I did create on my home PC a secret gnuPG key. I exported it on a usb key, imported it on the notebook. KGpg agent is running and is functional. When I setup the “personality” that should use this signature in Kmail setup, the programm does not see the signature in the menu for “signature for signing” but it DOES see it in “signature for encryption”. I can successfully encrypt mails with the key but I cannot sign them with it.
I then also created another signature, directly on the notebook this time, for another purpose, it works as usual, same notebook, same session.
In KGpg all signature appear normally, they are marked as completely trusted. Anybody experienced the same? Suggestions?
Sure, this is what I did try to write, the program allows to set up the imported signature only for encryption, no for signing. Weired, no? When it proposes you the signature(s) to be used for signing, in the list of all available, the imported signature does no appear (all the other signatures do, even the ones you might create afterwards). For selection “encryption”, everything is normal AND allows to select between all my signatures, inclusive my “imported” one. Encryption is then functional and it is possible to send the message as encrypted (however not signed).
Why should one not be able to use an imported -private- secret key for signing? Is there any technical reason for this? This seems illogic, it would make consistent use of encryption impossible. If I have a secret key on one machine, I want to have the very same one on my laptop to be consistent. This includes the ability to sign and encrypt. I can encrypt, why ever wouldn’t I be able to sign my messages with the very same key I use to encrypt them?
By definition, if you send a signed message to someone, the receiver does not need a key to read it. And, you should use your key to sign it - not a public key from someone else (all public keys are publicly available anyway).
Again, when you encrypt, you use your private key to encrypt it and the receiver will need your public key.
It may well be that I am expressing myself not clear enough in order to be understood. Let me try again.
I intend with private key the one you are generating as first step, in order to crypt and sign a message, and stays in your possession…
I intend with public key the one you generate an that usually you export to a key-server or you attach it to a mail, in order to allow someone else to write to you encrypted.
I had generated a private key on my desktop PC. I also generated a public key as usual.
You will have noticed that there is the possibility in KGpg to “export you private key”. This is to transfer your private key to another PC in order to have consistent encryption. (They will tell you also that you have to keep it in a save place).
(The procedure is you right-click on a secret key and choose “export secret key”).
So, I did export on a usb key my private key (and not my public key), did read it into the laptop and gave him unconditioned trust.
KGpg does find and sees it correctly as a private key.
When I attribute this signature to a new personality of kmail, it does see it correctly as private key and offers to use it as encryption key for mails from this personality.
However if you try to attribute it as “keys for signing openpgp” from this personality, it searches the key for signing your messages, but it does not find it…but finds all my other private keys present on the laptop.
Just to discard a problem with the file (or kmail), you can try to setup
with Thunderbird that has its own way to manage openpgp keys (enigmail) and
check if that works :-?
Yeap, good idea. I will also try to create another user in kde and try there a kmail setup to see if the problem presents with a brand new kde-desktop.
But Thunderbird should be helpful to see whether it works in the current setting.
Will take some day, as I am struggling, since quite a while, to get an encrypted root partition set up. Therefore the days when I am at home I tend to undertake these “bigger works” on my poor laptop. But I will have the answer on this soon and come back posting it.
Cheers.
OK, that explains it well. Yea, if that is the case, there is something wrong. I was under the impression that you transferred your “public key” from one machine to the other.