kmail cannot sign mails, but can crypt them

Bug #451719 reported by Alain Baeckeroot on 2009-10-14
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
KDE PIM
Unknown
Medium
kdepim (Ubuntu)
Undecided
Unassigned
Nominated for Karmic by Alain Baeckeroot

Bug Description

Binary package hint: kdepim

I can crypt (and decrypt) messages i send to myself for test, but it is impossible to just sign them

kmail tell me there is no valid key for signing!

(this is not the same bug as #297976)
karmic koala beta i386, upgraded from jaunty with update-manager.

ProblemType: Bug
Architecture: i386
Date: Thu Oct 15 00:44:21 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: fglrx
Package: kmail 4:4.3.2-0ubuntu2
ProcEnviron:
 LANGUAGE=
 PATH=(custom, user)
 LANG=fr_FR.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.46-generic
SourcePackage: kdepim
Uname: Linux 2.6.31-14-generic i686

Version: KMail: 1.10.92 (using Devel)
OS: Linux
Installed from: Compiled sources

When i try to send a gpg signed mail, a popup says that it can't sign because of "bad passphrase". Well i bet it should ask me to insert the passphrase before passing it to gpg, and i am not prompted to insert it.. So obviously it doesn't work.

I can confirm this with launchpad/kubuntu ppa packages for kde 4.2 beta 2.

That sounds as though you don't have pinentry-qt installed

I don't have it installed... But I can read encrypted mails. And to do that i need to enter the passphrase.
I'll try what happens if i install it, and if it works i'll report to debian to add it to dependecies.

I've tried installing it... Nothing changes.

I can confirm the problem with KDE4.2 from http://kde42.debian.net/ . I have installed pinentry-qt4 but nothing has changed.

Now i can read encrypted messages, but still i can't sign. I guess this means that the pinentry stuff is correctly installed and you will finally admit it is a bug... The message i get now when i try to sign is that the recipient doesn't have encryption preferences. Am i supposed to set those preferences for each item in my address book? I'll be old when i finish...

(In reply to comment #6)
> Now i can read encrypted messages, but still i can't sign. I guess this means
> that the pinentry stuff is correctly installed and you will finally admit it is
> a bug... The message i get now when i try to sign is that the recipient doesn't
> have encryption preferences. Am i supposed to set those preferences for each
> item in my address book? I'll be old when i finish...

Calm down :-) I had exactly the same problem as this for some time. After long investigation it turned out that something on my keyring was corrupt. It's simple enough to test for this. Back up your keyring, then remove gpg from your system, and start afresh so that it creates an empty keyring. Import your own public key, and replace your private keyring from the backup file. If signing now works there is a corruption in the old keyring.

As for the message about contacts, I don't know whether it is connected with the other problem, or whether it is a distro-specific problem. I've never seen it. Try the new-keyring solution first.

Bad passphrase...
And since my key is RSA with RSA subkey, it complains because it says it is impossible to use it to sign (false).

(In reply to comment #8)
> Bad passphrase...
> And since my key is RSA with RSA subkey, it complains because it says it is
> impossible to use it to sign (false).

Please quote exact error messages.

Have you tried the new keyring solution?

Bad passphrase was the message i got after doing the keyring thing and after editing the recipient contact to walkaround the problem i had before.

Please describe exactly what you have done - removed and reinstalled gpg? started a new, clean key-ring? re-installed pinentry-qt? Especially, describe the 'contact editing' that you did. Plus anything else that might have a bearing on this. The more information you can give, the better your chances of finding the problem and fixing it.

I deleted the ~/.gnupg directory. Then i imported my public key from keyserver and then i copied private keys.
Then i opened kaddressbook, opened myself contact and set openpgp/mime in cryptographic settings.
Then i tried to sent to myself a signed mail, and the old and familiar bad passphrase without the asking dialog first appeared.

(In reply to comment #12)
> I deleted the ~/.gnupg directory. Then i imported my public key from keyserver
> and then i copied private keys.
> Then i opened kaddressbook, opened myself contact and set openpgp/mime in
> cryptographic settings.
> Then i tried to sent to myself a signed mail, and the old and familiar bad
> passphrase without the asking dialog first appeared.

Have you set up Configure KMail > Identities > (Highlight identity) Modify > Cryptography tab? You need to set your key for both signing and encrypting if you are going to use both.

I have created an executable file called ~/.kde/env/gpgagent.sh with the following contents:

eval "$(gpg-agent --daemon)"

This came from a comment in an Ubuntu bug, but I can't find the link right now. The dialogue asking for a passphrase has been popping up since then. Don't forget to make the file executable and logging out of / into KDE.

I still find that it's a bug, but this workaround has worked for me.

kail says "wrong pass phrase" when i try to sign a mail, but it did not asked for it (and i can crypt whit the same key and passphrase)

I had this problem in the past, it works here now, using

Qt-4.6.0-beta1
KDE Version 4.3.72 (KDE 4.3.72 (KDE 4.4 >= 20091015))
KMail Version 1.12.90

Can anyone else recheck this? Thanks

*** Bug 211107 has been marked as a duplicate of this bug. ***

http://bugs.kde.org/show_bug.cgi?id=211107 says the bug is duplicate of https://bugs.kde.org/show_bug.cgi?id=179997

which provides some clues to workaround / fix it.

Jorge Castro (jorge) on 2009-10-23
Changed in kdepim (Ubuntu):
status: New → Triaged

How can this bug can be tagged resolved, when the brand new 4.3 suffers from it, and makes kmail unusable !

On 4th August 2009, KDE 4.3.0 was released by the KDE community and no distribution is shipping 4.4 !

the workaround given in #15 does not work for me.

This is not a KDE issue, as far as I can see. I an many others sign and encrypt mail in KMail. On the other hand, it could possibly be a packaging issue, so you should file a bug report with your distro.

I find it strange, though, that getting gpg-agent to work actually activated the pinentry-qt. That should have worked without gpg-agent. The agent's task is to cache your passphrase for a set length of time so that you don't have to enter it for every message you sign. The fact that it did work (Comment 15) does point to a distro bug.

I did fill a bugreport for debian linking this bug. I guess at this point we users just have to sit and watch the fight.

Installing pinentry-qt or pinentry-qt4 is not enough if you don't tell gnupg to use it.

http://userbase.kde.org/KMail/PGP_MIME#Issues for more informations. (It's not up to KMail to configure gnupg, sorry)

Of course, and that's the reason I suggested creating the gpg-agent config file. However, since the reason for that file is unrelated to pinentry-qt it seems strange that it is the only place I can think of where the instruction exists. Since I've been using such a setup for years, using the same config files in fact, I can't honestly remember how I originally got it to work. I do remember times after a new install when I was asked for the passphrase for every message, which suggests that agent is not necessary, though obviously desirable.

After fixing ~/.gnupg/gpg.conf (remove wrong stuff in it introduce by some program)
and following http://userbase.kde.org/KMail/PGP_MIME#Issues and adding the pinetry-qt4 package, it works.

 https://bugs.kde.org/show_bug.cgi?id=179997 suggest this is a distro bug, which seems probale in my installation (xubuntu jaunty upgraded to karmic, with kde stuff)

Finally it works :-) thanks to #22 and the installation of pinetry-qt4 and reconfiguration with kgpg.

starslights (starslights) wrote :

well i have look about : http://userbase.kde.org/KMail/PGP_MIME#Issues but make no difference and pinentry-qt4 was already installed on Kubuntu Karmic 9.10 final release

Changed in kdepim:
status: Unknown → New

Using gpg-agent allowed me to sign, but i still think there is something wrong.

Without gpg-agent and pinentry i can actually enter my passphrase and READ the encrypted emails in my inbox, but i can't sign and i can't read the emails encrypted with my own key in my outbox.

I would expect a more consistent behaviour: either kmail can work without the agent or can't, but this.. partial working is nonsense IMHO.

Check if duplicate of 233277

Changed in kdepim:
importance: Unknown → Medium

Thank you for taking the time to file a bug report.

KMail2 was released in 2011, and the entire code base went through significant changes. We are currently in the process of porting to Qt5 and KF5. It is unlikely that these bugs are still valid in KMail2.

We welcome you to try out KMail 2 with the KDE 4.14 release and give your feedback.

Changed in kdepim:
status: New → Unknown
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.