[Enigmail] enigmail's new handbook - for 1.8 : smartcard reset

Philip Jackson philip.jackson at nordnet.fr
Sat Mar 21 20:15:54 CET 2015


Hi Ludwig :

On 21/03/15 16:26, Ludwig Hügelschäfer wrote:
> We'll collect
> feedback for a time and publish a corrected version afterwards.

Another comment connected with smartcard usage.  In the new handbook, next to
last paragraph on page 98, it says :

> The card is used to store the actual secret key. A secret key stub remains
> within the secret keyring so that gnupg knows about the key on the card and
> can prompt you to insert the card if it is needed and perform key operations.

It would be good if enigmail did prompt the user to insert the missing card.
However, after several tries, I can say that (in linux TB 31.5.0 and enigmail
1.9a1pre nightly) no such prompt is received.

	1. Sending a signed email

What does happen when trying to send an email where signing is required (either
on its own or in combination with encryption) is that an anonymous enigmail
alert is given :

"Error - encryption command failed"

 - pressing OK button brings up another message box :

"Sending of message failed.
Please verify that your Mail and Newsgroups account settings are correct and try
again"

While the first (Enigmail alert) message is certainly correct, it does not hint
at the nature of the problem.  The second message is also correct in so far as
the sending did fail but it makes a suggestion which is misleading and not at
the heart of the problem.

The heart of the problem being that the smartcard is not inserted.

	2. receiving an encrypted email

Without the smartcard being inserted, the encrypted mail causes a pink enigmail
header :  "Decryption incomplete; click on 'Details' button for more information"

The Details button provides an enigmail alert :

"Enigmail Security Info

Decryption incomplete
Public key 0xZZZZZZZZZZZZZZZZ used to verify signature

Note: The message is encrypted for the following User ID's / Keys:
  0xZZZZZZZZZZZZZZZZ (Abc Xyz) <abc.xyz at example.com>)"


Although this implies that the secret key has not been found, there is no
explicit warning that the secret key is not available and that the smartcard
should be inserted.

By way of a conclusion, I would say that the current text in the handbook is not
exactly correct but it would certainly be a nice feature to have available in
enigmail.  (Especially since I already made this mistake.)

Perhaps others will know if the behaviour I have quoted is the same under
Windows and Mac.

Philip

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/attachments/20150321/d2fd5b00/attachment.sig>


More information about the enigmail-users mailing list