PGP Enigmail Problem, can no longer decrypt or sign my own messages

Question

From one day to another my Enigmail Thunderbird Plug-In stopped working and I can no longer decrypt messages send to me encrypted with my public key. Even if I wrote these messages myself.

Every time I try to decrypt a message the following error shows up:

Fehler - Entschlüsselung fehlgeschlagen
Öffentlicher Schlüssel MYKEYCODE zur Überprüfung der Unterschrift benötigt

gpg: Entschlüsselung fehlgeschlagen: Geheimer Schlüssel ist nicht vorhanden

Hinweis: Die Nachricht wurde mit folgenden Benutzer-IDs / Schlüsseln verschlüsselt: 
0xMYKEYCODE (Robert Lastname <my.mail@my-uni.de>)

I use a German Thunderbird, so here is my translation:

Error - Decryption failed
Public Key MYKEYCODE needed to verify signature

gpg: Decryption failed: Secret (private) key not found

Hint: Message was encrypted with the following User-Ids/Keys:
0xMYKEYCODE (Robert Lastname <my.mail@my-uni.de>)

How can the private key be missing? I personally encrypted the message before sending it to myself. I have been trying now for hours to solve this. I have reinstalled Enigmail a couple of times. I also reinstalled GnuPG a couple of times. I deleted all my keys and reimported them. What drives me especially crazy is, that I have another Laptop using Enigmail with the very same public-private key pair and there everything works just fine.

What makes me suspicious is that 0xMYKEYCODE from the error message is different from the code of my public-private key pair in my key manager, how can this be?

Thanks a lot in advance and cheers, Robert

EDIT: Maybe this helps: I can not sign messages on the computer that cannot decrypt, but I can sign on my other machine. So, apparently Enigmail cannot use my private key, why?

EDIT2: If I try to sign a message, it refuses with the failure "Error - wrong passphrase". That got me thinking, after re-importing all my keys, I was never ever asked to provide the passphrase that secures my public-private key pair anywhere!?

EDIT3: If I evoke

echo RELOADAGENT | gpg-connect-agent

on the laptot where encryption works, it tells me that gpg-connect-agent is not installed??? Could it be that on the laptop where it works the keys are actually managed by the gnome key ring (despite Enigmail telling me that they are managed by gpg-agent)?

However, on the laptop where the decryption no longer works, I can evoke echo RELOADAGENT | gpg-connect-agent. Thus gpg is taking care and maybe makes a mess in combination with the gnome key ring?

Answer 1

I had this problem on OSX with gpg v2 and fixed it by installing gpg v1 alongside it. Not sure if this is applicable to Ubuntu.

Answer 2

Ok I had a very simple solution to that. When sending mails to myself they were automatically encrypted. When I wanted to open them I had the same error.

Sidenote: They were automatically encrypted as my mailadress was known to my mail client and assigned a key.

Solution:

Uncheck something like "never ask for passphrase" in the enigmail settings. And then open the mail again and type in the correct passphrase.

Additional info: I thought enigmail with thunderbird was dumb so I used the commandline instead and tried to figure out my passwort by decrypting the message there with gpg --decrypt <Message>. Oddly when I typed in the correct password it didn't showed me the encrypted mail. However, in thunderbird it did then.

Answer 3

In my case, setting useGpgAgent to true actually fixed my problem. Thunderbird version 38.5.1, Enigmail 1.8.2 (20150416-1748), gpg (GnuPG) 2.0.28, libgcrypt 1.6.3.

Answer 4

You're missing the private keys. Reinstalling GnuPG and Enigmail probably won't help, as this is a problem with your GnuPG key ring.

It seems somehow your private key ring got corrupted. Recover a working version of ~/.gnupg from your backups. If you haven't got one, (start doing so now and) fetch the keys from your other computer, either by copying the whole ~/.gnupg folder, or by exporting the private key:

gpg --export-secret-keys [keyid] > secret-keys.pgp

and importing it on the computer with the broken keys:

gpg --import secret-keys.pgp

It might happen you have to delete the key before.

Answer 5

Ok, so I kind of figured it out. After setting useGpgAgent to false in the Thunderbird configuration and several restarts plus system updates later everything works again.

I think this is a very unsatisfying answer because I couldn't figure out what was actually causing the problem. I can only guess that gpg-agent doesn't work well with the gnome-keyring as well as the seahorse key manager (apparently both were installed by Ubuntu automatically when I set up the OS for the first time).

Answer 6

Having the exact same issue on Ubuntu 14.10/GNOME 3.12.

useGpgAgent was already set to false for me (in fact I didn't have have GpgAgent installed until just now) and my system is fully upgraded, so I'm afraid smCaterpillar's solution won't help me.

I've deleted the public and private keys from .gnupg, set useGpgAgent and useGpgKeytools to their respective defaults, disabled the thunderbird GNOME keyring integration extension, and I'm hoping a that similar to smCaterpillar a few restarts will do the trick.

EDIT: It just occured to me to "clear saved passphrase" from the Enigmail menu. Weirdly, Thunderbird/Enigmail tells me it cannot delete the password because I'm using GPG Agent to manage passwords. However, useGpgAgent is set to false and GPG Agent is not running.

Answer 7

I went into 'Edit Per-recipient Rules' and created a rule that will not encrypt nor sign emails I send to myself.

For the emails I could not decrypt I copied the email bodies into individual text files.

Then, from the directory where I place them I entered cat filename.txt | sudo gpg --decrypt in the terminal to see the contents of the problem emails after supplying my paraphrase filename.txt was replaced by the name of each file in turn.

Answer 8

I had the same problem: Enigmail said it couldn't find the secret key, but gpg -d just worked fine.

I then discovered that I used had a custom pinentry-program defined in .gnupg/gpg-agent.conf (in my case pinentry-qt4), which I didn't have on a new installation. Removing that line or installing pinentry-qt4 solved the problem for me.

In that case, the enigmail error message should be more specific.