Wrong OpenPGP key used when sending signed-only email

[tigernero79]

I have recently noticed that if I set the sending of an email with the openpgp signature only option, I don't have the possibility to choose which identity to use. k9 v5.718 uses the first signature key available in openkeychain although it is not even that of the email from which I send. then an email is sent with the address xxx @ xxx signed by a yyyu @ yyy identity how to choose which signature key to use? I have no choices

[tigernero79]

in practice I have two of my signature keys, one for email nero79@msn.com the other for sogesi@email.it both in openkeychain, when I send signature-only emails from sogesi@email.it to nero79@msn.com it puts me a signature of nero79 and not that of sogesi@email.it which is the email from which I send. I can choose which signature to use. another thing when instead crypto email is also sent with signature? I can choose to send encrypted email without signature or encrypted with signature if yes where you choose?

[cketti]

When composing messages K-9 Mail will never ask you which OpenPGP key to use for signing. The OpenPGP key associated with a K-9 Mail account is configured under Settings > [Account] > End-to-end encryption > Configure end-to-end key/Using key: …. Currently we don't support different OpenPGP keys for different identities configured for an account. The feature request for that is #942.
When sending messages the OpenPGP key that is used for signing is determined by the selected (K-9 Mail) identity. Or, more precisely, by the account the identity belongs to.

From your description it's not clear to me what you're doing exactly and what goes wrong. I was able to send a message with the wrong signature using the following steps (that's a bug):

1. Set up two accounts in K-9 Mail and enable end-to-end encryption for both
2. Open the compose screen (From address is account1@demo.example)
3. Enter a recipient address (in my case it was to an unrelated address not configured in K-9 Mail)
4. Select "Enable PGP Sign-Only" from the menu
5. Select the other account as the From address (account2@demo.example)
6. Send the message -> Message is signed using the first account's key (account1@demo.example)

Is this the problem you're experiencing?

[tigernero79]

@cketti

yes, that's it. I personally have two emails in my openkeychain and if I send from my second email with signature only he uses signature from the first email. yes this was the bug

[GNUDimarik]

@tigernero79 how did you check which key was used?

[GNUDimarik]

nevermind. I configured openpgp for thundebird on windows and I can see now keys are the same on the both addrs

[tigernero79]

@tigernero79 how did you check which key was used?

for informational purposes, I noticed doing application tests. I have my private Key generated on yubico 5 Nfc, to which I then associated 4 other identities (email) obviously on yubico token there is only one email but on the Key servers updated with the other identities thanks to gnupgp and Kleopatra. when I returned a message other than the main identity (nero79@msn.com), using another identity see (nero79@email.it) the recipient received the signature of the main identity and not the real one which was sent giving me an error signal. these using your beautiful k9 mail application.

when a new k9 version that solves this problem? thank you.

[GNUDimarik]

@tigernero79 thanks for update. I checked key from sender in thunderbird during testing