Hi all!
I have a strange issue with kmail and gpg (TDE 14.0.4, devuan jessie) :
When I open kmail and click on an encrypted mail, pinentry-gtk-2 asks for the gpg password once. When I click on any other encrypted mail, it simply opens that mail decrypted - just as i like it. gpg-agent ist running, kpgp is running.
On a second computer and different user account when I click on an encrypted mail I get asked for the gpg password every time (which is quite naging with ~ 100 encrypted mails per day). gpg-agent is not running, kpgp is running. Starting gpg-agent by hand does not change this behaviour.
So, where should I start to look? Is it correct to assume that kmail starts kgpg which starts gpg-agent? how can I get debug output?
Nik
Dr. Nikolaus Klepp wrote:
So, where should I start to look? Is it correct to assume that kmail starts kgpg which starts gpg-agent? how can I get debug output?
1. In KGpg you have an option to activate use of gpg agent - this must be checked, so that agent starts. I think you should logout/login to the desktop.
2. When you start gpg agent manually it returns a variable, which you can export, so that all aware programs can use the same agent
export | grep GPG declare -x GPG_AGENT_INFO="/tmp/gpg-orCHGE/S.gpg-agent:4802:1"
Just use option 1. as it works well in TDE
I hope this helps
regards
Hi deloptes!
Thank you, that was the hint.
The "GnuPG agent" checkmark was set, so unset it, reboot, set checkmark, reboot, kmail worls as expected :-)
Just for the files: I used "reboot" because it's easier to get it right on the phone this way ...
Nik
Am Montag, 27. Juni 2016 schrieb deloptes:
Dr. Nikolaus Klepp wrote:
So, where should I start to look? Is it correct to assume that kmail starts kgpg which starts gpg-agent? how can I get debug output?
- In KGpg you have an option to activate use of gpg agent - this must be
checked, so that agent starts. I think you should logout/login to the desktop.
- When you start gpg agent manually it returns a variable, which you can
export, so that all aware programs can use the same agent
export | grep GPG declare -x GPG_AGENT_INFO="/tmp/gpg-orCHGE/S.gpg-agent:4802:1"
Just use option 1. as it works well in TDE
I hope this helps
regards
To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
Dr. Nikolaus Klepp wrote:
The "GnuPG agent" checkmark was set, so unset it, reboot, set checkmark, reboot, kmail worls as expected :-)
Glad to hear, however ... if it was checked and the agent was not available, it needs further investigation - possible bug?
Just for the files: I used "reboot" because it's easier to get it right on the phone this way ...
Just for the files: I did not get this part with "the phone"
regards
Hi!
The "GnuPG agent" checkmark was set, so unset it, reboot, set checkmark, reboot, kmail worls as expected :-)
Glad to hear, however ... if it was checked and the agent was not available, it needs further investigation - possible bug?
I'll post the diffs from the backups before/after operation tomorrow - as soon as I get the archives.
Just for the files: I used "reboot" because it's easier to get it right on the phone this way ...
Just for the files: I did not get this part with "the phone"
I had to guide my minon in command by phone and it turned out it's easier to order a reboot than an ordered restart of TDE :-)
Nik
Dr. Nikolaus Klepp wrote:
Hi!
The "GnuPG agent" checkmark was set, so unset it, reboot, set checkmark, reboot, kmail worls as expected :-)
Glad to hear, however ... if it was checked and the agent was not available, it needs further investigation - possible bug?
I'll post the diffs from the backups before/after operation tomorrow - as soon as I get the archives.
Just for the files: I used "reboot" because it's easier to get it right on the phone this way ...
Just for the files: I did not get this part with "the phone"
I had to guide my minon in command by phone and it turned out it's easier to order a reboot than an ordered restart of TDE :-)
Nik
I just found out that I have a configuration file
cd $HOME
cat .gnupg/gpg.conf use-agent no-greeting ... ...
This is again visible in the gui. Perhaps you could try test this with a fresh account.
regards
Hi!
Am Dienstag, 28. Juni 2016 schrieb deloptes:
Dr. Nikolaus Klepp wrote:
Hi!
The "GnuPG agent" checkmark was set, so unset it, reboot, set checkmark, reboot, kmail worls as expected :-)
Glad to hear, however ... if it was checked and the agent was not available, it needs further investigation - possible bug?
I'll post the diffs from the backups before/after operation tomorrow - as soon as I get the archives.
Just for the files: I used "reboot" because it's easier to get it right on the phone this way ...
Just for the files: I did not get this part with "the phone"
I had to guide my minon in command by phone and it turned out it's easier to order a reboot than an ordered restart of TDE :-)
Nik
I just found out that I have a configuration file
cd $HOME
cat .gnupg/gpg.conf use-agent no-greeting ... ...
This is again visible in the gui. Perhaps you could try test this with a fresh account.
After playing with the before/after-backups the problem breaks down to this (but I am not 100% sure if this is the whole story):
The workflow for setting up email accounts is this: get an create an account for the user from the admin, create a gpg-keypair with kgpg, set up kmail and verify it works unencrypted, and at last add gpg support.
So in kmail open settings-dialog, then "Identities", select an identity, "Change", open the "Crypto"-tab, "OpenPGP Key" -> Change, a dialog apears where the "search"-field is filled with the identities email-address. (this field is empty, when you already have a gpg key assoziated with this identity). Now that prefilled emailaddress does never match any emailaddress in the gnupg keyring, so the list under the search filed is empty and the user has nothing to select from. An unsuspecting user will try to use all buttons on this dialog, but it will lead to nothing. (The only way to associate a gpg key is to clear the search field)
In this state it does not matter if the "use agent"-checkmark in kgpg is set or not, it will ask for the passphrase every time. As soon as the identidy has a correct gpg key assigned to it the "use agent" settings in kgpg work.
Nik
Dr. Nikolaus Klepp wrote:
In this state it does not matter if the "use agent"-checkmark in kgpg is set or not, it will ask for the passphrase every time. As soon as the identidy has a correct gpg key assigned to it the "use agent" settings in kgpg work.
I don't see anything wrong with that. KMail asks 1 time per session for the gpg key anyway. If identity differs from the gpg key configured, it makes sense to ask in some extend.
-
deloptes -
Dr. Nikolaus Klepp