Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Enigmail, gpg-agent trouble
fa2k
 Posted: Apr 4 2013, 08:41 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 21
Member No.: 2408
Joined: 4-April 13









Hi,

I want to use Enigmail with Thunderbird to sign e-mail messages with GPG. I have installed gnupg2, but I get an error when trying to send a message. Message box: "Failed to initialize Enigmail.
Send unencrypted message?" No message in the terminal. In "OpenPGP preferences" in thunderbird, it says Could not find GnuPG.

Is gpg-agent running?
$ ps auxw | grep gpg-agent
fa2k 1229 0.0 0.0 112144 480 ? Ss Apr02 0:01 /usr/bin/gpg-agent --sh --no-use-standard-socket --daemon --default-cache-ttl 300 --max-cache-ttl 999999
fa2k 1386 0.0 0.0 112144 476 ? Ss Apr02 0:01 /usr/bin/gpg-agent --sh --no-use-standard-socket --daemon --default-cache-ttl 300 --max-cache-ttl 999999
fa2k 31490 0.0 0.0 112144 480 ? Ss 21:27 0:00 /usr/bin/gpg-agent --sh --no-use-standard-socket --daemon --default-cache-ttl 300 --max-cache-ttl 999999
fa2k 31607 0.0 0.0 112144 476 ? Ss 21:28 0:00 /usr/bin/gpg-agent --sh --no-use-standard-socket --daemon --default-cache-ttl 300 --max-cache-ttl 999999

Yes.

I use Gnome, but I have the same trouble in KDE. I have tried to add something to .xsession, as this is suggested in many places on the web, but it doesn't work.

I aslo have a vim plugin that opens GPG encrypted files, which I use to open a file that is encrypted with my public key. It will open the file, but it asks for a password again if I close it and re-open it. On a different distro, it would remember the password for a short time (the agent, I believe).

Some other files:
$ cat .gnupg/gpg.conf
# GnuPG config file created by KGpg

default-key C03B0B3D96E0827AED10526C21133BA41D83CA16
use-agent

$ cat .gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-qt4
no-grab
default-cache-ttl 1800

As for thunderbird and enigmail, I use thunderbird from the repo and enigmail 1.5.1 from the add-on menu.

Please, do anyone have any suggestions for how to get it up and running?
PM
^
joka
 Posted: Apr 5 2013, 09:08 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 172
Member No.: 107
Joined: 28-April 11









QUOTE (fa2k @ Apr 4 2013, 09:41 PM)

I want to use Enigmail with Thunderbird to sign e-mail messages with GPG. I have installed gnupg2, but I get an error when trying to send a message. Message box: "Failed to initialize Enigmail.
Send unencrypted message?" No message in the terminal. In "OpenPGP preferences" in thunderbird, it says Could not find GnuPG.


After a long time I have tried my Enigmail plugin and got the same problem.
There's a trivial reason and solution: The original Enigmail 1.5 add-on uses the binary name "gnupg" by default.
This has to be changed in OpenGPG->Preferences->Basic->Override to: /usr/bin/gpg

QUOTE (fa2k @ Apr 4 2013, 09:41 PM)

Is gpg-agent running?
$ ps auxw | grep gpg-agent
fa2k      1229  0.0  0.0 112144  480 ?        Ss  Apr02  0:01 /usr/bin/gpg-agent --sh --no-use-standard-socket --daemon --default-cache-ttl 300 --max-cache-ttl 999999
fa2k      1386  0.0  0.0 112144  476 ?        Ss  Apr02  0:01 /usr/bin/gpg-agent --sh --no-use-standard-socket --daemon --default-cache-ttl 300 --max-cache-ttl 999999
...

gpg-agent should run only one!

QUOTE (fa2k @ Apr 4 2013, 09:41 PM)

$ cat .gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-qt4
no-grab
default-cache-ttl 1800

As a Gnome user I would expect to use pinentry-gtk wich is default if gpg-agent.conf is missing.
I don't know whether it is a problem to use pinentry-qt4 in a GNOME session, but I use pinentry-gtk.

NOTE if you have SELinux enforced: There are also some SELinux issues, especially with pinentry. I would recommend to test enigmail at least temporarily with SELinux in permissive mode. Afterwards you may generate a policy module from the audit.log by the audit2allow tool.


PM
^
fa2k
 Posted: Apr 6 2013, 02:50 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 21
Member No.: 2408
Joined: 4-April 13









Thank you very much for the reply. It didn't work right away to just specify the executable, but I will try some more things (KDE, for one. That seems to at least start 1 agent process). Alas, I can't use SELinux because of the filesystem I have, but then I at least know that it is not the cause of this problem.
PM
^
fa2k
 Posted: Apr 6 2013, 09:09 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 21
Member No.: 2408
Joined: 4-April 13









It works in KDE after setting the GPG binary! Doesn't work in Gnome even when setting the pinetry application to gtk. I think it's missing the Gnome counterparts of
/etc/kde/env/gpg-agent-startup.sh
/etc/kde/shutdown/gpg-agent-shutdown.sh
I found that if I start gpg-agent manually it will write some text to the terminal, and if I run that, and then run thunderbird in the same terminal, it works in Gnome.


I'm actually a KDE user, but it keeps crashing and I have to use something else until I get the new version which fixes the crash. This is very annoying.

Update: It still doesn't work in Gnome. I get the message "Key 0xnnnnnnn not found or not valid. The (sub-)key might have expired." when trying to send a message (key censored by me, probably not necessary)
PM
^
joka
 Posted: Apr 9 2013, 07:10 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 172
Member No.: 107
Joined: 28-April 11









QUOTE (fa2k @ Apr 6 2013, 10:09 PM)

I found that if I start gpg-agent manually it will write some text to the terminal, and if I run that, and then run thunderbird in the same terminal, it works in Gnome.

You are right. Same behaviour on my SL and CentOS 6.4 systems.
Unfortunately I don't know how to set an environment variable once for a Gnome session. In the past this was possible by ~/.gnomerc, but this start-up file is ignored on SL6.

A simple workaround, which is working for me, is a locally defined wrapper shell script "gpg-thunderbird" as follows:
CODE
#!/bin/bash
killall gpg-agent
eval $(gpg-agent --sh --no-use-standard-socket --daemon --default-cache-ttl 300 --max-cache-ttl 999999)
thunderbird

and then configure a starter for the GNOME desktop or panel (open popup menu on desktop, select "Create starter..").

Another possibility may be to use the Thunderbird-Enigmail RPM from the Remi Repo.
However, I didn't tried this myself. (You have to uninstall the original Enigmail add-on before you can use this RPM).
PM
^
fa2k
 Posted: Apr 9 2013, 10:05 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 21
Member No.: 2408
Joined: 4-April 13









Thanks for the reply. I found a way to make KDE not crash (disable effects), so I'm using that now.
PM
^
redman
 Posted: Jun 11 2013, 06:38 PM
Quote Post


Retired SLF Administrator
********

Group: Admins
Posts: 1276
Member No.: 2
Joined: 8-April 11









QUOTE (joka @ Apr 9 2013, 09:10 PM)
Another possibility may be to use the Thunderbird-Enigmail RPM from the Remi Repo.
However, I didn't tried this myself. (You have to uninstall the original Enigmail add-on before you can use this RPM).

Unfortunately you also need their version of Thunderbird.

Anybody got GnuPG and Enigmail working on SL6 with Gnome?
I have been trying but I can't get it work http://dl.dropbox.com/u/2835777/BangHead1.gif

Regardless if I use the Enigmail plugin from Mozilla or the rpms from the Remi repo, I always end up with keys that aren't detected, gpg-agens not working or too much active, Thunderbird that doesn't start after I closed it ("blahblah isn't responding, please close, etc.").

This is frustrating since I want to start working with encrypted mail.

--------------------
"Sometimes the best helping hand you can give is a good, firm push."
PM
^
joka
 Posted: Jun 12 2013, 05:34 AM
Quote Post


SLF Geek
****

Group: Members
Posts: 172
Member No.: 107
Joined: 28-April 11









QUOTE (redman @ Jun 11 2013, 07:38 PM)

Anybody got GnuPG and Enigmail working on SL6 with Gnome?
I have been trying but I can't get it work  http://dl.dropbox.com/u/2835777/BangHead1.gif

Yes, with the workaround described in my last post, the standard SL version of thunderbird and the original Enigmail add-on.:

QUOTE (joka @ Apr 6 2013, 10:09 PM)

A simple workaround, which is working for me, is a locally defined wrapper shell script "gpg-thunderbird" as follows:
CODE
#!/bin/bash
killall gpg-agent
eval $(gpg-agent --sh --no-use-standard-socket --daemon --default-cache-ttl 300 --max-cache-ttl 999999)
thunderbird

and then configure a starter for the GNOME desktop or panel (open popup menu on desktop, select "Create starter..").

And don't forget to fix the GPG binary the in OpenGPG->Preferences->Basic->Override to: /usr/bin/gpg
PM
^
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll