kmail don't ask the phrase for gpg-encrypted mails

Bug #15485 reported by amphora on 2005-04-13
54
This bug affects 1 person
Affects Status Importance Assigned to Milestone
KDE PIM
Invalid
Medium
gnupg (Ubuntu)
Medium
Unassigned

Bug Description

Kmail does not ask for the phrase to decipher post office based with gpg, nevertheless it does when I send
cipher emails to other people.
The stdout i obtain when ran from shell is something like this:
gpgme_op_decrypt_verify() returned this error code: 117440523

And in other cases it shows to me I engage in a dialog where it says that the phrase that I have introduced is
a mistake and that if I want to continue or to cancel.

Related branches

Jim (jdawdy) wrote :

I have a similar problem using kmail under Breezy:

To restate, when I receive a gpg encrypted email, kmail does not prompt for a
passphrase.
Instead the following is displayed:

Encrypted message (decryption not possible)
Reason: Crypto plug-in "openpgp" could not decrypt the data.
Error: Bad passphrase
  Encrypted data not shown.
  End of encrypted message

When I run eval 'gpg-agent --daemon' I get this:
can't connect to `/home/jim/.gnupg/log-socket': Connection refused
switching logging to stderr
gpg-agent[15200]: listening on socket `/tmp/gpg-I3IF9w/S.gpg-agent'
GPG_AGENT_INFO=/tmp/gpg-I3IF9w/S.gpg-agent:15201:1; export GPG_AGENT_INFO;

Workaround: save the msg.asc file to desktop. Open it with KGpg. Enter the
passphrase. The decrypted file is saved to the same directory (Desktop).

Jim

(In reply to comment #0)
> Kmail does not ask for the phrase to decipher post office based with gpg,
nevertheless it does when I send
> cipher emails to other people.
> The stdout i obtain when ran from shell is something like this:
> gpgme_op_decrypt_verify() returned this error code: 117440523
>
> And in other cases it shows to me I engage in a dialog where it says that the
phrase that I have introduced is
> a mistake and that if I want to continue or to cancel.

Rocco Stanzione (trappist) wrote :

I wasn't paying enough attention to be able to say what version introduced this problem, but it's fairly new. I can certainly confirm it for the current version in dapper and the unofficial 3.5.1 packages for Breezy.

Changed in kdepim:
status: Unconfirmed → Confirmed
Didier Raboud (odyx) wrote :

Still visible in my Kubuntu Dapper Flight5 Up2Date with KDE 3.5.2.

Kmail NEVER asks me for passphrase when opening crypted mails.

Indeed, when sending, passphrase is asked with a warning about gpg-agent (but the package is named gnupg-agent !!! => Confusion...), but never for decryption.

Indeed, for having correct GnuPG working in KMail, fantastic manipulation needs to be done :
http://kmail.kde.org/kmail-pgpmime-howto.html
(french translation disponible here : http://doc.ubuntu-fr.org/applications/kmail_openpgp )

This manipulation IS working, but needs hard work from user, including the creation of the files in ~/.gnupg/ and ~/.kde/Autostart AND going to support wiki (which should not happen, huh...)

So, at least two things to be done :

1. Change that error message that is old and unadapted to (K)Ubuntu (as it could, thanks to packaging)
2. Make gnupg-agent installation a lot more easier (another bug to file ?)

This is the complaint of Kmail about gpg-agent missing (in french, sorry).

I was having the same problem (passphrase asked for when sending mail, but not when attempting to read encrypted mail), but I looked in ~/.gnupg/gpg-agent.conf and found that it was asking for pinentry-qt, which did not exist (was expecting /usr/bin/pinentry-qt) installing this solved the problem, and now on reading encrypted mail, I get the pinentry window.

kubuntu flight5, kmail 1.9.1

Stephan Ruegamer (sadig) wrote :

The bug is confirmed on my side as well.
But it looks like, that the encryption plugin is borked.
A plain encrypted text, pasted into the mail window and send then without any gpg sign or encrytion via kmail, and the plugin is asking for the passphrase (not using gpg-agent).

mime mails which are encrypted with standard behaviour will not being decrypted properly.

\sh

Martin Emrich (emme) wrote :

I also have this problem, running edgy on amd64 (last updated a few minutes ago).

Ciao

Martin

Karsten König (remur) wrote :

This is still a problem

KMail doesn't ask for a passphrase when opening an encrypted mail and just states "bad passphrase"

I fixed it with installing pinentry-qt, gnupg-agent and removing the # in front of use-agent in the gpg.conf

I don't think that's an elegant solution for something as important as email encryption, especially as the dependencys didn't really help.

I read somewhere an idea about a package for this, maybe something like

kmail-gpg
:requires -> pinentry-qt
:requires -> gnupg-agent
and modifying the gpg.conf ...

And a better message then "Bad passphrase" would help people locating the problem, took me some time to find a solution to this

Encrypted message (decryption not possible)
Reason: Crypto plug-in "openpgp" could not decrypt the data.
Error: Bad passphrase

Kmail needs to support gpg properly!

Changed in kdepim:
assignee: jr → nobody

added a whole lot of build deps, so hopefully this will work.

Will have to file a main inclusion report for pinentry-qt - is this absolutely necessary?

Changed in kdepim:
status: Confirmed → Needs Info
Changed in kdepim:
status: Unknown → Unconfirmed
richard (richardjones) wrote :

Problem exists under Feisty. There's no pinentry-qt program, and I can't seem to find a replacement.

richard (richardjones) wrote :

Needed to add the backports repos to sources.list and then I could find pinentry*

Daniel Hahler (blueyed) wrote :

JFI: pinentry-qt should be available in the universe repository.

Daniel Hahler (blueyed) wrote :

pinentry does seem to be required, but also gpg-agent!

Please see my comment on the upstream bug http://bugs.kde.org/show_bug.cgi?id=136676#c9

I recommend using keychain (http://www.gentoo.org/proj/en/keychain/): this will start gpg-agent for you.

Changed in kdepim:
status: Needs Info → Confirmed
Changed in kdepim:
status: Unconfirmed → Confirmed
Milan Knizek (knizek) wrote :

I was fighting with this problem, too.
I have KGpg installed to take care about my keys. The key management worked fine, but first I was not able to set where the gpg.conf is (see bug https://bugs.launchpad.net/ubuntu/+source/kdeutils/+bug/119263). Based on the often referred page http://kontact.kde.org/kmail/kmail-pgpmime-howto.php I have setup the startup script for gpg-agent.

Then KMail worked. In the meantime, I found a workaround for KGpg bug mentioned above. The next day, KMail stopped working again and it took me a lot of time to find out that gpg-agent is run twice - first KGpg and then with the startup script as recommended by kde.org. Then it was simple, I deleted the startup script and made sure KGpg always starts on login.

For end-user, this is quite complicated and confusing. As proposed by others, it would be great if installation of KGpg requires also pinentry-qt and gpg-agent and when the bug 119263 is solved, things should work out-of-the-box.

Scott Kitterman (kitterman) wrote :

We are working on getting both pinentry-qt and gpg-agent into Main for Gutsy and adjusting the kmail dependencies to better support crypto out of the box, so this may get solved/improved for gutsy.

Thanks for the update Scott

On 6/26/07, Scott Kitterman <email address hidden> wrote:
>
> We are working on getting both pinentry-qt and gpg-agent into Main for
> Gutsy and adjusting the kmail dependencies to better support crypto out
> of the box, so this may get solved/improved for gutsy.
>
> --
> kmail don't ask the phrase for gpg-encrypted mails
> https://bugs.launchpad.net/bugs/15485
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

Changed in kdepim:
status: Confirmed → Invalid
Scott Kitterman (kitterman) wrote :

Kmail will do gpg just fine if you install gpg-agent and pinentry-qt and add "use-agent" without the quotes to ~/.gnupg/gpg.conf (create the file if it doesn't exist). I've tested this with KDE 3.5.5 on Dapper and KDE 3.5.7 on Feisty. There was a compilation bug settings bug in KDE 3.5.2 that makes this very unlikely to work out of the box on Dapper unless you've upgraded your KDE.

Scott Kitterman (kitterman) wrote :

Reassigning this bug to gnupg2 as the only current block to this is needing gpg to be configured to start gpg-agent.

Changed in gnupg2:
status: Confirmed → Triaged
Scott Kitterman (kitterman) wrote :

Upon further reflection, this belongs with gnupg as it will use agent also and is the default GPG package to be installed.

Changed in gnupg2:
assignee: nobody → kitterman
status: Triaged → In Progress
Michael Bienia (geser) wrote :

gnupg (1.4.6-2ubuntu3) gutsy; urgency=low

  [ Scott Kitterman ]
  * Add 'debian/patches/60_install_options_skel.dpatch': Patch to
    install options file from upstream (LP: #76983)
  * Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg
    (or gpg2) and gpgsm to use a passphrase agent by default (LP: #15485)
  * Add 'debian/patches/70_trust_error.dpatch': Patch to disallow illegal
    zero response for trust level changes (LP: #39459)

  [ Michael Bienia ]
  * Add libcurl4-gnutls-dev to Build-Depends to fix gpg running into a timeout
    updating the keyring (LP: #62864)

 -- Michael Bienia <email address hidden> Fri, 06 Jul 2007 20:56:05 +0200

Changed in gnupg:
status: In Progress → Fix Released
Scott Kitterman (kitterman) wrote :

A note for people that have been following this bug....

The config change to use-agent by default will not get installed if you already have a ~/.gnupg directory. You will have to make the change by hand for an existing user that has used gnupg before. With the recent changes in kmail dependencies in Gutsy and this (and bug #76983) fixed, gpg should just work for new installs and new users.

LimCore (limcore) wrote :

I encountered this problem when recording a small demo how to use openpgp in linux
(along with 2 other bugs, sigh)

http://limcore.com/learn/openpgp/v2_q3.ogg (short)
http://limcore.com/learn/openpgp/v1_q3.ogg (all the setup of accounts)

shows the bug exactly btw.

LimCore (limcore) wrote :

Scott, this bug happens still,
(ubuntu amd64 7.10)
Even for freshly created users, and even after nuking ~/.gnupg

I'm attaching ~2 minute record showing this bug fully.

Testuser unix account was just created day ago.
System is up to date.

LimCore (limcore) wrote :

It seems that the bug still happens, even for newly created user accounts.

The 2nd fix from http://zerlinna.blogweb.de/archives/61-Get-GPG-Decryption-working-within-Kmail.html (that is creating shell script in .kde/env/) works - but it has to be applied by user and it doesn't work OOTB.

I am testing on uptodate ubuntu 7.10 amd64.
This bug should be then re-opened?

Changed in gnupg:
status: Fix Released → Confirmed

Is this a frsh Gutsy install or a Feisty upgrade? If it was an upgrade
from Feisty there is a manual step needed to install the correct skeleton
file for the gnupg conf file. Please see the Gutsy release notes.

If it's not a Feisty upgrade or the problem persists with a new user
created after following the steps in the Gutsy release notes, please file a
new bug (don't reopen this one) and subscribe me to it and we'll get it
sorted out. I've got the working by default on several machines, so I
think thing are fundamentally sound, but something is incorrect in your
configuration.

Scott Kitterman (kitterman) wrote :

Marking back to fix released since no one has provided specifics about an ongoing problem. Note: If users think they have this problem, they almost certainly don't in Gutsy/Hardy and should probably file a new bug.

Changed in gnupg:
assignee: kitterman → nobody
status: Confirmed → Fix Released
Changed in kdepim:
status: Invalid → Unknown
Changed in kdepim:
importance: Unknown → Medium
Changed in kdepim:
status: Unknown → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.