Enigmail + GnuPG + Thunderbird hidden key error

Question

A friend of mine recently updated his OpenPGP keys. I cannot open the encrypted email received from that friend in my Thunderbird. I use Enigmail, and I get the following error:

Enigmail Security Info 

Error - no matching private/secret key found to decrypt message 

gpg: decryption failed: No secret key 

Note: The message is encrypted for the following User ID's / Keys: 
<hidden key>, 
<hidden key>

However, if I can decrypt the encrypted text using command line. So, it has been correctly encrypted using my keys. This is the same case with everyone who is receiving encrypted email from that friend.

So, what has gone wrong? How to fix this issue (I believe it has to fixed from that friend's side)?

Answer 1

Your friend is sending his mail using the "hidden recipient" option, which removes the recipient's key ID from the OpenPGP meta data. This is used for additional privacy (the recipient is not contained in the meta data any more), but forces your client to iterate over all available private keys. Hiding the recipient seems a little over-cautious for regular e-mail, though: the mail recipient must be stored with the mail, anyway (if you want the mail delivered).

But this should be well supported by Enigmail. Make sure your private keys are both available in gpg --list-secret-subkeys and gpg2 --list-secret-subkeys to make sure you're not having different key sets available among the different versions of GnuPG (they might be using different locations to store your private keys).

Otherwise, ask your friend to send mails without using the hidden recipient feature.

Answer 2

The sender should disable the option throw-keyids in his/her .gnupg/gpg.conf file.