• Members 2 posts
    Jan. 13, 2020, 2:35 a.m.

    I was looking at the PEP features in EnigMail, and so changed from "Force use Enigmail" to "Force use PEP".

    But looking at the certificates, it created new certificates (trusted) from my email address. It actually create two new certificates. I turn off PEP, backed up the certificates, and then deleted them. I don't think anything got encrypted / signed by them.

    I posted on the Enigmail forum, but the response was that it is a PEP issue.

    From reading the other messages, I think it may be because there is a password on the certificates, and to use gpg to remove that.

    I know PEP is supposed to be easy, but are there plans to add password support, for increased security (if someone wants to turn it on)?

    I also read something about issues with certificates for multiple addresses not working correctly.

    The other thing is that if there is an existing certificate for the email address, even with a password, or with multiple addresses, I think it should at least warn the user (not silently create a new one).

  • Jan. 13, 2020, 2:11 p.m.

    Hi, Sly,

    instead of using a passphrase we're strongly recommending using a crypto container, which is opened by login, and which is containing all the keys, too. The concepts of “crypto home” and “hard disk encryption” are fulfilling these requirements.

    The reason is that having two different passphrases (one for login, one for key passphrase) is destroying usability. p≡p is a concept for gaining usability while still having hard cryptography. If usability is not the focus then switching back to manual managed mode is recommended, because this is the only advantage p≡p can deliver. So there is no planning to support keys with passphrases.

    One thing about pass phrases: pass phrases on keys can deliver extra security. But they do this only under these circumstances:

    1. There is never key access without passphrase possible. The timeout for asking for the passphrase again must be switched off. Otherwise any application can just wait for the passphrase “protected” key ring to be unlocked and then make use of arbitrary keys while the timeout is not happening.

    2. Passphrase windows must not appear in the same GUI security context as the normal user is working in. I.e. for Windows, they must appear on a different Window station (like what is happening when you're pressing Ctrl+Alt+Delete). If passphrase windows appear on the same desktop in the same GUI security context, then a simplistic key logger like this one can render them useless: fdik.org/pp.zip

    p≡p is generating keys for all own identities/accounts, one key each. It is a possible privacy breach to have one key for multiple accounts, that's why. While it's possible to configure one and the same key for multiple accounts, in case of key reset p≡p will replace it by multiple.

    I hope these answers are helpful. If you have any other questions, please don't hesitate to ask.

    Yours,
    VB.

  • Members 2 posts
    Jan. 17, 2020, 6:35 a.m.

    Okay, I understand that the passphrase it not adding a lot of benefit over my login password. I have disk encryption on, and always lock my computer.

    So, I have removed the passphrase from my OpenGPG key.

    But, turning back on pEp still broke things: it created a bunch of new keys (6 new keys were created, all for the same email address), but at least still used the correct (oldest) key for signing outgoing messages -- I tested sending to my ProtonMail account and it accepted the signature as valid (so it must have used my old key).

    But, when I sent a message back, it was reported as "Encrypted but you don't have a key to decrypt". I turned pEp back off, deleted the extra keys, and it is working again now (i.e. decrypts the message I received).

    It seems pEp is matching the correct key for signing, but not matching for decryption, and not matching for checking for new keys (and because it keeps not matching for checking keys, it keeps creating new ones).

    One benefit: At least you convinced me that the passphrase is not adding value, and I have turned it off, which makes normal-mode Enigmail a lot easier to use. Received (or sent) emails automatically show the status, and are visible, and it is easy to sign/encrypt outgoing email. I have turned on the "attach public key", and default to have both signature and encryption (just need to click off the encrypt button if the recipient doesn't have a key).

    So, still can't use pEp, but getting 90% of the benefits from reconfiguring Enigmail anyway. About the only thing I don't have is automatic determining to not encypt (I have to turn it off).