Fails to sign a message after gnupg2/gpgsm upgrade
|
View:
New views
14 Messages
—
Rating Filter:
Alert me
|
 |
Fails to sign a message after gnupg2/gpgsm upgrade
by Jean-Luc Coulon (f5ibh)-2
::
Rate this Message:
Hi, I've updated gnupg2/gpgsm from 2.0.11-1 to 2.0.12-1 (Debian sid) Since that Balsa refuses to sign a message, there is a popup saying gpgsm is unable to sign the message because the passphrase is wrong (the passphrase is cached in my case). I've 1st reverted gpgsm without improvment and then gnupg2 which fixes the problem. Any idea ? Albrecht ? Regards Jean-Luc _______________________________________________ balsa-list mailing list balsa-list@... http://mail.gnome.org/mailman/listinfo/balsa-list |
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Albrecht Dreß-2
::
Rate this Message:
Hi Jean-Luc:
Am 26.08.09 14:02 schrieb(en) Jean-Luc Coulon (f5ibh): > I've updated gnupg2/gpgsm from 2.0.11-1 to 2.0.12-1 (Debian sid) > > Since that Balsa refuses to sign a message, there is a popup saying > gpgsm is unable to sign the message because the passphrase is wrong > (the passphrase is cached in my case). Hmm, that's really strange. It sounds a little bit as if the agent communication is broken. Can you please try the following: - in a shell, run 'echo $GPG_AGENT_INFO' which should show something like "/tmp/gpg-EKhTLm/S.gpg-agent:<pid>:1". Verify that the pipe and the process (<pid>) exist; - from the shell, run "gpg --sign" which should pop up the passphrase dialogue (pinentry). If it doesn't, there is a communication problem between gpg and the agent; - if both above work, try to run balsa from the shell. If it works there, then the agent variable is not communicated properly through the window manager. Sorry, this is probably not very helpful... best Albrecht. _______________________________________________ balsa-list mailing list balsa-list@... http://mail.gnome.org/mailman/listinfo/balsa-list |
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Peter Bloomfield
::
Rate this Message:
|
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Albrecht Dreß-2
::
Rate this Message:
Am 26.08.09 20:17 schrieb(en) Peter Bloomfield:
>> - from the shell, run "gpg --sign" which should pop up the >> passphrase dialogue (pinentry). If it doesn't, there is a >> communication problem between gpg and the agent; > > OK, no popup, just "You need a passphrase to unlock the secret key > for..." on the console. O.k., then the agent is not able to communicate with pinentry... this is *not* a Balsa issue, but a more fundamental one, which will let any application using gpg (or gpgme) fail. You should have a look at your ~/.gnupg/gpg-agent.conf file, and check if it still points to a valid pinentry application - maybe the new pinentry packages shifted the install folder? You could add the '--log-file' and '--debug-all' options to the agent (or gpg-agent.conf) and check the error output. To check pinentry itself, launch it from the shell and then type 'GETPIN' which should pop up a dialogue and ask for 'PIN:'. Sorry, I cannot check this here, as Ubuntu still comes with an old package, at least on the PowerPC... Hope this helps, Albrecht. _______________________________________________ balsa-list mailing list balsa-list@... http://mail.gnome.org/mailman/listinfo/balsa-list |
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Peter Bloomfield
::
Rate this Message:
On Aug 26, 2009, at 2:41 PM, Albrecht Dreß wrote:
> Am 26.08.09 20:17 schrieb(en) Peter Bloomfield: >>> - from the shell, run "gpg --sign" which should pop up the passphrase >>> dialogue (pinentry). If it doesn't, there is a communication problem >>> between gpg and the agent; >> >> OK, no popup, just "You need a passphrase to unlock the secret key >> for..." on the console. > > O.k., then the agent is not able to communicate with pinentry... this is > *not* a Balsa issue, but a more fundamental one, which will let any > application using gpg (or gpgme) fail. Balsa, and got the same console message, still no popup. > You should have a look at your ~/.gnupg/gpg-agent.conf file, and check > if it still points to a valid pinentry application - maybe the new > pinentry packages shifted the install folder? You could add the > '--log-file' and '--debug-all' options to the agent (or gpg-agent.conf) > and check the error output. My ~/.gnupg/gpg-agent.confhasn't had a "pinentry-program" entry for a while; I added one, but still didn't get a popup from gpg. The installation looks the same as always: /usr/bin/pinentry -> /etc/alternatives/pinentry -> /usr/bin/pinentry-gtk -> pinentry-gtk-2. > To check pinentry itself, launch it from the shell and then type > 'GETPIN' which should pop up a dialogue and ask for 'PIN:'. Yes, that works. Peter _______________________________________________ balsa-list mailing list balsa-list@... http://mail.gnome.org/mailman/listinfo/balsa-list |
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Albrecht Dreß-2
::
Rate this Message:
Am 26.08.09 21:16 schrieb(en) Peter Bloomfield:
>> O.k., then the agent is not able to communicate with pinentry... >> this is *not* a Balsa issue, but a more fundamental one, which will >> let any application using gpg (or gpgme) fail. > > I tried "gpg --sign" with the downgraded gnupg2 package, which works > with Balsa, and got the same console message, still no popup. Ummm, actually, you have to run "gpg2", not gpg, sorry... And are you sure the agent's cache is empty, when you run gpg2? Otherwise, gpg[2] will dump the message, but silently fetch the passphrase from the agent without launching pinentry. You can test this by calling 'gpg2 --sign -a', type some text, and then <ctrl>-<d>, which will dump the usual armored signature block. Now, does Balsa also work if you start it from the same console for which running gpg2 as above was successful? Can you check from balsa's startup messages that it *really* uses a gpg[2] engine which exists (maybe the install location changed...)? You could also try to run balsa with "GPGME_DEBUG=5:gpgme-balsa.log balsa" and look into gpgme-balsa.log if it provides more insight. Did you see anything from adding debug output to the agent? Cheers, Albrecht. _______________________________________________ balsa-list mailing list balsa-list@... http://mail.gnome.org/mailman/listinfo/balsa-list |
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Jean-Luc Coulon (f5ibh)-2
::
Rate this Message:
Dear Albrecht & Peter,
Le 26/08/2009 21:59:42, Albrecht Dreß a écrit : >Ummm, actually, you have to run "gpg2", not gpg, sorry... > >And are you sure the agent's cache is empty, when you run gpg2? >Otherwise, gpg[2] will dump the message, but silently fetch the >passphrase from the agent without launching pinentry. You can test >this by calling 'gpg2 --sign -a', type some text, and then <ctrl>-<d>, > >which will dump the usual armored signature block. > For me, With 2.0.11-1 ============= [jean-luc@tangerine] % gpg2 --sign -a You need a passphrase to unlock the secret key for user: "Jean-Luc Coulon (f5ibh) <jean-luc.coulon@...>" 1024-bit DSA key, ID 3CC69CD0, created 2001-09-07 sjkdjsqkjd jqkjdksqj -----BEGIN PGP MESSAGE----- Version: GnuPG v2.0.11 (GNU/Linux) owGbwMvMwCQYeLEt3ubYnAuMp6WTGLymzswszspOySouzM5K4coCkdnFhVlcHfbM rCDZPJhyQaawYoZ5qnpbTDwrH/703Gct9/uXprbfOa82hrnCn2vKKkxbrU7lf49+ wXn/5aUDpTcA =xt5t -----END PGP MESSAGE----- With 2.0.12-1 =============[jean-luc@tangerine] % gpg2 --sign -a You need a passphrase to unlock the secret key for user: "Jean-Luc Coulon (f5ibh) <jean-luc.coulon@...>" 1024-bit DSA key, ID 3CC69CD0, created 2001-09-07 gpg: problem with the agent: Not supported gpg: no default secret key: General error gpg: signing failed: General error Regards Jean-Luc _______________________________________________ balsa-list mailing list balsa-list@... http://mail.gnome.org/mailman/listinfo/balsa-list |
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Peter Bloomfield
::
Rate this Message:
On Aug 26, 2009, at 3:59 PM, Albrecht Dreß wrote:
> Am 26.08.09 21:16 schrieb(en) Peter Bloomfield: >>> O.k., then the agent is not able to communicate with pinentry... this >>> is *not* a Balsa issue, but a more fundamental one, which will let any >>> application using gpg (or gpgme) fail. >> >> I tried "gpg --sign" with the downgraded gnupg2 package, which works >> with Balsa, and got the same console message, still no popup. > > Ummm, actually, you have to run "gpg2", not gpg, sorry... > > And are you sure the agent's cache is empty, when you run gpg2? > Otherwise, gpg[2] will dump the message, but silently fetch the > passphrase from the agent without launching pinentry. You can test this > by calling 'gpg2 --sign -a', type some text, and then <ctrl>-<d>, which > will dump the usual armored signature block. a signature block without prompting me for a passphrase. > Now, does Balsa also work if you start it from the same console for > which running gpg2 as above was successful? Yes. > Can you check from balsa's startup messages that it *really* uses a > gpg[2] engine which exists (maybe the install location changed...)? [me ~]$ balsa ** Message: init gpgme version 1.1.8 ** Message: protocol OpenPGP: engine /usr/bin/gpg2 (home (null), version 2.0.11) ** Message: protocol CMS: engine /usr/bin/gpgsm (home (null), version 2.0.11) ** Message: protocol (null): engine /usr/bin/gpgconf (home (null), version 2.0.11) > You could also try to run balsa with "GPGME_DEBUG=5:gpgme-balsa.log > balsa" and look into gpgme-balsa.log if it provides more insight. OK--I upgraded again, and ran Balsa that way, and the only sign (to me!) of anything wrong comes at lines 302ff: _gpgme_cancel_with_err (ctx=0x168f950): enter: ctx_err=117440523 _gpgme_remove_io_cb (data=0x1da0a40): call: setting fd 0x1c (item=0x1da0a60) done gpgme:gpg_io_event (gpg=0x168eb80): call: event 0x7f514cdae510, type 1, type_data 0x7fff79b5b13c _gpgme_cancel_with_err (ctx=0x168f950): leave gpgme_op_sign_start (ctx=0x168f950): error: Bad passphrase <GPGME> But I wouldn't say I got any insights from it! > Did you see anything from adding debug output to the agent? Not on the console. Peter _______________________________________________ balsa-list mailing list balsa-list@... http://mail.gnome.org/mailman/listinfo/balsa-list |
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Jean-Luc Coulon (f5ibh)-2
::
Rate this Message:
|
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Albrecht Dreß-2
::
Rate this Message:
Hi Jean-Luc & Peter:
Am 26.08.09 22:35 schrieb(en) Jean-Luc Coulon (f5ibh): > [jean-luc@tangerine] % gpg2 --sign -a > > You need a passphrase to unlock the secret key for > user: "Jean-Luc Coulon (f5ibh) <jean-luc.coulon@...>" > 1024-bit DSA key, ID 3CC69CD0, created 2001-09-07 > > gpg: problem with the agent: No pinentry > gpg: no default secret key: General error > gpg: signing failed: General error There's something broken with gpg2, afaict... > I use seahorse normally. Please be sure that you use *either* gpg-agent *or* the agent coming with seahorse (seahorse-agent?). I prefer using gpg-agent; as iirc seahorse-agent doesn't support the ncurses terminal if, and doesn't support all stuff needed by gpgsm. What you could do for testing: (1) Terminate all running gpg-agent's (killall). Run "ps auxw | grep agent" to check they are *really* gone (on my Ubuntu box, 'killall gpg-agent' left a Zombie, which didn't do any harm). (2) Run the command "gpg-agent --daemon --no-detach --debug-level guru --log-file ./gpg-agent.log". It will give you a line reading like "GPG_AGENT_INFO=/tmp/gpg-ZnjGbt/S.gpg-agent:7049:1; export GPG_AGENT_INFO;". Enter this line. (3) Now run "gpg2 --sign -a". If I give the agent a bad (non-existent) pinentry, it will print out information about that both in the gpg2 session and in the file ./gpg-agent.log. Maybe that gives some more insight. You could also try to use a different pinentry (like the qt version) - in the past, there were issues with suid-root Gtk+ applications. Hope this helps, Albrecht. _______________________________________________ balsa-list mailing list balsa-list@... http://mail.gnome.org/mailman/listinfo/balsa-list |
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Jean-Luc Coulon (f5ibh)-2
::
Rate this Message:
|
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Albrecht Dreß-2
::
Rate this Message:
Hi Jean-Luc:
Am 27.08.09 21:52 schrieb(en) Jean-Luc Coulon (f5ibh): > The first time, I tried the gpg2 --sign -a command with only the gtk > version of pinentry on the system. The second time, I had the 3 > versions. > > (Who chosse the right binary?) There is an entry "pinentry-program" in ~/.gnupg/gpg-agent.conf, or, if you just want to test, you can extend the command I sent earlier by explicitly telling the agent which pinentry to use: gpg-agent --daemon --no-detach --debug-level guru --log-file ./gpg-agent.log --pinentry-program /path/to/pinentry > Attached the log files. (suffix -pinetry-gtk for the 1st case and - > pinentry-curses with the 3 versions installed). [snip] > gpg-agent[7202]: can't connect server: `ERR 67109133 can't exec > `/usr/bin/pinentry-gtk': Aucun fichier ou dossier de ce type' Hmm, unfortunately I do not understand French, but this is actually what we're looking for! ------Zitierte Anlage "gpg-agent.log-pinentry-curses"------ > 2009-08-27 21:44:16 gpg-agent[12256] starting a new PIN Entry > gpg-agent[12256]: can't connect server: `ERR 67109133 can't exec > `/usr/bin/pinentry-gtk': No such file or directory' The agent still uses pinentry-gtk, as the config option wasn't touched, and it cannot find /usr/bin/pinentry-gtk... I guess this is the English translation of the French message above? So, where is pinentry-gtk installed? Is is executable? Cheers, Albrecht. _______________________________________________ balsa-list mailing list balsa-list@... http://mail.gnome.org/mailman/listinfo/balsa-list |
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Jean-Luc Coulon (f5ibh)-2
::
Rate this Message:
|
|
|
Re: Fails to sign a message after gnupg2/gpgsm upgrade
by Peter Bloomfield
::
Rate this Message:
On 08/26/2009 08:02:40 AM Wed, Jean-Luc Coulon (f5ibh) wrote:
> > Hi, > > I've updated gnupg2/gpgsm from > 2.0.11-1 to 2.0.12-1 (Debian sid) > > Since that Balsa refuses to sign a message, there is a popup saying > gpgsm is unable to sign the message because the passphrase is > wrong (the passphrase is cached in my case). > > I've 1st reverted gpgsm without improvment and then gnupg2 which fixes > the problem. <URL:https://bugzilla.gnome.org/show_bug.cgi?id=586855> has a proposed patch. Peter _______________________________________________ balsa-list mailing list balsa-list@... http://mail.gnome.org/mailman/listinfo/balsa-list |
attachment0 (197 bytes) | Free embeddable forum powered by Nabble | Forum Help |
