Hi all, described the following problem already in mail to Daiki & bugs@, for context, this is where things break right now. For additional reason to write this mail, please see POSSIBLE CONCEPT BUG below: CONTEXT: I am experiencing a rather nasty problem with the integration of Gnus and GNUPG right now, which I hope you will be able to help me with. As you may have seen, the Free Software Foundation Europe has started a Fellowship campaign to promote digital freedom, which has its own portal site at http://www.fsfe.org. Each fellow receives an OpenPGP SmartCard personalised to his/her own name and with the option of having the keys signed by the Free Software Foundation Europe. Last Friday the first batch of SmartCards was shipped and I am currently starting to move to using the SmartCard as my default personal crypto-token. Unfortunately, this turns using Gnus into pure pain, as the caching of the passphrase does not work anymore: I need to enter it TWICE per mail sent (once to send it out, once for the archive, apparently). Receiving encrypted mails does not work, at all. Gnus asks for the passphrase first, then tries to decrypt, does not provide the pin to GnuPG and then decides that it cannot decrypt. Here is the buttonized output: ----------------------------- [GNUPG:] ENC_TO 0000000000000000 1 0 gpg: anonymous recipient; trying secret key B7DB041C ... CALLING USB_CLEAR_HALT [GNUPG:] CARDCTRL 3 D2760001240101010001000003500000 [GNUPG:] SC_OP_FAILURE gpg: anonymous recipient; trying secret key 7DF16B24 ... [GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1 gpg: ccid_transceive failed: (0x1000a) gpg: apdu_send_simple(0) failed: card I/O error [GNUPG:] SC_OP_FAILURE gpg: anonymous recipient; trying secret key 5378AB47 ... [GNUPG:] SC_OP_FAILURE gpg: anonymous recipient; trying secret key CAE4B6E9 ... Bitte entfernen Sie die Karte und legen stattdessen die Karte mit folgender Seriennummer ein: D2760001240101000001000000F80000 [GNUPG:] CARDCTRL 1 D2760001240101000001000000F80000 gpg: Sorry, we are in batchmode - can't get input gpg exited abnormally: '2' ----------------------------- For your information, the key id 7DF16B24 is the correct key that is on the card. So it should indeed submit the PIN instead of breaking off. I have to say that this is quite annoying and makes Gnus somewhat unusable right now. I see three potential fixes here: a) create clean way to turn off all pgg handling of PIN's or Passphrases, turning that part of the operation over to gpg-agent. b) fix the caching of PINs c) fix decryption of messages that are encrypted for SmartCard CONCEPT BUG: If you read the above carefully, you will find that indeed there something strange: a mail gets signed TWICE, apparently, once for sending, once for archival. This is bad for use in secure environments (SmartCards count signatures) and in fact annoying if you enter your PIN every time, which some paranoid people may feel like doing. So I wonder: Is there a striking reason to do this? If not: This seems a concept bug somewhere in the mailcrypt code... Regards, Georg -- Georg C. F. Greve Free Software Foundation Europe (http://fsfeurope.org) Join the Fellowship and protect your freedom! (http://www.fsfe.org)