seahorse asks twice for gpg key password

As this seems to be a user error I am marking this as an invalid bug.

It's not a user error - Seahorse shouldn't ask twice for the same GPG password.

I can confirm this problem for Thunderbird and Enigmail.

I should add some comment to my previous comment:
* it happens when I sign with PGP/MIME on, it does NOT happen without PGP/MIME.
* the above mentioned solution (Edit2), with remembering the pass phrase does not matter in this case, with the time set to 0 or to 15 minutes, both time it asks 2 time. It does NOT remember the pass phrase anyway (also not without PGP/MIME).

My problems are gone now that I (only) removed seahorse from my system (so it really looks that it has a bug). Enigmail is also able to remember my passphrase.

I found this discussion [1] at enigmail forum, someone having the same problem

[1]http://www.mozilla-enigmail.org/forum/viewtopic.php?f=3&t=421

Thank you for taking the time to report this bug and helping to make Ubuntu better. I can't replicate the issue neither on hardy nor in intrepid, can you try with version 2.24.0 from intrepid?

Hello,

I can confirm this bug on Intrepid. I updated my system from Hardy (where the error did not occur) to Intrepid and now I have to type in my password twice.

ii seahorse 2.24.1-0ubuntu1 A Gnome front end for GnuPG
ii thunderbird 2.0.0.17+nobinonly-0 mail/news client with RSS and integrated spam filter sup

I can confirm this bug.
I reconfigured my gnome gpg settings in system->preferences->encryption and set "do not remember password".
Since then enigmail asked everytime I opened a mail though I set "remember for 5 min" in enigmail prefs.
Now I reset that the option in gnome->preferences->encryption to 20min, I works again with enigmail.

I would expect enigmail to either ignore the gnome settings or
alert me of this setting being in place and overriding the engimail setting.

I'm running Intrepid.

libcryptui0 2.24.1-0ubuntu1
seahorse 2.24.1-0ubuntu1
seahorse-plugins 2.24.1-0ubuntu1
thunderbird 2.0.0.19+nobinonly-0ubuntu0.8.10.1
thunderbird-gnome-support 2.0.0.19+nobinonly-0ubuntu0.8.10.1
thunderbird-locale-de 1:2.0.0.14+1-0ubuntu2
thunderbird-locale-en-gb 1:2.0.0.14+1-0ubuntu2

and enigmail 0.95.7
I can reproduce the problem by reenabling "do not keep passphrase" in system->preferences->encryption .

removing seahorse is another possible workaround ... would like to see a proper fix, though

Can somebody please explain why this bug has been set to be invalid?

you have the url to the GNOME bug in the table on the webpage

apparently, enigmail performs two operation. the question for me is, why? and why is the enigmail part of this bug `invalid'?

It is a enigmail-issue. Invalidating the seahorse task and reopening the enigmail one. Enigmail performs two separate actions, see upstream's comment:

"From the enigmail ouput pasted in the enigmail forum, enigmail is performing
two different operations:

enigmail> /usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 -t --clearsign -u 0xA81E15E0 --use-agent
enigmail> /usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 --digest-algo sha1 -s -b -a -t -u 0xA81E15E0 --use-agent

If your option is set to have the agent not remember your passphrase, you will
be asked twice for it because it's not being cached from request to request.
If changing the caching option from never to expires after a period of time or
always fixes this behavior, then everything is operating as designed. If
that's not the case, please reopen this bug. "

I did some troubleshooting on this issue, because it affects me as well. The previous comment mentions an upstream bug report, but I haven't been able to find it, so I'll post this here.

The first time I send a signed message after restarting Thunderbird, I get prompted twice for my gpg key password. Each subsequent time I send a signed message within the same Thunderbird session, I am only prompted once.

I should make it clear that I have my gpg-agent configured with "ignore-cache-for-signing" enabled. Although upstream states this case is working as intended, I can suggest a minor code change which would eliminate the need for the extra password prompt.

As mentioned previously, there are two signing requests to gpg2 during this first transaction. The first of these ("--clearsign") is signing the message "Dummy Test" for the sole purpose of detecting which digest algorithm gpg2 intends to use: it looks for a line such as "Hash: SHA256" in the output.

One thing I noticed when testing gpg2 on the command line is gpg2 outputs the "Hash: SHA256" line *before* it prompts for the password. So, the password prompt can be bypassed by adding the argument "--pinentry-mode cancel" to the gpg2 command line:

$ /usr/bin/gpg2 --charset utf-8 --display-charset utf-8 --use-agent --batch --no-tty --status-fd 2 -t --clearsign --pinentry-mode cancel -u 0xE19CF36DDF865D8405B1E4100B39535099304B41 <<< 'Dummy Test'
[GNUPG:] BEGIN_SIGNING H8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dummy Test
gpg: signing failed: Operation cancelled
[GNUPG:] FAILURE sign 67108963
gpg: [stdin]: clearsign failed: Operation cancelled

Enigmail can then parse the digest algorithm from the output without needing to bother the user with an extra password prompt.