Trouble with GnuPG 2.1

Trouble with GnuPG 2.1

[Nils Gillmann]

So I ran into this issue with gpg2.1 on emacs-24.5 and Gnus where
I can *de*crypt emails but I can't encrypt or sign.

Outside of Gnus, gpg works.

So the relevant parts (leaving our filtering, eye candy etc) in
~/.gnus.el are below. If more details I needed or could break the
functionality, I can share the complete configuration.
My ~/.emacs.d/init.el has nothing obvious related to gpg related
modules in it.

;; gnus
(setq message-sendmail-envelope-from 'header)

;; BBDB enhancements / values:
(add-hook 'gnus-startup-hook 'bbdb-insinuate-gnus)
(setq gnus-score-find-score-files-function
      '(gnus-score-find-bnews bbdb/gnus-score))

(defun gnus-user-format-function-a (header)
  (let ((myself (concat "<" my-mail ">"))
	(references (mail-header-references header))
	(message-id (mail-header-id header)))
    (if (or (and (stringp references)
		 (string-match myself references))
	    (and (stringp message-id)
		 (string-match myself message-id)))
	"X" "│")))

(gnus-add-configuration
 '(article
   (vertical 1.0
	     (summary .35 point)
	     (article 1.0))))

(setq message-from-style 'angles)
(setq message-syntax-checks '((sender . disabled)))

(defun my-message-mode-setup ()
  (setq fill-column 65)
  (turn-on-auto-fill))
(add-hook 'message-mode-hook 'my-message-mode-setup)

(add-hook 'gnus-article-prepare-hook 'gnus-article-date-local)
(add-hook 'gnus-select-group-hook 'gnus-group-set-timestamp)
(add-hook 'gnus-group-mode-hook 'gnus-topic-mode)

(setq gnus-thread-sort-functions
      '((not gnus-thread-sort-by-date)
	(not gnus-thread-sort-by-number)))

(add-hook 'gnus-switch-on-after-hook 'gnus-group-first-unread-group)
(add-hook 'gnus-summary-exit-hook 'gnus-group-first-unread-group)

(setq gnus-show-threads t)
(setq gnus-asynchonous t)
(setq message-confirm-send t)

;; GPG Assistant
(require 'epa-file)
(epa-file-enable)
(setq epa-file-encrypt-to "0x300FA50FA4236AE9")
;;(setq epa-file-encrypt-to "66526D60")
;; (require 'epg)
;;(setq epg-gpg-program "/home/niasterisk/.guix-profile/bin/gpg2")
;; ;; package epa
;; (setq epa-file-cache-passphrase-for-symmetric-encryption t)
;; (setq epg-user-id "66526D60")
;; (setq epg-debug t)
;; ;; package mm-decode
;; ;;(add-to-list 'mm-attachment-override-types "image/.*")
;; ;;(add-to-list 'mm-inlined-types "text/html")
 (setq mm-text-html-renderer 'shr)
;; (setq mm-verify-option 'always)
;; (setq mm-decrypt-option 'always)
;; ;; package mm-encode
;; (setq mm-sign-option 'guided)
;; (setq mm-encrypt-option 'guided)
;; ;; package mml2015
;; (setq mml2015-use 'epg)
;; (setq mml2015-verbose t)
;; (setq mml2015-encrypt-to-self t)
;; (setq mml2015-always-trust nil)
;; (setq mml2015-cache-passphrase t)
;; (setq mml2015-passphrase-cache-expiry '36000)
;; (setq mml2015-sign-with-sender t)

;;(setq mm-text-html-renderer 'w3m)
(setq mm-inline-large-images t)
(auto-image-file-mode)
(add-to-list 'mm-attachment-override-types "image/*")

;; citation
(setq sc-attrib-selection-list nil
     sc-auto-fill-region-p nil
     sc-blank-lines-after-headers 1
     sc-citation-delimiter-regexp "[>]+\\|\\(: \\)+"
     sc-cite-blank-lines-p nil
     sc-confirm-always-p nil
     sc-electric-references-p nil
     sc-fixup-whitespace-p t
     sc-nested-citation-p nil
     sc-preferred-header-style 4
     sc-use-only-preference-p nil)

(gnus-delay-initialize)

(setq gnus-treat-emphasize t)
(setq nnmail-treat-duplicates 'warn)

;;; When displaying a signed message, show buttons and show if the
;;; signature was valid.
(setq mm-verify-option 'known
      mm-decrypt-option 'known
      gnus-article-emulate-mime t
      gnus-buttonized-mime-types
      (append
       (list "multipart/signed"
             "multipart/encrypted")
       gnus-buttonized-mime-types))

;;(setq gnus-message-replyencrypt t)
;;(setq gnus-message-replysign t)
;;(setq gnus-message-replysignencrypted t)
;;(setq gnus-treat-x-pgp-sig t)
(setq gnus-use-cache t)


thanks,
-- 
ng
personal contact: http://krosos.sdf.org
EDN: https://wiki.c3d2.de/Echt_Dezentrales_Netz/en


_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english

Re: Trouble with GnuPG 2.1

[Jens Lechtenboerger]

On 2016-03-13, at 16:16, Nils Gillmann wrote:

> So I ran into this issue with gpg2.1 on emacs-24.5 and Gnus where
> I can *de*crypt emails but I can't encrypt or sign.

What exactly is the problem?

You are using EasyPG, right?  In your configuration,
(setq epg-debug t)
appeared in comments.  What do you see in the debug buffer if you
enable debugging?

Best wishes
Jens

Re: Trouble with GnuPG 2.1

[Nils Gillmann]

Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes:

> On 2016-03-13, at 16:16, Nils Gillmann wrote:
>
>> So I ran into this issue with gpg2.1 on emacs-24.5 and Gnus where
>> I can *de*crypt emails but I can't encrypt or sign.
>
> What exactly is the problem?
>
> You are using EasyPG, right?  In your configuration,
> (setq epg-debug t)
> appeared in comments.  What do you see in the debug buffer if you
> enable debugging?


Right, sorry I forgot that part.
Here's the debugger output with the NUL symbols striped:

Debugger entered--Lisp error: (error "Process epg not running")
  signal(error ("Process epg not running"))
  byte-code("\b\203\302\b@!\210\bA\211\204\303	@	A\"\207" [mml2015-epg-secret-key-id-list error password-cache-remove signal] 4)
  mml2015-epg-encrypt((part (sign . "pgpmime") (encrypt . "pgpmime") (tag-location . 281) (contents . "\nThis is a test reply to get an debug result for Gnus\n\n-- \nng\npersonal contact: http://krosos.sdf.org\nEDN: https://wiki.c3d2.de/Echt_Dezentrales_Netz/en\n")) t)
  mml2015-encrypt((part (sign . "pgpmime") (encrypt . "pgpmime") (tag-location . 281) (contents . "\nThis is a test reply to get an debug result for Gnus\n\n-- \nng\npersonal contact: http://krosos.sdf.org\nEDN: https://wiki.c3d2.de/Echt_Dezentrales_Netz/en\n")) t)
  mml-pgpmime-encrypt-buffer((part (sign . "pgpmime") (encrypt . "pgpmime") (tag-location . 281) (contents . "\nThis is a test reply to get an debug result for Gnus\n\n-- \nng\npersonal contact: http://krosos.sdf.org\nEDN: https://wiki.c3d2.de/Echt_Dezentrales_Netz/en\n")) t)
  mml-generate-mime-1((part (sign . "pgpmime") (encrypt . "pgpmime") (tag-location . 281) (contents . "\nThis is a test reply to get an debug result for Gnus\n\n-- \nng\npersonal contact: http://krosos.sdf.org\nEDN: https://wiki.c3d2.de/Echt_Dezentrales_Netz/en\n")))
  mml-generate-mime()
  message-encode-message-body()
  message-send-mail(nil)
  message-send-via-mail(nil)
  message-send(nil)
  message-send-and-exit(nil)
  call-interactively(message-send-and-exit nil nil)
  command-execute(message-send-and-exit)


I have to add, I used epa-file with gpg2 and before that, with
the release of 2.1 it was just trouble. Never worked with Gnus
for me.


-- 
ng
personal contact: http://krosos.sdf.org
EDN: https://wiki.c3d2.de/Echt_Dezentrales_Netz/en

Re: Trouble with GnuPG 2.1

[Jens Lechtenboerger]

On 2016-03-13, at 17:21, Nils Gillmann wrote:

> Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes:
>
>> On 2016-03-13, at 16:16, Nils Gillmann wrote:
>>
>>> So I ran into this issue with gpg2.1 on emacs-24.5 and Gnus where
>>> I can *de*crypt emails but I can't encrypt or sign.
>>
>> What exactly is the problem?
>>
>> You are using EasyPG, right?  In your configuration,
>> (setq epg-debug t)
>> appeared in comments.  What do you see in the debug buffer if you
>> enable debugging?
>
>
> Right, sorry I forgot that part.
> Here's the debugger output with the NUL symbols striped:
>
> Debugger entered--Lisp error: (error "Process epg not running")
>   signal(error ("Process epg not running"))
>   byte-code("\b\203\302\b@!\210\bA\211\204\303 @ A\"\207"
> [mml2015-epg-secret-key-id-list error password-cache-remove signal] 4)
>   mml2015-epg-encrypt((part (sign . "pgpmime") (encrypt . "pgpmime")
> (tag-location . 281) (contents . "\nThis is a test reply to get an debug
> result for Gnus\n\n-- \nng\npersonal contact: http://krosos.sdf.org\nEDN:
> https://wiki.c3d2.de/Echt_Dezentrales_Netz/en\n")) t)

I’ve never seen this.

What is your epg-gpg-program?  Is gpg-agent running?  If so is the
correct version of gpg-agent running?  Maybe kill gpg-agent first;
it should be started automatically with gpg-2.1.

If you set
(setq epg-debug t)
what does the buffer " *epg-debug*" contain?

Best wishes
Jens

_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english

Re: Trouble with GnuPG 2.1

[Nils Gillmann]

Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes:

> On 2016-03-13, at 17:21, Nils Gillmann wrote:
>
>> Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes:
>>
>>> On 2016-03-13, at 16:16, Nils Gillmann wrote:
>>>
>>>> So I ran into this issue with gpg2.1 on emacs-24.5 and Gnus where
>>>> I can *de*crypt emails but I can't encrypt or sign.
>>>
>>> What exactly is the problem?
>>>
>>> You are using EasyPG, right?  In your configuration,
>>> (setq epg-debug t)
>>> appeared in comments.  What do you see in the debug buffer if you
>>> enable debugging?
>>
>>
>> Right, sorry I forgot that part.
>> Here's the debugger output with the NUL symbols striped:
>>
>> Debugger entered--Lisp error: (error "Process epg not running")
>>   signal(error ("Process epg not running"))
>>   byte-code("\b\203\302\b@!\210\bA\211\204\303 @ A\"\207"
>> [mml2015-epg-secret-key-id-list error password-cache-remove signal] 4)
>>   mml2015-epg-encrypt((part (sign . "pgpmime") (encrypt . "pgpmime")
>> (tag-location . 281) (contents . "\nThis is a test reply to get an debug
>> result for Gnus\n\n-- \nng\npersonal contact: http://krosos.sdf.org\nEDN:
>> https://wiki.c3d2.de/Echt_Dezentrales_Netz/en\n")) t)
>
> I’ve never seen this.
>
> What is your epg-gpg-program?

I was only used to epa-file method, if I set epg-program (see the
first post for the content) it does not change the behavior.
As sources on this differ, what is the recommended way to do
gpg2.1 encryption with Gnus? what's the minimum to have in your
.gnus.el?

> Is gpg-agent running?

yes, with `/home/niasterisk/.guix-profile/bin/gpg-agent --sh
--daemon --write-env-file /home/niasterisk/.cache/gpg-agent-info

> If so is the correct version of gpg-agent running?
> Maybe kill gpg-agent first; it should be started automatically
> with gpg-2.1.

killing the agent, restarting Gnus and sending this

From: Nils Gillmann <niasterisk@grrlz.net>
To: niasterisk@grrlz.net
Subject: asdf
Gcc: nnfolder+archive:sent.2016-03
Date: Sun, 13 Mar 2016 20:38:15 +0100
Message-ID: <87a8m2b23c.fsf@grrlz.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
--text follows this line--
<#secure method=pgpmime mode=signencrypt>
asdf
-- 
ng
personal contact: http://krosos.sdf.org
EDN: https://wiki.c3d2.de/Echt_Dezentrales_Netz/en

gives me:

Debugger entered--Lisp error: (error "Process epg not running")
  signal(error ("Process epg not running"))
  byte-code("\b\203.


_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english

Re: Trouble with GnuPG 2.1

[Nils Gillmann]

The last message did break in an unexpected way. Here should be
the real message:


Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes:

> On 2016-03-13, at 17:21, Nils Gillmann wrote:
>
>> Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes:
>>
>>> On 2016-03-13, at 16:16, Nils Gillmann wrote:
>>>
>>>> So I ran into this issue with gpg2.1 on emacs-24.5 and Gnus where
>>>> I can *de*crypt emails but I can't encrypt or sign.
>>>
>>> What exactly is the problem?
>>>
>>> You are using EasyPG, right?  In your configuration,
>>> (setq epg-debug t)
>>> appeared in comments.  What do you see in the debug buffer if you
>>> enable debugging?
>>
>>
>> Right, sorry I forgot that part.
>> Here's the debugger output with the NUL symbols striped:
>>
>> Debugger entered--Lisp error: (error "Process epg not running")
>>   signal(error ("Process epg not running"))
>>   byte-code("\b\203\302\b@!\210\bA\211\204\303 @ A\"\207"
>> [mml2015-epg-secret-key-id-list error password-cache-remove signal] 4)
>>   mml2015-epg-encrypt((part (sign . "pgpmime") (encrypt . "pgpmime")
>> (tag-location . 281) (contents . "\nThis is a test reply to get an debug
>> result for Gnus\n\n-- \nng\npersonal contact: http://krosos.sdf.org\nEDN:
>> https://wiki.c3d2.de/Echt_Dezentrales_Netz/en\n")) t)
>
> I’ve never seen this.
>
> What is your epg-gpg-program?

I was only used to epa-file method, if I set epg-program (see the
first post for the content) it does not change the behavior.
As sources on this differ, what is the recommended way to do
gpg2.1 encryption with Gnus? what's the minimum to have in your
.gnus.el?

> Is gpg-agent running?

yes, with `/home/niasterisk/.guix-profile/bin/gpg-agent --sh
--daemon --write-env-file /home/niasterisk/.cache/gpg-agent-info

> If so is the correct version of gpg-agent running?
> Maybe kill gpg-agent first; it should be started automatically
> with gpg-2.1.

killing the agent, restarting Gnus and sending this

From: Nils Gillmann <niasterisk@grrlz.net>
To: niasterisk@grrlz.net
Subject: asdf
Gcc: nnfolder+archive:sent.2016-03
Date: Sun, 13 Mar 2016 20:38:15 +0100
Message-ID: <87a8m2b23c.fsf@grrlz.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
--text follows this line--
<#secure method=pgpmime mode=signencrypt>
asdf
-- 
ng
personal contact: http://krosos.sdf.org
EDN: https://wiki.c3d2.de/Echt_Dezentrales_Netz/en

gives me:

Debugger entered--Lisp error: (error "Process epg not running")
  signal(error ("Process epg not running"))
  byte-code("\b\203..\302\b@!\210\bA\211.\204..\303	@	A\"\207" [mml2015-epg-secret-key-id-list error password-cache-remove signal] 4)
  mml2015-epg-encrypt((part (sign . "pgpmime") (encrypt . "pgpmime")
(tag-location . 280) (contents . "asdf\n-- \nng\npersonal contact:
http://krosos.sdf.org\nEDN:
https://wiki.c3d2.de/Echt_Dezentrales_Netz/en\n")) t)
  mml2015-encrypt((part (sign . "pgpmime") (encrypt . "pgpmime")
(tag-location . 280) (contents . "asdf\n-- \nng\npersonal contact:
http://krosos.sdf.org\nEDN:
https://wiki.c3d2.de/Echt_Dezentrales_Netz/en\n")) t)
  mml-pgpmime-encrypt-buffer((part (sign . "pgpmime") (encrypt
. "pgpmime") (tag-location . 280) (contents . "asdf\n-- \nng\npersonal
contact: http://krosos.sdf.org\nEDN:
https://wiki.c3d2.de/Echt_Dezentrales_Netz/en\n")) t)
  mml-generate-mime-1((part (sign . "pgpmime") (encrypt . "pgpmime")
(tag-location . 280) (contents . "asdf\n-- \nng\npersonal contact:
http://krosos.sdf.org\nEDN:
https://wiki.c3d2.de/Echt_Dezentrales_Netz/en\n")))
  mml-generate-mime()
  message-encode-message-body()
  message-send-mail(nil)
  message-send-via-mail(nil)
  message-send(nil)
  message-send-and-exit(nil)
  call-interactively(message-send-and-exit nil nil)
  command-execute(message-send-and-exit)


But gpg-agent does not continue to run or does not restart with
Gnus.

contents in ~/.gnupg/ is:

~/.gnupg/gpg-agent.conf:
pinentry-program /home/niasterisk/.guix-profile/bin/pinentry-gtk
default-cache-ttl 86400
max-cache-ttl 86400
# workaround for broken2.1?
allow-loopback-pinentry
#allow-emacs-pinentry

~/.gnupg/gpg.conf:
#keyserver hkps://hkps.pool.sks-keyserver.net
#keyserver-options ca-cert-file=~/certificates/sks-keyservers.netCA.pem
keyserver-options no-honor-keyserver-url include-revoked
#keyserver-options include-revoked

fixed-list-mode
keyid-format 0xlong
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
use-agent
verify-options show-uid-validity
list-options show-uid-validity
cert-digest-algo SHA512

# workaround for broken2.1?
pinentry-mode loopback

no-comments
with-fingerprint
no-emit-version

~/.gnupg/dirmngr.conf
keyserver hkp://hkps.pool.sks-keyservers.net
hkp-cacert /home/niasterisk/certificates/sks-keyservers.netCA.pem



> If you set
> (setq epg-debug t)
> what does the buffer " *epg-debug*" contain?

the output in the comment above

>
> Best wishes
> Jens


-- 
ng
personal contact: http://krosos.sdf.org
EDN: https://wiki.c3d2.de/Echt_Dezentrales_Netz/en


_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english

possible emacs 24.5 + Gnus problem when using pgpmime and signencrypt (was: Re: Trouble with GnuPG 2.1)

[Nils Gillmann]

So it looks like this problem occurs when I try to /signencrypt/
and it works when I just ignore the fact that I can't sign.

Untested:
- just sign and not encrypt

It is not necessarily Gnus related, but appears to me in the
context of using Gnus.
Sources to get a 2016 relevant default of a working config for
gpg with epa are too many and too many outdated, so it's hard to
get this working, but this is progress.
-- 
ng
personal contact: http://krosos.sdf.org
EDN: https://wiki.c3d2.de/Echt_Dezentrales_Netz/en

Re: possible emacs 24.5 + Gnus problem when using pgpmime and signencrypt

[Jens Lechtenboerger]

On 2016-03-14, at 17:55, Nils Gillmann wrote:

> So it looks like this problem occurs when I try to /signencrypt/
> and it works when I just ignore the fact that I can't sign.

How do you specify the key for signing?  Do you use a smart card?

For me the following works out of the box with gpg-2.0.22 and Emacs
24.3.1 (both part of my distribution) as well as gpg-2.1.11 and
Emacs 25.1.50.

$ killall gpg-agent
$ unset GPG_AGENT_INFO
$ emacs -Q

Starting Emacs with "-Q" inhibits loading your configuration, so
if the following works you could start from there.

In Emacs, compose a message with `C-x m', insert a To address to
which to encrypt, some Subject, don’t worry about the From address.
(I’ve got a default-key option in gpg.conf, which defines the
signing key.  Without that the first secret key in the keyring is
used, I guess.)

Evaluate the following (either insert the lines into the message
body and press `C-x C-e' at the end of each line or enter each
command after `M-:').

--8<---------------cut here---------------start------------->8---
(setq debug-on-error t)
(setq epg-debug t)
(setq epg-gpg-program "gpg2")
--8<---------------cut here---------------end--------------->8---

So, customizing epg-gpg-program should be all you need.

Then choose menu “Attachments->Sign and Encrypt Message”, which
inserts the secure MML tag.  Then choose “Attachments->Preview”,
which performs the encryption and signing (hopefully):
* A passphrase dialogue for the private signing key appears.
  Enter correct passphrase.
* Then, a dialogue appears asking whether to decrypt.
  Answer no.

The MIME preview buffer contains something like
“[1. application/pgp-encrypted]”, while the encrypted bytes are in
buffer " *mm*" or " *mm*-<some-number>" (note the leading space in
the name).

In the buffer " *epg-debug*" (again with leading space), debug
output for gpg is visible.

If signature fails, maybe use this in gpg-agent.conf to create debug
output in /tmp/gpg-agent.log:

--8<---------------cut here---------------start------------->8---
verbose
log-file /tmp/gpg-agent.log
debug-all
--8<---------------cut here---------------end--------------->8---

Best wishes
Jens

_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english