Delta Chat encrypts to subkey that is not marked with encryption flag #6520
Labels
bug
Something is not working
Comments
|
rPGP does not even have a way to get key flags without looking at the packets manually. https://codeberg.org/heiko/rpgpie has some functions for this. |
|
FTR the person solved the problem adding a new subkey for encrypting and removing the old subkey marked for authentication |
|
Just removing an authentication subkey should have worked as well. But it's generally not recommended to use the same key for signing and encryption. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is a user that has a key consisting of RSA primary key that is marked for encryption, signing and certification. And there is an authentication RSA subkey. They imported the key into Delta Chat and now receive messages that they cannot decrypt in Thunderbird, because the other side using Delta Chat is encrypting to the subkey (which should not be used for encryption) and Thunderbird tries to decrypt only with the primary key.
It's not recommended to use the same RSA key for encryption and signing at the same time, and Autocrypt specification says there should be a signing-capable primary key and encryption subkey, so this normally does not happen for Delta Chat users.
Here is a key selection function that even has a TODO:
https://github.com/deltachat/deltachat-core-rust/blob/0040c17892b0d2c1002800248bf49b455d538a02/src/pgp.rs#L246-L268
The text was updated successfully, but these errors were encountered: