How does Vivaldi webmail compare to other popular email providers?
-
@far4 When you encrypt a message, no matter where, it's encrypted with the public key of the recipient.
It can only be decrypted with the private key of the recipient.
When the sender signs a message, a hash is generated of the full message using the sender's private key. Only their public key can verify that the message has not been changed. Verifying a signed message does not require unlocking a private key.
This is the basic of public key encryption.
If you encrypted the message with your Gmail pubkey, only your Gmail private key can decrypt it. Nothing else.
So my guess you simply mixed up the keys, possibly using the same key both places.
🎻Volunteer helper · Forum moderator · Sopranos tester 🛠️Troubleshooting 🐛Report a bug 📜Markdown help
🦆"With a rubber duck, one's never alone" -Douglas Adams🦆 -
@Pathduck
I understand you. I was thinking the same thing this morning and was puzzling over what was going on.
But pgp is clearly more complicated than the plain truths. Try to repeat my experience. Encrypt simultaneously with two (public) keys, one of which belongs to my key pair (or subkeys). Just do it again and you'll see for yourself.There is a practical sense in such a solution if you keep all your correspondence only in encrypted form. Because it makes it possible to decrypt all the e-mails you send.
-
@far4 said in How does Vivaldi webmail compare to other popular email providers?:
Try to repeat my experience. Encrypt simultaneously with two (public) keys, one of which belongs to my key pair (or subkeys). Just do it again and you'll see for yourself.
Nope, not going to. It will be a waste of time.
There is no "Encrypt simultaneously".
You will just end up with one plaintext message encrypted twice. You have to decrypt it twice using two different private keys.🎻Volunteer helper · Forum moderator · Sopranos tester 🛠️Troubleshooting 🐛Report a bug 📜Markdown help
🦆"With a rubber duck, one's never alone" -Douglas Adams🦆 -
@Pathduck
When you encrypt a message, it can have multiple recipients at once. Therefore, it is easy to encrypt the moment you sign. Look, here's my Sent folder. The message is stored in it in encrypted form. When I tried to read the message, I was asked for the password to the far4 private key. I entered it - and decrypted it. I sent this test message to two gmail accounts, each key has a unique security password, so it can't be mixed up. So this message is successfully decrypted with three keys and passwords at once. This is also part of pgp. Just read up on the features of pgp, it can do this.
The private key in the Vivaldi system I keep only one from far4, all others are public and cannot decrypt.
When I receive this message on my gmail, I can decrypt it with any of the three private keys. Any and one key.
-
@far4 Regular mail clients with OpenPGP have the ability to encrypt for receiver and sender key, so you can read you mail afterwards.
Thats is what you need?Creating different OpenPGP keys for signing or encryption is not the job of a webmail.
I do not really know if there is a module for Rouncube webmail to achieve this.
That should be done in commandline with GnuPG or Kleopatra or other GUI for OpenPGP keys -
@DoctorG
Yeah, it's okay. I'm just explaining that this option is also possible and has the right to exist.
I like exploring, finding implicit, interesting things about how programs work, and clarifying those things to the point of completion. -
@far4 Do you know a webmail software which can create/use different OpenPGP keys for signing and encryption?
-
@DoctorG
That's a good question!
Unfortunately, I know very little about webmail - for that matter. I haven't heard of it. May be Anonaddy? Protonmail?Android/OpenKeychain itself knows how to do this. But the associated FairEMail doesn't work properly. Or I don't know how to set it up properly. Anyway, I came across this point yesterday and was interested.
So far I don't know, haven't seen, haven't heard of any email client (on android) that works these things correctly. Might try k9mail, if it hasn't turned into a pumpkin yet.... i.e. thunderbird. There used to be OKC interoperability features there.I wonder if Vivaldi's desktop mail client can't work correctly with pgp in this case either? I don't have a computer, I can't check, unfortunately.
-
@far4 said in How does Vivaldi webmail compare to other popular email providers?:
I wonder if Vivaldi's desktop mail client can't work correctly with pgp in this case either?
OpenPGP in Vivaldi's desktop mail client is planned, but not not implemented yet.
As less users run OpenPGP the priority to add this in near future is not high. -
@far4 said in How does Vivaldi webmail compare to other popular email providers?:
Just read up on the features of pgp, it can do this.
It's been two decades since I last used PGP, but I did a quick search how it does this.
When I receive this message on my gmail, I can decrypt it with any of the three private keys. Any and one key.
That's because when you send a message to several receivers, it encrypts the message itself with a symmetric key (the same for all) then encrypts this key in the header of the document with the pubkey of the recipient.
https://www.quora.com/How-does-PGP-manage-to-encrypt-a-message-for-two-different-people
https://superuser.com/questions/554513/pgp-encrypt-single-message-for-multiple-recipients
https://security.stackexchange.com/questions/8245/gpg-file-size-with-multiple-recipientsIf the message itself was encrypted with all pubkeys of all the recipients, it could not be opened by anyone. Only each header for each recipient is encrypted with the pubkey.
