I’m learning to become a security researcher and I somehow haven’t played around with PGP until now. It’s pretty neat - although not many people use it. I’m trying to add a key pair I generated using Kleopatra and Gpg4win on my Windows 10 machine and import them to my eM Client. The keys say they are imported properly and that they are available on the eM Keybook; however, when I try sending an encrypted and or signed test message to another one of my addresses, I get the following error:
S/MIME certificates for the following addresses are not valid: [sender's address] (A certificate chain processes, but terminated in a root certificate which is not trusted by the trust provider)
Do you want to send this email unencrypted?
I get this error with any combination of signing or encrypting while composing. I also toggled between S/MIME and inline pgp in the settings.
Does eM Client require that the keys I just generated be validated by a CA? Do I have to add them to my webserver/email server somehow? With my current understanding of PGP, messing with the email server or a CA isn’t necessary.
Some details:
Windows 10 build 18363
eM Client 8.1.979
The keys were generated with 2 rounds of 3072 bit RSA in Kleopatra Gpg4win 3.1.15
I tried re-creating keys with the default settings in the eM Client Certificates and Keys manager and I’m getting the same error. It just doesn’t work for me and I can’t figure out why. Any ideas?
From this sentence, I get the impression that you created your PGP key pair only for account A and then tried to send an encrypted message to account B. This won’t work unless you have set up a key pair for account B. Otherwise, you should be able to send an encrypted message from B to A using A’s public key.
To send an encrypted message to someone, you only need your own private key and the recipient’s public key.
To send a signed message, you only need your private key.
It is not necessary to add the keys to the Keybook. Key servers are just a service so others can find your public key if you have not attached it to the message.
Ok, I understand this, I just thought adding the addresses to the Keybook would help in some way. I’m trying different combinations of things as I’m troubleshooting this.
But regardless, I can’t send signed emails either, which wouldn’t require the recipient’s keys at all.
I’m doing some more googling - with duckduckgo - and I’m seeing a lot of other Microsoft users getting a similar error message in regards to VPN clients and other things. A lot of the solutions seem to involve adding the certificate chain to the Windows Trusted Root Certification Authorities, but surely this isn’t necessary to send and receive encrypted/signed emails with eM Client right? That’s where I’m struggling. I don’t understand how eM Client implements native PGP and I don’t think the instructions are complete because I’m probably missing something even though I followed the guide.
I’m just gonna give up on native PGP in eM Client. It’s easier to encrypt the message and send the cyphertext in an email anyway. I was really hoping to get PGP signing to work though.
Old I realise, but I had the same problem and solved it by deleting the folder /Users/myname/AppData/Roaming/emClient (actually renamed it for safety) and then going back into emClient and setup from scratch again - signing then worked