Problems with GPGME returning "Not Implemented" or "Configuration error"

Jeffrey Stedfast jestedfa at microsoft.com
Wed Mar 8 00:57:37 CET 2017


Gah I hate Outlook which makes replying inline impossible :\

Outlook will indent but not add “> “ to quoted lines, so be aware of that as you read this email (

On 3/6/17, 9:41 AM, "Werner Koch" <wk at gnupg.org> wrote:

    On Mon, 27 Feb 2017 15:20, jestedfa at microsoft.com said:
    
    > I'm working on re-implementing GMime to use libgpgme (1.8.0 on Fedora
    > 25) instead of using my own custom logic for fork()ing/exec()ing gpg &
    
    Great, we like the use of the GPGME API.  I guess GMime is not used by
    Evolution ;-)


Yea, I haven’t been involved in Evolution development in ~10+ years at this point… I think Evolution uses libNSS (Mozilla libs) for S/MIME, but for GMime, I’d like to use gpgsm instead.

    
    Which GnuPG and GPGME versions are you using?


I’m using gnupg 2.1.13 and gpgme 1.8.0

    
    > For some reason, gpgme_op_sign() is returning GPG_ERR_NOT_IMPLEMENTED
    
    That can have several reasons.  I can't tell without having a log.


I’ll see what I can do about getting you that log…

    
    > while gpgme_op_encrypt() is returning "Configuration error".
    
    Does it work on the command line?  I would suggested to put
    "disable-crl-checks" into gpgsm.conf or even "disable-dirmngr".  If that
    works you need, you need to make sure that CRLs and intermediate
    certificates can be downloaded.  That may require to configure LDAP
    access.


Adding “disable-crl-checks” to my gpgsm.conf fixed encryption.


That leaves signing and decrypting as both failing with “Not Implemented”.

It’s an improvement!

    
    >>From what I can deduce by scouring the web for information, it seems
    >>like NOT_IMPLEMENTED should never get returned unless I am using
    >>options that just haven't been implemented yet but that doesn't seem
    >>like it should be the case since I don't think I'm doing anything out
    >>of the ordinary.
    
    Reseting the context may also be a cause for this.


Sadly, resetting the context did not help (

    
    > For encrypting, I am getting "Configuration error" which I'm also
    > confused about because I don't know what configuration options could
    > be causing this.
    
    Probably dirmngr.conf.  See above.  What you should do is to enable
    debugging:  If you are using gnupg 2.1 you should put
    
    --8<---------------cut here---------------start------------->8---
    log-file socket://
    debug ipc
    verbose
    --8<---------------cut here---------------end--------------->8---
    
    into {gpg-agent,gpgsm,dirmngr}.conf .  With older versions use have to
    use this (also work with 2.1, though):
    
    --8<---------------cut here---------------start------------->8---
    log-file socket:///home/USER/.gnupg/S.log
    debug 1024
    verbose
    --8<---------------cut here---------------end--------------->8---
    
    then fire up an xterm and run
    
      watchgnupg --time-only --force ~/.gnupg/S.log


You can see this log here: https://gist.github.com/jstedfast/38ab7fe65f0c769ba31bd5a807e2f374

    
    and you see in real time what's going on at the gnupg level.
    
    To debug run your program using
    
      GPGME_DEBUG=4:/tmp/gpgme.h: ./testpg.
    
    gpgme.log gives a pretty detailed listing.  Feel free to forward it to
    me.  If you use a level 7 you will get a complete I/O listing.


That’s really useful, thanks!

You can see the gpgme log here: https://gist.github.com/jstedfast/c9fa718ef524a73de02daacc142beccc


I spotted the fact that I was (incorrectly) using gpgme_op_decrypt_verify() when I think I should be using gpgme_op_decrypt(), so I fixed that but I still get “Not Implemented”.

I added a comment to the end of that gist to provide the new snippet that gpgme.log contained after the “fix”.

    
    > All I can think of is that perhaps there is some leftover state from gpgme_op_import() or gpgme_op_export_ext() that is breaking the gpgme_op_sign() when run at a later point?
    
    Possible.  I don't think we have good tests for this.


Thanks so much for your help,

Jeff
 



More information about the Gnupg-users mailing list