Ubuntu
gnome-keyring package

No longer asks for passphrase, no access to private key

Bug #1387747 reported by Oliver Klee
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnome-keyring (Ubuntu)
Incomplete
Undecided
Dimitri John Ledkov

Bug Description

I'm using Thunderbird with Enigmail on Trusty in KDE. I've set /usr/bin/gpg (i.e., GPG 1, not GPG 2) as GPG path in Enigmail. My GPG key is stored on a YubiKey Neo.

This has worked fine until yesterday. Yesterday, after the following update:

gnome-keyring:amd64 3.10.1-1ubuntu4 -> 3.10.1-1ubuntu4.1

… Thunderbird/Enigmail no longer asks me for me passphrase when I open an encrypted e-mail or when I try to sign an e-mail. Instead, I directly see the error message "no private key available".

A downgrade to 3.10.1-1ubuntu4 and a reboot solves the problem. Updating again to 3.10.1-1ubuntu4.1 makes the problem appear again.

There also have been a kernel update and an update of libykpers. Those do nott seem to have caused the problem: Downgrading them (or booting the older kernel) does not solve the problem. Only the downgrade of gnome-keyring solves it.

Oliver Klee (launchpad-oliverklee)
summary: - No longer asks for passphrase
+ No longer asks for passphrase, no access to private key
Vlad Orlov (monsta)
tags: added: regression-update
Revision history for this message
Oliver Klee (launchpad-oliverklee) wrote :

This does not seem to be a duplicate of bug #1387303: The problem still occurs in Utopic with gnome-keyring 3.10.1-1ubuntu7.1 .

Revision history for this message
Oliver Klee (launchpad-oliverklee) wrote :

This happens both with gpg and gpg2 set as GPG executable in Enigmail.

Revision history for this message
Oliver Klee (launchpad-oliverklee) wrote :

This problem occurs independent of whether I set "--use-agent" or "--no-use-agent" as additional parameter to in the Enigmail configuration.

Revision history for this message
Oliver Klee (launchpad-oliverklee) wrote :

Signing on the command line does not work anymore either:

klee@gonzales:/tmp/testdata$ gpg2 --output test.txt.sig --sign test.txt
Datei 'test.txt.sig' existiert bereits. Überschreiben (j/N)? j
gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent.
gpg: WARNING: GnuPG will not work properly - please configure that tool to not interfere with the GnuPG system!

Revision history for this message
Oliver Klee (launchpad-oliverklee) wrote :

This bug seems to be related:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760102

Revision history for this message
Oliver Klee (launchpad-oliverklee) wrote :

As a workaround, I had to unset GPG_AGENT_INFO in my .bashrc and in my Thunderbird starter button.

Revision history for this message
Steve Langasek (vorlon) wrote :

Dimitri, this is reported as a regression introduced by an SRU of gnome-keyring that you did last October. Could you please have a look?

Changed in gnome-keyring (Ubuntu):
assignee: nobody → Dimitri John Ledkov (xnox)
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

I use gpg key on a Yubikey Neo and this works correctly in Trusty, Utopic and Vivid.

Make sure that in startup applications "GPG Password Agent, GNOME Keyring: GPG Agent" is unchecked.
Clear custom changes to bashrc.
Logout, login.

Check that gpg-agent upstart user session job is running (In terminal, $ status gpg-agent)

Check environment is pointing at gpg agent, rather than anything else (e.g. gnome-keyring etc) ( $ env | grep gpg )

Changed in gnome-keyring (Ubuntu):
status: New → Incomplete
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.