On Mon, Aug 19, 2019 at 12:04:14AM +0200, Eike Rathke wrote:
For an encrypted and signed mail for which the key is both in the regular pubring and in the autocrypt pubring (and autocrypt.db), the signature apparently is verified using the autocrypt keyring.
Yes, this is currently a problem with putting the key in both keyrings. Take another look at <https://muttmua.gitlab.io/mutt/manual-dev.html#autocryptdoc-keyrings> and especially read the third paragraph there.
Another choice would be to point $autocrypt_dir at ~/.gnupg (you can copy the autocrypt.db file over to save yourself having to recreate accounts). However, this will then cause Autocrypt header keys to be imported into ~/.gnupg. If that's okay with you, this will give you Web of Trust signature messages instead.
I've been debating switching the order, to try decrypting from the normal keyring first instead. That would remove the need for $autocrypt_reply. However it makes the logic more complicated and invasive. We need to turn off "normal" error handling all over the place then, so that an initial decrypt failure in both classic-pgp and gpgme don't cause an abort, but only if we would subsequently be trying autocrypt. Right now, the changes are in gpgme only, and are very clean...
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
