2017-03-21
Enigmail KEYEXPIRED / SIGEXPIRED error messages
I was plagued by thunderbird/enigmail in one installation not wanting to send PGP-encrypted messages. It took me a while to debug because I seemed to be the first one to come across it. The error messages are not very helpful with a lot of SIGEXPIRED in them followed by a KEYEXPIRED. I found someone with probably the same problem at Enigmail stopped working: KEYEXPIRED/SIGEXPIRED - Super User but no usable answer at that time. Searching further found me [Enigmail] enigmail won't let me encrypt messages anymore which does show another problem with old keys in the further thread. I started removing old keys showing with '00 00 00' fingerprints until I found my old 'home' key in the ring (0x2C663B5DF0D7C263). After that the error message changed to the key being unavailable. I dug through ~/.gnupgp/gpg.conf looking for mentions, and found:
#default-key F0D7C263already disabled, and:encrypt-to F0D7C263when I changed that last one to a newer and better fitting key the problem was solved. There was a mention of F0D7C263 at the end of the enigmail error message but it was hard to draw conclusions about what it was doing there. So as usual: good encryption is hard. And good error messages are hard too. I added a suggestion to the superuser.com message so others may spend less time debugging this problem.