Easy way to transfer over OpenPGP settings from one PC to another?

[TCW]

Hi all,

Since TB 78.2.1 turned on OpenPGP stuff, I dabbled with creating a key
for the purposes being able to read secure mail from bugzilla. I seem to
have gotten it to work ok at home since I am able to read messages for
Bug 1656987. But here at my work PC, those messages come in blank.

Is there something I can copy over from my home PC's OpenPGP info /
account to my work PC's account to make it be "synced" between the two?
Or, is there something in the OpenPGP Key Manager UI that I need to do
to export my PGP setting from home and import into my work PC? This is
all new territory so I don't want to screw it up. =)

Thanks for any help!

[Arthur Conan Doyle]

TCW <"."@.> wrote:

>Is there something I can copy over from my home PC's OpenPGP info /
>account to my work PC's account to make it be "synced" between the two?
>Or, is there something in the OpenPGP Key Manager UI that I need to do
>to export my PGP setting from home and import into my work PC? This is
>all new territory so I don't want to screw it up. =)

I haven't used PGP for some years now, but all you should need to do is export
your secret key from TB at home (Tools, Open PGP Key Manager, Backup Secret Key
to File), then import said key on your work machine.

If you ever build up a list of public keys that you'd like to use at work or
vice versa, you follow the same procedure/menu items for public keys.

That said, you should be keeping a backup copy of your secret key on a USB stick
in a safe place.

[David E. Ross]

What I explained in a Web page about this 10 years ago should still be
valid. You need to transfer your own key-pair using a secure method.
See my <http://www.rossde.com/PGP/key_mgmnt.html#xfer>.

--
David E. Ross
<http://www.rossde.com/>

[David E. Ross]

The problem with that is the risk of compromising your private key
during transmission from home to work. For example, does the E-mail
server at work archive all incoming E-mail messages as required by law
from some industries?

[Arthur Conan Doyle]

"David E. Ross" <not_me@not_there.invalid> wrote:

>The problem with that is the risk of compromising your private key
>during transmission from home to work. For example, does the E-mail
>server at work archive all incoming E-mail messages as required by law
>from some industries?

Oh, I'm not endorsing the idea of putting a personal keyring on a work machine.
There's far too much exposure to corporate IT and other individuals. Was just
answering the question on the process for doing so.

In the example you cite, I'd also be concerned about a policy violation. That
is, most corporate encryption systems use an additional corporate key that
allows unlocking messages from any employee. Use of a personal encryption system
would circumvent that capability.

There's also the problem that any corporate backup process might sweep up the
private keyring.

[TCW]

Just imported it into my TB install at work. Worked like a charm. Thanks
again for the assist.

[TCW]

Well, it worked like a charm-ish. So, at home, when a secure message
arrives in my Inbox, I can simply click on it once and it appears in the
message pane window. What I am seeing on my work PC is that when I click
on the secure message, nothing appears in the message pane window. But
if I double click the message and open in its own window, then the
message does appear with the OpenPGP Lock + green Check mark icon in the
top-right corner of the message. Then, while the secure message is open
in a new window, I can go back to my main TB window and click once on
the message and it appears in the message pane window as it does for me
at home. Looks like a bug. =\

[David E. Ross]

The key pair likely has Implicit trust at home. It will if you created
it at home. However, the Implicit trust level is removed during the
export and import process moving it to work. Assuming you imported your
complete key pair (public and private) at work, you need to indicate the
trust level for the pair as "Implicit" as a separate operation. I do
not know how to do that with Enigmamail or GPG.

With the PGP 10.1.2 GUI, I select the key and request its properties.
The properties window has "Trust" with the current trust level. To the
right of the level is a down-pointing triangle. Selecting that triangle
gives me a pull-down menu with four trust levels: None, Marginal,
Trusted, and Implicit. Implicit is disabled unless both the public and
private keys are present.

[WaltS48]

Maybe something here will be helpful.

<https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq>

--
OS: Ubuntu Linux 18.04LTS - Gnome Desktop
https://www.thunderbird.net/en-US/get-involved/
https://give.thunderbird.net/en-US/
Vote him out! Lock him up!

[Arthur Conan Doyle]

"David E. Ross" <not_me@not_there.invalid> wrote:

>Assuming you imported your
>complete key pair (public and private) at work, you need to indicate the
>trust level for the pair as "Implicit" as a separate operation. I do
>not know how to do that with Enigmamail or GPG.

It looks like you might need to Open the TB PGP Key Manager, select the personal
key properties, then make sure that the "treat as personal key" box is checked.

[TCW]

On 10/14/2020 7:48 PM, TCW wrote:

> Ok, I had to dig a bit to find where that was so I'll check for parity
> with that setting on my work PC. Again, it works but only if I open
> the secure message in its own window. Which means it is working but
> requires one extra step. I filed bug 1670702 for this issue.

Setting is ok on my work PC so it looks like it might be a bug.