Signing messages (pgpmime)

Signing messages (pgpmime)

[Adam Sjøgren]

I have had pgpmime working flawlessly (with my OpenPGP-card and
card-reader) previously, but it is very seldom I use it.

Today when I wanted to sign an outgoing message, I chose "Sign Message"
in the menu, and after pressing C-c C-c I was prompted for the pin, and
the cardreader blinked as it usually does.

But then I got these errors:

  Sending...
  Generating hashcash...done
  Mark set [2 times]
  error in process filter: Process epg not running [2 times]
  mml2015-sign: Wrong type argument: char-or-string-p, nil

And - the only good part - the email wasn't sent.

I can send an encrypted (unsigned) message, and and I decrypt a message
I receive (also being prompted for the card's pin).

Before I start trying to debug this, has anyone seen similar?


  Best regards,

    Adam

-- 
 "Could you tell me what the status of Gnus                   Adam Sjøgren
  development currently is, and these limited features   asjo@koldfront.dk
  you plan to implement are?"

Re: Signing messages (pgpmime)

[Adam Sjøgren]

Adam writes:

> I have had pgpmime working flawlessly (with my OpenPGP-card and
> card-reader) previously, but it is very seldom I use it.
>
> Today when I wanted to sign an outgoing message, I chose "Sign Message"
> in the menu, and after pressing C-c C-c I was prompted for the pin, and
> the cardreader blinked as it usually does.
>
> But then I got these errors:
>
>   Sending...
>   Generating hashcash...done
>   Mark set [2 times]
>   error in process filter: Process epg not running [2 times]
>   mml2015-sign: Wrong type argument: char-or-string-p, nil

Hm, setting epg-debug to t and looking in  *epg-debug* I see that the
pin I enter isn't tranferred correctly:

  [GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1 D276000124010101000100000BDD0000/C40B1B7D09A9326AFD181FB7B728D4441E65DD19
  [GNUPG:] GET_HIDDEN passphrase.pin.ask
  [GNUPG:] GOT_IT
  gpg: PIN for CHV1 is too short; minimum length is 6
  [GNUPG:] SC_OP_FAILURE 2
  gpg: signing failed: bad passphrase
  gpg: signing failed: bad passphrase

I'm pretty sure I'm typing the pin correctly, as decryption works...

Hm.


  Best regards,

    Adam

-- 
 "I'm only civil because I don't know any swear words."       Adam Sjøgren
                                                         asjo@koldfront.dk

Re: Signing messages (pgpmime)

[Adam Sjøgren]

Adam writes:

>   [GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1 D276000124010101000100000BDD0000/C40B1B7D09A9326AFD181FB7B728D4441E65DD19
>   [GNUPG:] GET_HIDDEN passphrase.pin.ask
>   [GNUPG:] GOT_IT
>   gpg: PIN for CHV1 is too short; minimum length is 6
>   [GNUPG:] SC_OP_FAILURE 2
>   gpg: signing failed: bad passphrase
>   gpg: signing failed: bad passphrase

Hm, the text above appears in  *epg-debug* _before_ I have even entered
the pin.

It looks like epg doesn't wait for the pin, but forges ahead, and then
is gone when I have typed the pin.

But only when signing.

Odd!

-- 
 "I'll flame idiots like that, and my likelihood of           Adam Sjøgren
  helping people because they think they hold a gun to   asjo@koldfront.dk
  my head is almost zero."

Re: Signing messages (pgpmime)

[Adam Sjøgren]

Adam writes:

> It looks like epg doesn't wait for the pin, but forges ahead, and then
> is gone when I have typed the pin.
>
> But only when signing.

I have tried git Gnus as of right now, as of december 2014, and as of
december 2013, and it is the same.

So I guess it is a problem with epg.el, and not Gnus.

-- 
 "Sunday morning when the rain begins to fall                 Adam Sjøgren
  I've got the cure for it all"                          asjo@koldfront.dk

Re: Signing messages (pgpmime) [solved]

[Adam Sjøgren]

Adam writes:

> I have tried git Gnus as of right now, as of december 2014, and as of
> december 2013, and it is the same.
>
> So I guess it is a problem with epg.el, and not Gnus.

Solved by uninstalling GnuPG 1.4 and only having 2.1 installed.


  Best regards,

    Adam

-- 
 "You're taller than you look."                               Adam Sjøgren
 "I hunch."                                              asjo@koldfront.dk
 "Don't."

Re: Signing messages (pgpmime) [solved]

[Teemu Likonen]

[-- Attachment #1: Type: text/plain, Size: 415 bytes --]

Adam Sjøgren [2015-11-27 23:25:04+01] wrote:

> Solved by uninstalling GnuPG 1.4 and only having 2.1 installed.

Could this be GnuPG agent issue? GnuPG 2 uses agent automatically, even
depens on it, whereas GnuPG 1 needs "--use-agent" option or "use-agent"
line in ~/.gnupg/gpg.conf file.

Note that there is variable epg-gpg-program which can be set to "gpg2"
if you want GnuPG 2. It's "gpg" by default.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

Re: Signing messages (pgpmime) [solved]

[Adam Sjøgren]

[-- Attachment #1: Type: text/plain, Size: 1186 bytes --]

Teemu writes:

> Adam Sjøgren [2015-11-27 23:25:04+01] wrote:

>> Solved by uninstalling GnuPG 1.4 and only having 2.1 installed.

> Could this be GnuPG agent issue? GnuPG 2 uses agent automatically, even
> depens on it, whereas GnuPG 1 needs "--use-agent" option or "use-agent"
> line in ~/.gnupg/gpg.conf file.

It might be, but I have never (consciously) used gpg-agent with GnuPG 1.
(Maybe Gnome started it behind my back, before I dropped Gnome, though.)

> Note that there is variable epg-gpg-program which can be set to "gpg2"
> if you want GnuPG 2. It's "gpg" by default.

Ah, nice - I hadn't noticed.

I think I will use the opportunity to migrate to GnuPG 2 - the only
think I am missing is that building .deb packages with debuild doesn't
work, it gives up on signing the packages right away, instead of trying
to sign them. I'll have to do some searching to find out how to fix
that...


  Thanks for the input!

    Adam

-- 
 "You can't add things and come out with less than            Adam Sjøgren
  you started with!"                                     asjo@koldfront.dk
 "I can do that! It's a free country! I've got
  my rights!"

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 298 bytes --]

Re: Signing messages (pgpmime) [solved]

[Teemu Likonen]

[-- Attachment #1: Type: text/plain, Size: 1134 bytes --]

Adam Sjøgren [2015-11-28 11:11:17+01] wrote:

> Teemu writes:
>> Could this be GnuPG agent issue? GnuPG 2 uses agent automatically,
>> even depens on it, whereas GnuPG 1 needs "--use-agent" option or
>> "use-agent" line in ~/.gnupg/gpg.conf file.
>
> It might be, but I have never (consciously) used gpg-agent with GnuPG
> 1. (Maybe Gnome started it behind my back, before I dropped Gnome,
> though.)

I think that more or less everyone should have "use-agent" line in their
~/.gnupg/gpg.conf file because then gpg-agent daemon is started
automatically by /etc/X11/Xsession.d/90gpg-agent script, at least in
Debian GNU/Linux systems.

GnuPG 2 (gpg2) always uses the agent for key management but if gpg-agent
daemon is not running it is launched temporarily.

> I think I will use the opportunity to migrate to GnuPG 2 - the only
> think I am missing is that building .deb packages with debuild doesn't
> work, it gives up on signing the packages right away, instead of
> trying to sign them. I'll have to do some searching to find out how to
> fix that...

I'd guess that that this is a gpg-agent issue too.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

Re: Signing messages (pgpmime) [solved]

[Adam Sjøgren]

[-- Attachment #1: Type: text/plain, Size: 1036 bytes --]

Teemu writes:

> I think that more or less everyone should have "use-agent" line in their
> ~/.gnupg/gpg.conf file because then gpg-agent daemon is started
> automatically by /etc/X11/Xsession.d/90gpg-agent script, at least in
> Debian GNU/Linux systems.

I will give that a whirl, thanks!

> GnuPG 2 (gpg2) always uses the agent for key management but if gpg-agent
> daemon is not running it is launched temporarily.

Maybe that was the cause of the "Oh, it works. Oh, now it doesn't."
moments I had some of...

>> building .deb packages with debuild doesn't work, it gives up on
>> signing the packages right away, instead of trying to sign them. I'll
>> have to do some searching to find out how to fix that...

> I'd guess that that this is a gpg-agent issue too.

I will put use-agent in there, and see if it helps.


  Thanks again!

    Adam

-- 
 "If not actually disgruntled, he was far from being          Adam Sjøgren
  gruntled."                                             asjo@koldfront.dk

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 298 bytes --]

Re: Signing messages (pgpmime) [solved]

[Adam Sjøgren]

Adam writes:

>>> building .deb packages with debuild doesn't work, it gives up on
>>> signing the packages right away, instead of trying to sign them. I'll
>>> have to do some searching to find out how to fix that...

>> I'd guess that that this is a gpg-agent issue too.

Turned out I needed to put DEBSIGN_PROGRAM=/usr/bin/gpg2 in
~/.devscripts; debsign(1) reveals the default is "gpg":

 "-pprogname
      When debsign needs to execute GPG to sign it will run progname
      (searching the PATH if necessary), instead of gpg."


  /Adam

-- 
 "I'm only civil because I don't know any swear words."       Adam Sjøgren
                                                         asjo@koldfront.dk