[GH-ISSUE #71] Publik key in GUI cant be removed #672

New issue

Closed

opened 2026-03-14 10:02:32 +03:00 by kerem · 11 comments

kerem commented 2026-03-14 10:02:32 +03:00

Owner

Copy link

Originally created by @daggr8 on GitHub (Aug 27, 2020).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/71

Got the self hosted version up and running. Everything is working except the GPG encryption.
First i tried adding my ProtonMail public key to the recipient in the GUI, that didn't work so i followed the guide in the instructions.
I've generated new keys but when i try to delete the old public key from my default recipient in the GUI i get an error message saying.

Error
{ "message": "Server Error" }

I've added the new fingerprint to ANONADDY_SIGNING_KEY_FINGERPRINT in the .env file.

I think i have to add the public key in the GUI on the recipient as well? And then use the private key in ProtonMail to decrypt the messages.

So Q1, the keys should be generated for the e-mail address i use in .env (MAIL_FROM_ADDRESS) correct?
Q2, The recipient in the GUI is not the same e-mail address as (MAIL_FROM_ADDRESS) ofc. But that shouldn't matter?
Q3, How can i remove the public key from the GUI and add the newly generated public key?

Thanks :)

Originally created by @daggr8 on GitHub (Aug 27, 2020). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/71 Got the self hosted version up and running. Everything is working except the GPG encryption. First i tried adding my ProtonMail public key to the recipient in the GUI, that didn't work so i followed the guide in the instructions. I've generated new keys but when i try to delete the old public key from my default recipient in the GUI i get an error message saying. ``` Error { "message": "Server Error" } ``` I've added the new fingerprint to ANONADDY_SIGNING_KEY_FINGERPRINT in the .env file. I think i have to add the public key in the GUI on the recipient as well? And then use the private key in ProtonMail to decrypt the messages. So Q1, the keys should be generated for the e-mail address i use in .env (MAIL_FROM_ADDRESS) correct? Q2, The recipient in the GUI is not the same e-mail address as (MAIL_FROM_ADDRESS) ofc. But that shouldn't matter? Q3, How can i remove the public key from the GUI and add the newly generated public key? Thanks :)

kerem closed this issue 2026-03-14 10:02:38 +03:00

kerem commented 2026-03-14 10:02:43 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Aug 30, 2020):

For the ANONADDY_SIGNING_KEY_FINGERPRINTthis needs to be a private key that exists on the mail server where you are hosting the application. That way it can be used to sign forwarded emails that are encrypted.

A1: Yes you can generate a key pair on the server for the MAIL_FROM_ADDRESS and enter the fingerprint of this for the signing key variable above.

A2: The recipient will not be the same because that is the destination where email will be forwarded. This should be a real email address such as a Protonmail one, you can then add your Protonmail public key to the recipient.

A3: I'm not sure why you are getting the "Server Error" message but you can check the Laravel log file in storage/logs to see what it says. In order to remove it you can simply delete the data in the database for that recipient in the fingerprint column and change the should_encrypt column to 0.

<!-- gh-comment-id:683400406 --> @willbrowningme commented on GitHub (Aug 30, 2020): For the `ANONADDY_SIGNING_KEY_FINGERPRINT`this needs to be a private key that exists on the mail server where you are hosting the application. That way it can be used to sign forwarded emails that are encrypted. A1: Yes you can generate a key pair on the server for the `MAIL_FROM_ADDRESS` and enter the fingerprint of this for the signing key variable above. A2: The recipient will not be the same because that is the destination where email will be forwarded. This should be a real email address such as a Protonmail one, you can then add your Protonmail public key to the recipient. A3: I'm not sure why you are getting the "Server Error" message but you can check the Laravel log file in `storage/logs` to see what it says. In order to remove it you can simply delete the data in the database for that recipient in the `fingerprint` column and change the `should_encrypt` column to 0.

kerem commented 2026-03-14 10:02:49 +03:00

Author

Owner

Copy link

@daggr8 commented on GitHub (Aug 30, 2020):

Ah i see! Thank you!I've generated new GPG keys. Is there a way to see if that works?

The problem with Server Error was that i some how was missing php-gnupg. Installed it and it worked!
But when i enable the encryption for the recipient with my public key no mail arrive.
The mail.err says
Aug 30 12:21:49 mail postfix/sendmail[2649]: fatal: mailer@mydomain.com(1000): No recipient addresses found in message header

<!-- gh-comment-id:683412951 --> @daggr8 commented on GitHub (Aug 30, 2020): Ah i see! Thank you!I've generated new GPG keys. Is there a way to see if that works? The problem with Server Error was that i some how was missing php-gnupg. Installed it and it worked! But when i enable the encryption for the recipient with my public key no mail arrive. The mail.err says Aug 30 12:21:49 mail postfix/sendmail[2649]: fatal: mailer@mydomain.com(1000): No recipient addresses found in message header

kerem commented 2026-03-14 10:02:54 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Aug 30, 2020):

I'm not sure what is causing the "No recipient addresses found in message header" error, does it still show this if you toggle encryption off for the recipient?

<!-- gh-comment-id:683424695 --> @willbrowningme commented on GitHub (Aug 30, 2020): I'm not sure what is causing the "No recipient addresses found in message header" error, does it still show this if you toggle encryption off for the recipient?

kerem commented 2026-03-14 10:02:59 +03:00

Author

Owner

Copy link

@daggr8 commented on GitHub (Aug 30, 2020):

Nope :).

<!-- gh-comment-id:683424839 --> @daggr8 commented on GitHub (Aug 30, 2020): Nope :).

kerem commented 2026-03-14 10:03:04 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Aug 30, 2020):

Are you sure that the ANONADDY_SIGNING_KEY_FINGERPRINT In your .env file is correct? It should be in this format:

26A987650243B28802524E2F809FD0D502E2F695

<!-- gh-comment-id:683425999 --> @willbrowningme commented on GitHub (Aug 30, 2020): Are you sure that the `ANONADDY_SIGNING_KEY_FINGERPRINT` In your `.env` file is correct? It should be in this format: `26A987650243B28802524E2F809FD0D502E2F695`

kerem commented 2026-03-14 10:03:09 +03:00

Author

Owner

Copy link

@daggr8 commented on GitHub (Aug 30, 2020):

Yepp. But i get the same error if i remove the last digit. Just for test. Hmm.
Actually got this in the syslog this time.

Aug 30 14:19:10 mail gpg-agent[2607]: can't connect to the SCdaemon: IPC connect call failed
Aug 30 14:19:11 mail gpg-agent[2607]: failed to unprotect the secret key: Inappropriate ioctl for device
Aug 30 14:19:11 mail gpg-agent[2607]: failed to read the secret key
Aug 30 14:19:11 mail gpg-agent[2607]: command 'PKSIGN' failed: Inappropriate ioctl for device <Pinentry>

EDIT. So i removed gpg and installed gnupg1 instead
sudo apt remove gpg
sudo apt-get update -y
sudo apt-get install -y gnupg1

No errors in the log, i get the mail but also an email from Anonaddy saying my public key expired. And encryption turned off.

GPG Key Encryption Error
An error occured while trying to encrypt an email recently forwarded to you by AnonAddy.

This was likely caused because the key has expired.

The fingerprint of the key is: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Encryption for this recipient has been turned off, please update the key if you wish to continue using encryption.

I tried generating a new public key at Proton Mail and adding that one but same error.

<!-- gh-comment-id:683426523 --> @daggr8 commented on GitHub (Aug 30, 2020): Yepp. But i get the same error if i remove the last digit. Just for test. Hmm. Actually got this in the syslog this time. ``` Aug 30 14:19:10 mail gpg-agent[2607]: can't connect to the SCdaemon: IPC connect call failed Aug 30 14:19:11 mail gpg-agent[2607]: failed to unprotect the secret key: Inappropriate ioctl for device Aug 30 14:19:11 mail gpg-agent[2607]: failed to read the secret key Aug 30 14:19:11 mail gpg-agent[2607]: command 'PKSIGN' failed: Inappropriate ioctl for device <Pinentry> ``` EDIT. So i removed gpg and installed gnupg1 instead sudo apt remove gpg sudo apt-get update -y sudo apt-get install -y gnupg1 No errors in the log, i get the mail but also an email from Anonaddy saying my public key expired. And encryption turned off. ``` GPG Key Encryption Error An error occured while trying to encrypt an email recently forwarded to you by AnonAddy. This was likely caused because the key has expired. The fingerprint of the key is: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Encryption for this recipient has been turned off, please update the key if you wish to continue using encryption. ``` I tried generating a new public key at Proton Mail and adding that one but same error.

kerem commented 2026-03-14 10:03:14 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Aug 30, 2020):

I think that error is caused because you have a password on your secret key. Apparantly the GnuPG module in PHP doesn't support decrypting keys with passwords at the moment.

Please try removing the passphrase by doing gpg --edit-key <keyid> and leaving the it blank.

<!-- gh-comment-id:683428218 --> @willbrowningme commented on GitHub (Aug 30, 2020): I think that error is caused because you have a password on your secret key. Apparantly the GnuPG module in PHP doesn't support decrypting keys with passwords at the moment. Please try removing the passphrase by doing `gpg --edit-key <keyid>` and leaving the it blank.

kerem commented 2026-03-14 10:03:19 +03:00

Author

Owner

Copy link

@daggr8 commented on GitHub (Aug 30, 2020):

Same issue. Get a mail saying the the key expired. Just to clarify.
I should use the ID i see when running gpg --list-keys in the ANONADDY_SIGNING_KEY_FINGERPRINT correct?

<!-- gh-comment-id:683429576 --> @daggr8 commented on GitHub (Aug 30, 2020): Same issue. Get a mail saying the the key expired. Just to clarify. I should use the ID i see when running `gpg --list-keys` in the `ANONADDY_SIGNING_KEY_FINGERPRINT `correct?

kerem commented 2026-03-14 10:03:24 +03:00

Author

Owner

Copy link

@daggr8 commented on GitHub (Aug 30, 2020):

Huh. A reboot seems to have solved it. I guess it's a combination of gpg, gnupg1 issues.

<!-- gh-comment-id:683431726 --> @daggr8 commented on GitHub (Aug 30, 2020): Huh. A reboot seems to have solved it. I guess it's a combination of gpg, gnupg1 issues.

kerem commented 2026-03-14 10:03:29 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Aug 30, 2020):

Is it now working as expected?

<!-- gh-comment-id:683435793 --> @willbrowningme commented on GitHub (Aug 30, 2020): Is it now working as expected?

kerem commented 2026-03-14 10:03:34 +03:00

Author

Owner

Copy link

@daggr8 commented on GitHub (Aug 30, 2020):

I think so. Thank you! :)

<!-- gh-comment-id:683436031 --> @daggr8 commented on GitHub (Aug 30, 2020): I think so. Thank you! :)

kerem referenced this issue 2026-03-14 11:34:06 +03:00

[GH-ISSUE #672] [Enhancement] Display inbound rejections to the user. #1038

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.5.0

v1.4.1

v1.4.0

v1.3.8

v1.3.7

v1.3.6

v1.3.5

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.14.1

v0.14.0

v0.13.13

v0.13.12

v0.13.11

v0.13.10

v0.13.9

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.5

v0.7.4

v0.7.3

v0.7.2

v0.7.1

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/anonaddy#672

No description provided.