteria you would use is who has already signed it. None of which is considered in eM Client.

However, as an encryption mechanism, it works just fine in eM Client provided you can import the person’s public key.

Yes, Enigmail displays green bar for valid signatures (key signed directly or through trusted key) or blue bar for correct signatures by unknown keys (not trusted).

I’ve played around with setting up Web of Trust paths to various people: https://pgp.cs.uu.nl/paths/6c8857e0d8e8f074/to/79be3e4300411886.html

(also I’m using Arch Linux for work, but want to use eM Client on Windows)

However, as an encryption mechanism, it works just fine in eM Client provided you can import the person’s public key.

Yes, exactly! Now when someone contacts me and I inspect their e-mail headers for “eM Client” I’ll know to send my special minimized key :slight_smile: (for other people it’s better to send full key as maybe they already trust a person that signed my key).

Have a nice day!