I have recently upgraded from Fedora 39 to Fedora 40, and therefore from Evolution 3.50.x to 3.52.3. I use it mainly for IMAP with my main GMail account, and have not used GPG since 2019 or so, and not on this account since way longer than that (probably around 2013 or older).
Now, whenever I reply to an email with Ctrl+R, type my reply in “Markdown as HTML” format, and then hit Ctrl+Enter to send the message, I am prompted by this somewhat incomprehensible dialog:
The part of the prompt dialog that says, “The message contains your public PGP key” is false (as far as I can tell) and very confusing to me.
What could be causing this false-positive where—if I am reading that error dialog’s text correctly—Evolution is somehow… detecting my PGP key in the message I’m replying to / replying with? And what does “Send with Key” even mean? I really don’t understand this, because “Send with” does not match the usual language of “Sign with Key” or “Encrypt with Key” actions you’d normally expect with PGP-related stuff…
it’s not for replies, it’s for any new message you’ll be sending
using that account
when you look into the second image you provided, the OpenPGP Key ID
says “Use sender e-mail address”, thus it’s using the From address in
the composer to get your PGP key
it’s not a false-positive, you’ve a PGP key with the same email
address as the mail account has
by “the message contains” is really means it, it’s for an Autocrypt
feature added in time of 3.50.x. While the options were there, the user
was not asked and the public key was just sent together with the
message. The 3.52.x added the question, because I thought people are
not aware of this.
I hoped the message explains the matter kind of clearly, but it seems
it does not. If you’d have suggestions for better wording then I’ll be
happy to change it.
Huh okay, I definitely do not want it to be silently sending my key or anything like that, and I do not want it to use PGP at all unless I explicitly tell it to sign or encrypt the message, like it used to be previously. That I have an old PGP key still sitting locally in Seahorse should not affect this, when I have specifically not set its key ID into Evolution’s settings for that account, as seen in the screenshot below:
I also do not understand any of these checkboxes in the “Advanced Options” (that I don’t remember seeing before). Is it “Send own public key in outgoing emails” (and its sub-options)? If so, why is that enabled by default and active when I did not set / removed the key ID from the key ID field above?
Shouldn’t the choice prompt dialog shown earlier above say something like “Evolution can bundle your public PGP key, […]” instead of “The message contains your public PGP key,” as an opt-in the first time? Especially since the key is probably not technically bundled in the message until the user has made a choice there…
Hi,
see your screenshot, the “OpenPGP Key ID” says “Use sender e-mail
address”. I agree this is kinda hidden and the things around can be
scary, but it is how it is.
The wording in the dialog can be changed, I’m fine with that, though
the current wording is accurate, due to the technical reasons (how the
things are done under the hood). I do not think it worth it to explain
it all here.
And yes, the dialog works with the “Send own public key in outgoing
emails” option. It’s enabled by default to support Autocrypt out of the
box.
The dialog before sending helps you to make the right decision, which
is suitable for you. I regret I did not add it at the beginning.
Thank you for your explanation. Now that I see how it was arranged and what settings govern what, I think the wording could be made clearer in two areas of that account security preferences dialog:
“Use sender e-mail address” can be interpreted as either a status/explanation, or a directive. To avoid interpretation as a directive, I would recommend writing it as: “If left blank, sender e-mail address will be used to autodetect the key, if present” (or if you think that’s too long, it could be put in a tooltip on a “help symbol” icon in that GtkEntry widget)
The “ Send own public key in outgoing mails” checkbox could say:
“ Bundle my own public key in outgoing emails (enable Autocrypt)”
I believe it would then clarify that this is the main set of settings that govern this, because it was really not clear to me among other settings in the security “Advanced options”.
I also still stand by my previous wording recommendation for the prompt dialog:
Shouldn’t the choice prompt dialog shown earlier above say something like “Evolution can bundle your public PGP key, […]” instead of “The message contains your public PGP key,” as an opt-in the first time? Especially since the key is probably not technically bundled in the message until the user has made a choice there…
