From aegypten-issues at intevation.de Fri Nov 5 17:19:09 2004 From: aegypten-issues at intevation.de (Bernhard Reiter) Date: Fri Nov 5 17:16:40 2004 Subject: [issue275] kmail unnecessary crl request Message-ID: <1099671549.35.0.253833225679.issue275@intevation.de> New submission from Bernhard Reiter : Kontact from packages from last week: They fetch the CRL too often. (and when you do not get one, the client always hangs for 2 minutes or so). The problem is: The crls are tried even when there is not crypto operation in range. So on regular syncs having a normal mail selected in the folder and when sending and email (without signing or encrypting). What code in Kmail triggers crypto operation when there is no signed or encrypted email around? Marc wrote: Only the composer, when looking up candiate keys for signing/encrypting. Maybe they have a composer open that keeps autosaving in the background? ---------- assignedto: marc messages: 1771 nosy: bernhard, jan, marc priority: critical status: unread title: kmail unnecessary crl request topic: KMail ______________________________________________________ Aegypten issue tracker ______________________________________________________ From bernhard at intevation.de Fri Nov 5 17:23:58 2004 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri Nov 5 17:21:30 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200410312324.58710.erik.wasser@iquer.net> References: <200410312324.58710.erik.wasser@iquer.net> Message-ID: <20041105162358.GD11946@intevation.de> On Sun, Oct 31, 2004 at 11:24:58PM +0100, Erik Wasser wrote: > I read "Using OpenPGP and PGP/MIME with KMail >= 1.7"[1] and installed a > few libraries on my Gentoo System: > > dev-libs/pth-1.4.0 > dev-libs/libksba-0.9.8 > dev-libs/libassuan-0.6.6 > app-crypt/gnupg-1.9.10 > app-crypt/gpgme-0.9.0-r1 > dev-libs/libgcrypt-1.1.94 > > The installation is so great that I can do the > > > echo "test" | gpg -ase -r 0xDEADBEEF | gpg Whoch version of Kmail are you trying CVS from this week? > 'trick' and the 'eval "$(gpg-agent --daemon)"' is working fine. I can > read decrypted mails but I can't encrypting mails in kmail and that is > bad. When I try to send a decrypted mail I enter the pass phrase and > everything seems okay but when kmail really sends the mail I got an > error box with > > "Encyption failed: Brocken pipe" > > What is the error here? What can I test so solve this problem? Any > ideas? Is this a plugin error or an kmail error? A) Start the log watcher from extras and enable debugging. B) Try to decrypt the email on the command line. (More difficult, you need to save the encrypted part in the right format.) > I read also the bug reports[2][3] in kmail but I unsure what is the > problem here. > > [1] http://kmail.kde.org/kmail-pgpmime-howto.html > [2] http://bugs.kde.org/show_bug.cgi?id=85009 > [3] http://bugs.kde.org/show_bug.cgi?id=83086 > > -- > So long... Fuzz > > _______________________________________________ > Gpa-dev mailing list > Gpa-dev@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gpa-dev -- Professional Service for Free Software (intevation.net) The FreeGIS Project (freegis.org) FSFE (fsfeurope.org) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041105/3b9e9895/attachment.bin From aegypten-issues at intevation.de Mon Nov 8 11:12:03 2004 From: aegypten-issues at intevation.de (Jan-Oliver Wagner) Date: Mon Nov 8 11:08:44 2004 Subject: [issue276] =?utf-8?q?Upgrading_from_=C3=84gypten1_to_=C3=84gypten?= =?utf-8?q?2=3A_problems_with_sign=26encrypt?= Message-ID: <1099908723.51.0.177522563847.issue276@intevation.de> New submission from Jan-Oliver Wagner : It has been reported that when upgrading from an older KDE to the new (?gypten2) KDE produces a problem when keeping the old kmailrc. The problem is that signing and encrypting SMIME emails does not work anymore (first kmail crashed, but that is fixed now). Note: only signing or only encrypting works. For this problem we first need a reproducable path. (I guess copying an old kmailrc could work, of course the personal crypto settings must be inserted carefully). Attached is the tracback of the version that even crashed (which however is fixed meanwhile). ---------- assignedto: marc files: crash.txt messages: 1777 nosy: jan, marc priority: bug status: unread title: Upgrading from ?gypten1 to ?gypten2: problems with sign&encrypt topic: KMail ______________________________________________________ Aegypten issue tracker ______________________________________________________ -------------- next part -------------- (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...[New Thread 1024 (LWP 3620)] (no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...0x41378a59 in wait4 () from /lib/libc.so.6 #0 0x41378a59 in wait4 () from /lib/libc.so.6 #1 0x413efe48 in __check_rhosts_file () from /lib/libc.so.6 #2 0x41265453 in waitpid () from /lib/libpthread.so.0 #3 0x409a385d in KCrash::defaultCrashHandler () from /usr/lib/libkdecore.so.4 #4 0x41262f54 in pthread_sighandler () from /lib/libpthread.so.0 #5 0x413016b8 in sigaction () from /lib/libc.so.6 #6 0x41263339 in raise () from /lib/libpthread.so.0 #7 0x41302be1 in abort () from /lib/libc.so.6 #8 0x412fbe42 in __assert_fail () from /lib/libc.so.6 #9 0x42c91c9b in DwMessageComponent::FromString () from /usr/lib/libmimelib.so.1 #10 0x424d001c in KMMessage::setBody () from /usr/lib/libkmailprivate.so.0 #11 0x426f1926 in MessageComposer::addBodyAndAttachments () from /usr/lib/libkmailprivate.so.0 #12 0x426f0511 in MessageComposer::encryptMessage () from /usr/lib/libkmailprivate.so.0 #13 0x426f6f9c in EncryptMessageJob::execute () from /usr/lib/libkmailprivate.so.0 #14 0x426eafcc in MessageComposer::slotDoNextJob () from /usr/lib/libkmailprivate.so.0 #15 0x426f4149 in MessageComposer::qt_invoke () from /usr/lib/libkmailprivate.so.0 #16 0x40d2e873 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #17 0x40fd3863 in QSignal::signal () from /usr/lib/libqt-mt.so.3 #18 0x40d440d5 in QSignal::activate () from /usr/lib/libqt-mt.so.3 #19 0x40d49963 in QSingleShotTimer::event () from /usr/lib/libqt-mt.so.3 #20 0x40ce1424 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3 #21 0x40ce10b4 in QApplication::notify () from /usr/lib/libqt-mt.so.3 #22 0x40936050 in KApplication::notify () from /usr/lib/libkdecore.so.4 #23 0x40cd40b1 in QEventLoop::activateTimers () from /usr/lib/libqt-mt.so.3 #24 0x40c9aeb5 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3 #25 0x40cf1d5e in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3 #26 0x40cf1cbb in QEventLoop::exec () from /usr/lib/libqt-mt.so.3 #27 0x40ce157a in QApplication::exec () from /usr/lib/libqt-mt.so.3 #28 0x0805a071 in QWidget::paintEvent () #29 0x412f114f in __libc_start_main () from /lib/libc.so.6 From erik.wasser at iquer.net Mon Nov 8 12:26:42 2004 From: erik.wasser at iquer.net (Erik Wasser) Date: Mon Nov 8 12:23:07 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <20041105162358.GD11946@intevation.de> References: <200410312324.58710.erik.wasser@iquer.net> <20041105162358.GD11946@intevation.de> Message-ID: <200411081226.42156.erik.wasser@iquer.net> On Friday 05 November 2004 17:23, Bernhard Reiter wrote: > > > echo "test" | gpg -ase -r 0xDEADBEEF | gpg > > Whoch version of Kmail are you trying CVS from this week? Ich don't use KMail from CVS. I'm using the version KMail 1.7 from KDE 3.3.0. Is this version too old? I'm not very up-to-date with this things. > > What is the error here? What can I test so solve this problem? Any > > ideas? Is this a plugin error or an kmail error? > > A) Start the log watcher from extras and enable debugging. I set the 'debug-level' to 'guru'. I hope this is the option you mean. B-) Here is the log: gpg-agent[14631]: NOTE: this is a development version! gpg-agent[14631]: listening on socket `/tmp/gpg-Njqs17/S.gpg-agent' gpg-agent[14632]: handler for fd 0 started gpg-agent[14632.0x8075db0] DBG: -> OK Pleased to meet you gpg-agent[14632.0x8075db0] DBG: <- OPTION display=:0 gpg-agent[14632.0x8075db0] DBG: -> OK gpg-agent[14632.0x8075db0] DBG: <- OPTION ttyname=/dev/tty gpg-agent[14632.0x8075db0] DBG: -> OK gpg-agent[14632.0x8075db0] DBG: <- OPTION ttytype=xterm gpg-agent[14632.0x8075db0] DBG: -> OK gpg-agent[14632.0x8075db0] DBG: <- OPTION lc-ctype=de_DE@euro gpg-agent[14632.0x8075db0] DBG: -> OK gpg-agent[14632.0x8075db0] DBG: <- OPTION lc-messages=de_DE@euro gpg-agent[14632.0x8075db0] DBG: -> OK gpg-agent[14632.0x8075db0] DBG: <- GET_PASSPHRASE 59B1C97855BA33FDB0540D6E63DDC9B6247DB795 X X You+need+a+passphrase+to+unlock+the+secret+key+for+user: %0A"Erik+Wasser+"%0A1024-bit+DSA+key, +ID+247DB795,+created+2001-01-05%0A gpg-agent[14632]: DBG: agent_get_cache `59B1C97855BA33FDB0540D6E63DDC9B6247DB795'... gpg-agent[14632]: DBG: ... miss gpg-agent[14632]: starting a new PIN Entry gpg-agent[14632]: DBG: connection to PIN entry established gpg-agent[14632]: DBG: agent_put_cache `59B1C97855BA33FDB0540D6E63DDC9B6247DB795' gpg-agent[14632.0x8075db0] DBG: -> [Confidential data not shown] gpg-agent[14632.0x8075db0] DBG: <- [EOF] gpg-agent[14632]: handler for fd 0 terminated I don't see any error here. B-) > B) Try to decrypt the email on the command line. > (More difficult, you need to save the encrypted part in the right > format.) Ups... Sorry! My mistake. Decryption is fine and working. Sending an encrypted is a problem. The logfile was created during the send process of kmail. I'm very clueless. B-((( Thanks for the help. -- So long... Fuzz From aegypten-issues at intevation.de Tue Nov 9 19:08:28 2004 From: aegypten-issues at intevation.de (Bernhard Reiter) Date: Tue Nov 9 19:04:57 2004 Subject: [issue277] mutt keys unmapped after pinentry-curses use Message-ID: <1100023708.95.0.981891316311.issue277@intevation.de> New submission from Bernhard Reiter : When using pinentry curses it happens sometimes that after viewing an email (and sometimes pressing Ctrl-L to redraw the screen because I have debugging set up, but do not start watchgnupg everytime) I then getting back to mutt's index view: The UP and DOWN keys are not working anymore, I get reported: Key is not mapped. Strange indeed. It does not happen all the time. Ideas how to further debug this? ---------- assignedto: werner messages: 1789 nosy: bernhard, werner priority: bug status: unread title: mutt keys unmapped after pinentry-curses use topic: mutt ______________________________________________________ Aegypten issue tracker ______________________________________________________ From bernhard at intevation.de Tue Nov 9 22:48:06 2004 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue Nov 9 22:44:41 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411081226.42156.erik.wasser@iquer.net> References: <200410312324.58710.erik.wasser@iquer.net> <20041105162358.GD11946@intevation.de> <200411081226.42156.erik.wasser@iquer.net> Message-ID: <20041109214806.GI21565@intevation.de> Hi Erik, On Mon, Nov 08, 2004 at 12:26:42PM +0100, Erik Wasser wrote: > On Friday 05 November 2004 17:23, Bernhard Reiter wrote: > > Whoch version of Kmail are you trying CVS from this week? > > Ich don't use KMail from CVS. I'm using the version KMail 1.7 from KDE > 3.3.0. Is this version too old? I'm not very up-to-date with this > things. The lastest and greatest improvements from ?gypten2 are in later versions. However I do not see why it should not working.. First: Are you trying to use OpenPGP or S/MIME? Secondly: Try to do all operations on the command line first too seperate if KMail is your problem or the crypto setup itself. > > > What is the error here? What can I test so solve this problem? Any > > > ideas? Is this a plugin error or an kmail error? > > > > A) Start the log watcher from extras and enable debugging. > > I set the 'debug-level' to 'guru'. I hope this is the option you mean. Guru is fine and will leave files in directory, too. So "expert" is sufficient most of the time. > gpg-agent[14632]: DBG: connection to PIN entry established So you do see a pinentry? > I don't see any error here. B-) True. > > B) Try to decrypt the email on the command line. > > (More difficult, you need to save the encrypted part in the right > > format.) > > Ups... Sorry! My mistake. Decryption is fine and working. Sending an > encrypted is a problem. The logfile was created during the send process > of kmail. No it was also my mistake, I wasn't reading closely enough. Try your operation on the command line, like # OpenPGP gpg -e -r buddy@home.where x >x.enc or # X509 gpgsm -e -r buddy@home.where x >x.enc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041109/5a9f9ddf/attachment.bin From aegypten-issues at intevation.de Wed Nov 10 09:23:53 2004 From: aegypten-issues at intevation.de (Marc Mutz) Date: Wed Nov 10 09:20:24 2004 Subject: [issue278] KMail looks up recipient key during autosave. Message-ID: <1100075033.06.0.783665314916.issue278@intevation.de> New submission from Marc Mutz : $title says it all ---------- assignedto: marc messages: 1790 nosy: bernhard, marc priority: urgent status: in-progress title: KMail looks up recipient key during autosave. topic: KMail ______________________________________________________ Aegypten issue tracker ______________________________________________________ From erik.wasser at iquer.net Wed Nov 10 12:53:27 2004 From: erik.wasser at iquer.net (Erik Wasser) Date: Wed Nov 10 12:49:58 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <20041109214806.GI21565@intevation.de> References: <200410312324.58710.erik.wasser@iquer.net> <200411081226.42156.erik.wasser@iquer.net> <20041109214806.GI21565@intevation.de> Message-ID: <200411101253.27446.erik.wasser@iquer.net> On Tuesday 09 November 2004 22:48, Bernhard Reiter wrote: > The lastest and greatest improvements from ?gypten2 are > in later versions. However I do not see why it should not working.. I've just upgraded to KDE 3.3.1 and KMail 1.7.1. > First: Are you trying to use OpenPGP or S/MIME? OpenPGP. > Secondly: Try to do all operations on the command line first > too seperate if KMail is your problem or the crypto setup itself. Okay, where we go: > > gpg-agent[14632]: DBG: connection to PIN entry established > > So you do see a pinentry? Is this the box for entering the password? Yes, it came up the first time and cached the password correctly for further tries. % gpg -e -r buddy@home.where x >x.enc Crap, see for yourself: % gpg -e -r someone@somewhere.tld hosts Secure memory is not locked into core gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: someone@somewhere.tld: skipped: Unusable public key gpg: /etc/hosts: encryption failed: Unusable public key What does that 'Unusable public key' mean in this case? Thanks for your great support! -- So long... Fuzz From wk at gnupg.org Wed Nov 10 13:29:44 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Nov 10 13:29:27 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411101253.27446.erik.wasser@iquer.net> (Erik Wasser's message of "Wed, 10 Nov 2004 12:53:27 +0100") References: <200410312324.58710.erik.wasser@iquer.net> <200411081226.42156.erik.wasser@iquer.net> <20041109214806.GI21565@intevation.de> <200411101253.27446.erik.wasser@iquer.net> Message-ID: <87zn1pzy2v.fsf@wheatstone.g10code.de> On Wed, 10 Nov 2004 12:53:27 +0100, Erik Wasser said: > What does that 'Unusable public key' mean in this case? You used a key not capable of encryption or expired or without a valid user ID. --debug 64 gives more more detailed info. Check the output of gpg --check-sigs someone. Werner From erik.wasser at iquer.net Wed Nov 10 13:42:30 2004 From: erik.wasser at iquer.net (Erik Wasser) Date: Wed Nov 10 13:39:00 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <87zn1pzy2v.fsf@wheatstone.g10code.de> References: <200410312324.58710.erik.wasser@iquer.net> <200411101253.27446.erik.wasser@iquer.net> <87zn1pzy2v.fsf@wheatstone.g10code.de> Message-ID: <200411101342.30717.erik.wasser@iquer.net> On Wednesday 10 November 2004 13:29, Werner Koch wrote: > On Wed, 10 Nov 2004 12:53:27 +0100, Erik Wasser said: > > What does that 'Unusable public key' mean in this case? > > You used a key not capable of encryption or expired or without a > valid user ID. --debug 64 gives more more detailed info. % gpg --debug 64 -e -r someone@somewhere.tld hosts Secure memory is not locked into core gpg: NOTE: no default option file `/home/fuzz/.gnupg/options' gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: DBG: finish_lookup: checking key 33EAF336 (one)(req_usage=0) gpg: DBG: using key 33EAF336 gpg: DBG: finish_lookup: checking key C59447D8 (one)(req_usage=0) gpg: DBG: using key C59447D8 gpg: DBG: finish_lookup: checking key 33EAF336 (one)(req_usage=0) gpg: DBG: using key 33EAF336 gpg: DBG: cache_user_id: already in cache gpg: DBG: finish_lookup: checking key 45C922BF (one)(req_usage=0) gpg: DBG: using key 45C922BF gpg: DBG: finish_lookup: checking key 33EAF336 (all)(req_usage=2) gpg: DBG: no suitable subkeys found - trying primary gpg: DBG: primary key not valid gpg: DBG: no suitable key found - giving up gpg: someone@somewhere.tld: skipped: Unusable public key gpg: hosts: encryption failed: Unusable public key secmem usage: 1344/32768 bytes in 2 blocks Okay the key is unusable. So far so bad. B-) > Check the > output of gpg --check-sigs someone. pub 2048R/33EAF336 2002-04-29 Real Name sig! 36F3EA33 2002-04-29 [User id not found] Stupid question (again): what does *that* mean? Thanks for the support. -- So long... Fuzz From wk at gnupg.org Wed Nov 10 15:41:12 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Nov 10 15:44:30 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411101342.30717.erik.wasser@iquer.net> (Erik Wasser's message of "Wed, 10 Nov 2004 13:42:30 +0100") References: <200410312324.58710.erik.wasser@iquer.net> <200411101253.27446.erik.wasser@iquer.net> <87zn1pzy2v.fsf@wheatstone.g10code.de> <200411101342.30717.erik.wasser@iquer.net> Message-ID: <87ekj1zrzr.fsf@wheatstone.g10code.de> On Wed, 10 Nov 2004 13:42:30 +0100, Erik Wasser said: > pub 2048R/33EAF336 2002-04-29 Real Name > sig! 36F3EA33 2002-04-29 [User id not found] > Stupid question (again): what does *that* mean? Your key is broken and there is no subkey usable for encryption. For a valid key you should get such a listing: pub 1024D/9CD9FD55 2000-12-14 uid Joe Random Hacker sig!3 9CD9FD55 2000-12-14 Joe Random Hacker sub 1024g/381701C4 2000-12-14 sig! 9CD9FD55 2000-12-14 Joe Random Hacker (gpg 1.2 merges the first "uid" line with the "pub" line) You can see the user ID with a self-signature and a subkey with the key binding self-signature. If you do a gpg --list-keys --with-colons you even get more information: pub:f:1024:17:AF82244F9CD9FD55:976803034:::q:::scaESCA: uid:f::::976803034::18652B8DFEFDC53FBD2553FC289B6D3FC2033BC0::\ Joe Random Hacker: sub:f:1024:16:087DD7E0381701C4:976803037::::::e: Note the "scaESCA" in the first line. The capitalized letters say, the entiere key (primary and subkeys) may be used for: encryption, signing, certification and authentication. If you do this for your key you will notice that there is no E in it. Shalom-Salam, Werner From ian at pairowoodies.com Thu Nov 11 05:53:22 2004 From: ian at pairowoodies.com (Ian Scott) Date: Thu Nov 11 05:50:05 2004 Subject: gpg-agent Problems Message-ID: <200411102353.26377.ian@pairowoodies.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm hoping someone can perhaps point me in the right direction. I am very sure I have followed the directions carefully found here: http://kmail.kde.org/kmail-pgpmime-howto.html I have tried this about a dozen times, both installing from source and rpm. My OS: Fedora Core 2 GPG Version: 1.25 (Also gpg-1.9.9 configured with agent only) libgcrypt-1.2.0 libgpg-error-1.0 libksba-0.9.9 pth-2.0.2 libassuan-0.6.6 Everthing installed fine without error messages. All the make check's reported no errors on any tests. But when I start gpg-agent: eval "$(gpg-agent --daemon)" I get this: gpg-agent[9366]: Secure memory is not locked into core When I do a ps -x |grep gpg I get: 9367 ? S 0:00 gpg-agent --daemon This is not the same PID that I got when I started gpg-agent. This command: echo "test" | gpg -ase -r 0x319CE936 |gpg I see: gpg: can't connect to `/tmp/gpg-wjqJw7/S.gpg-agent': Connection refused /tmp/gpg-wjqJw7/S.gpg-agent exists. Permissions: srwxrwxr-x 1 ian ian 0 Nov 10 23:42 S.gpg-agent Permissions for /tmp/gpg-wjqJw7: rwx------ 2 ian ian 4096 Nov 10 23:42 gpg-wjqJw7 I am truly stumped. I had this working about 2 months ago, before a hard drive failure. Reinstalled Fedora Core 2 (which is what was running prior to the drive failure), but have not been able to get gpg-agent to work nicely at all since then. My system has two hard drives, my home directory is on a drive that did not fail. Only the system files and directories needed to be reinstalled. I'm not sure what more information I can provide to work out this problem, but I am truly stumped and have spent hours trying to figure this out. If anyone has any thoughts or suggestions, I'd very much appreciate it. Thanks, - -- Ian Scott GPG/PGP KEY: 0x319CE936 **************************** http://www.pairowoodies.com/ Providing Goal Centered Internet Solutions http://www.about-flyfishing.com/ All About Fly Fishing **************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBkvBG3TmndDGc6TYRAsD4AJ9hye+dBRkQY/5Ibr7gRNZe2ifd5QCguvta QD/sGY+itI9qTAKUJAMREto= =aw3G -----END PGP SIGNATURE----- From wk at gnupg.org Thu Nov 11 10:08:15 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Nov 11 10:26:47 2004 Subject: gpg-agent Problems In-Reply-To: <200411102353.26377.ian@pairowoodies.com> (Ian Scott's message of "Wed, 10 Nov 2004 23:53:22 -0500") References: <200411102353.26377.ian@pairowoodies.com> Message-ID: <87actoycqo.fsf@wheatstone.g10code.de> On Wed, 10 Nov 2004 23:53:22 -0500, Ian Scott said: > gpg-agent[9366]: Secure memory is not locked into core That is just a warning to tell you that the memory areas used to store passpharses and secret keys might get swapped to the disk. setuid (root) gpg-agent or use a brand new Linux kernel to solve that problem. > When I do a ps -x |grep gpg > I get: > 9367 ? S 0:00 gpg-agent --daemon > This is not the same PID that I got when I started gpg-agent. That is fine, gpg-agent does the usual fork to become a daemon. > This command: > echo "test" | gpg -ase -r 0x319CE936 |gpg > I see: > gpg: can't connect to `/tmp/gpg-wjqJw7/S.gpg-agent': Connection refused > /tmp/gpg-wjqJw7/S.gpg-agent exists. > Permissions: > srwxrwxr-x 1 ian ian 0 Nov 10 23:42 S.gpg-agent > Permissions for /tmp/gpg-wjqJw7: > rwx------ 2 ian ian 4096 Nov 10 23:42 gpg-wjqJw7 Does "netstat -lxp" show you a line indicating that gpg-agent with the above PID is litening on that socket? If not, there is something wrong with gpg-agent. Configure a log file in ~/.gnupg/gpg-agent.conf to see what's going on or start gpg-agent under "strace -fo alogfile gpg-agent --daemon". You may also want to get the latest gpg-agent (1.9.12) and run "gpg-agent" which tries to connect to the running gpg-agent to check whether it is running. If everything seems to be fine, run gpg under strace and watch out for a connect call. Werner From ian at pairowoodies.com Thu Nov 11 17:08:23 2004 From: ian at pairowoodies.com (Ian Scott) Date: Thu Nov 11 17:05:06 2004 Subject: gpg-agent Problems In-Reply-To: <87actoycqo.fsf@wheatstone.g10code.de> References: <200411102353.26377.ian@pairowoodies.com> <87actoycqo.fsf@wheatstone.g10code.de> Message-ID: <200411111108.29650.ian@pairowoodies.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On November 11, 2004 04:08 am, Werner Koch wrote: > On Wed, 10 Nov 2004 23:53:22 -0500, Ian Scott said: > > gpg-agent[9366]: Secure memory is not locked into core > > That is just a warning to tell you that the memory areas used to store > passpharses and secret keys might get swapped to the disk. setuid > (root) gpg-agent or use a brand new Linux kernel to solve that problem. First, thank you very much for trying to help. I'm using kernel version 2.6.8 > > When I do a ps -x |grep gpg > > I get: > > 9367 ? S 0:00 gpg-agent --daemon > > > > This is not the same PID that I got when I started gpg-agent. > > That is fine, gpg-agent does the usual fork to become a daemon. Ok. > > > This command: > > echo "test" | gpg -ase -r 0x319CE936 |gpg > > > > I see: > > gpg: can't connect to `/tmp/gpg-wjqJw7/S.gpg-agent': Connection refused > > > > /tmp/gpg-wjqJw7/S.gpg-agent exists. > > > > Permissions: > > srwxrwxr-x 1 ian ian 0 Nov 10 23:42 S.gpg-agent > > > > Permissions for /tmp/gpg-wjqJw7: > > rwx------ 2 ian ian 4096 Nov 10 23:42 gpg-wjqJw7 > > Does "netstat -lxp" show you a line indicating that gpg-agent with the > above PID is litening on that socket? If not, there is something wrong > with gpg-agent. No, netstat -lxp does not show gpg-agent. > Configure a log file in ~/.gnupg/gpg-agent.conf to > see what's going on or start gpg-agent under "strace -fo alogfile > gpg-agent --daemon". I have this line in gpg-agent.conf: log-file socket:///home/ian/.gnupg/agentlog ****** Ok, I removed 2 // before /home. Get an error message, which I've never seen before: failed to open log file `socket:/home/ian/.gnupg/agentlog': No such file or directory So, I remove 'socket:' so the conf file line is now: log-file /home/ian/.gnupg/agentlog and start gpg-agent as above. Would you believe it is now working??!! Oh boy, I feel silly now! But I am pretty sure I did not add that line to the conf file in the first place. Would that have been the problem in the first place? Thank you. - -- Ian Scott GPG/PGP KEY: 0x319CE936 **************************** http://www.pairowoodies.com/ Providing Goal Centered Internet Solutions http://www.about-flyfishing.com/ All About Fly Fishing **************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD4DBQFBk4593TmndDGc6TYRAkdIAJiYj0L2b/bVL4f5M4dprOUAZEbbAJ993mh7 qFMubg1Rsyel8W7IbT36xg== =RKXj -----END PGP SIGNATURE----- From wk at gnupg.org Fri Nov 12 13:49:10 2004 From: wk at gnupg.org (Werner Koch) Date: Fri Nov 12 13:49:30 2004 Subject: gpg-agent Problems In-Reply-To: <200411111108.29650.ian@pairowoodies.com> (Ian Scott's message of "Thu, 11 Nov 2004 11:08:23 -0500") References: <200411102353.26377.ian@pairowoodies.com> <87actoycqo.fsf@wheatstone.g10code.de> <200411111108.29650.ian@pairowoodies.com> Message-ID: <87ekizuta1.fsf@wheatstone.g10code.de> On Thu, 11 Nov 2004 11:08:23 -0500, Ian Scott said: > No, netstat -lxp does not show gpg-agent. Then gpg-agent is not listening for unknown reasons. > Ok, I removed 2 // before /home. Get an error message, which I've never > seen before: > failed to open log file `socket:/home/ian/.gnupg/agentlog': No such file or > directory The 2 extra slashes are important becuase they indicate that logging should go to a socket. > Would you believe it is now working??!! Oh boy, I feel silly now! But I am While working on dirmngr I had the very same problem yesterday; it turned out that dirmngr used an old version of the logging code and that is what your gpg-agent also uses. I did some fixes to the logging code and the daemon initialization on 2004-10-21. That change went into 1.9.12 and solved a problem some people had when using Mutt. Please update if you want to use [k]watchgnupg. Werner From erik.wasser at iquer.net Sun Nov 14 22:02:28 2004 From: erik.wasser at iquer.net (Erik Wasser) Date: Sun Nov 14 21:59:01 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <87ekj1zrzr.fsf@wheatstone.g10code.de> References: <200410312324.58710.erik.wasser@iquer.net> <200411101342.30717.erik.wasser@iquer.net> <87ekj1zrzr.fsf@wheatstone.g10code.de> Message-ID: <200411142202.33261.erik.wasser@iquer.net> On Wednesday 10 November 2004 15:41, Werner Koch wrote: > On Wed, 10 Nov 2004 13:42:30 +0100, Erik Wasser said: > > pub 2048R/33EAF336 2002-04-29 Real Name > > sig! 36F3EA33 2002-04-29 [User id not found] > > > > Stupid question (again): what does *that* mean? > > Your key is broken and there is no subkey usable for encryption. For > a valid key you should get such a listing: > > pub 1024D/9CD9FD55 2000-12-14 > uid Joe Random Hacker > sig!3 9CD9FD55 2000-12-14 Joe Random Hacker > sub 1024g/381701C4 2000-12-14 > sig! 9CD9FD55 2000-12-14 Joe Random Hacker > > (gpg 1.2 merges the first "uid" line with the "pub" line) > > You can see the user ID with a self-signature and a subkey with the > key binding self-signature. If you do a gpg --list-keys --with-colons > you even get more information: > > pub:f:1024:17:AF82244F9CD9FD55:976803034:::q:::scaESCA: > uid:f::::976803034::18652B8DFEFDC53FBD2553FC289B6D3FC2033BC0::\ > Joe Random Hacker: > sub:f:1024:16:087DD7E0381701C4:976803037::::::e: > > Note the "scaESCA" in the first line. The capitalized letters say, > the entiere key (primary and subkeys) may be used for: encryption, > signing, certification and authentication. If you do this for your > key you will notice that there is no E in it. Yes, you're right. I've requestet the public key from this guy again: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 6.5.8 for non-commercial use mQENAzzNVBsAAAEIALGAXwx4mTqrSI15itb0mtSwRG3msRP41KK3zCQ//xSf4zWN [...] aCMiZak= =kA+s -----END PGP PUBLIC KEY BLOCK----- When I try to import it: % gpg --import References: <200410312324.58710.erik.wasser@iquer.net> <87ekj1zrzr.fsf@wheatstone.g10code.de> <200411142202.33261.erik.wasser@iquer.net> Message-ID: <200411142341.33071@erwin.ingo-kloecker.de> On Sunday 14 November 2004 22:02, Erik Wasser wrote: > When I try to import it: > > % gpg --import Secure memory is not locked into core > gpg: NOTE: THIS IS A DEVELOPMENT VERSION! > gpg: It is only intended for test purposes and should NOT be > gpg: used in a production environment or with production keys! > gpg: key 33EAF336: no valid user IDs > gpg: this may be caused by a missing self-signature > gpg: Total number processed: 1 > gpg: w/o user IDs: 1 > > Well what does that mean? What is this user ID about? Do I have to > use PGP instead of GPG? Why? I don't understand this at all. B-) A user ID connects a key and its owner. Usually it contains the key owner's name and his email address. If a user ID is not self-signed then it could have been added by anyone to the key. I think some very old versions of PGP created user IDs without self-signature. You have to ask the key owner to sign his user ID if you want to use the key. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041114/147881d2/attachment.bin From erik.wasser at iquer.net Tue Nov 16 00:28:35 2004 From: erik.wasser at iquer.net (Erik Wasser) Date: Tue Nov 16 00:25:04 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411142341.33071@erwin.ingo-kloecker.de> References: <200410312324.58710.erik.wasser@iquer.net> <200411142202.33261.erik.wasser@iquer.net> <200411142341.33071@erwin.ingo-kloecker.de> Message-ID: <200411160028.36052.erik.wasser@iquer.net> On Sunday 14 November 2004 23:41, Ingo Kl?cker wrote: > A user ID connects a key and its owner. Usually it contains the key > owner's name and his email address. If a user ID is not self-signed > then it could have been added by anyone to the key. I think some very > old versions of PGP created user IDs without self-signature. You have > to ask the key owner to sign his user ID if you want to use the key. I played a little bit with PGP810 for windows. This version can create three different versions of key pairs. 1) Diffie-Hellmann/DSS (standard) 2) RSA 3) RSA-Legacy The first two are no problem (I'm talking about importing the public key into GPG). But the third one is the problem here. It gives me the old error code: Secure memory is not locked into core gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: key 1DE27EF7: no valid user IDs gpg: this may be caused by a missing self-signature gpg: Total number processed: 1 gpg: w/o user IDs: 1 Is this is PGP or an GPG issue? Is this key just too legacy or is gpg just to new? Can I update the PGP key so it will have this user ID? The FAQ from GNUPG[1] says to GnuPG and RSA the following: "RSA is included as of GnuPG version 1.0.3." Does this yes-to-RSA-statement includes 'RSA-legacy' keys? Comments? Ideas? B-) [1]http://www.gnupg.org/(en)/documentation/faqs.html#q3.3 -- So long... Fuzz From kloecker at kde.org Tue Nov 16 00:51:47 2004 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Tue Nov 16 00:48:26 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411160028.36052.erik.wasser@iquer.net> References: <200410312324.58710.erik.wasser@iquer.net> <200411142341.33071@erwin.ingo-kloecker.de> <200411160028.36052.erik.wasser@iquer.net> Message-ID: <200411160051.49256@erwin.ingo-kloecker.de> On Tuesday 16 November 2004 00:28, Erik Wasser wrote: > On Sunday 14 November 2004 23:41, Ingo Kl?cker wrote: > > A user ID connects a key and its owner. Usually it contains the key > > owner's name and his email address. If a user ID is not self-signed > > then it could have been added by anyone to the key. I think some > > very old versions of PGP created user IDs without self-signature. > > You have to ask the key owner to sign his user ID if you want to > > use the key. > > I played a little bit with PGP810 for windows. This version can > create three different versions of key pairs. > > 1) Diffie-Hellmann/DSS (standard) > 2) RSA > 3) RSA-Legacy > > The first two are no problem (I'm talking about importing the public > key into GPG). But the third one is the problem here. It gives me the > old error code: > > Secure memory is not locked into core > gpg: NOTE: THIS IS A DEVELOPMENT VERSION! > gpg: It is only intended for test purposes and should NOT be > gpg: used in a production environment or with production keys! > gpg: key 1DE27EF7: no valid user IDs > gpg: this may be caused by a missing self-signature > gpg: Total number processed: 1 > gpg: w/o user IDs: 1 > > Is this is PGP or an GPG issue? Is this key just too legacy or is gpg > just to new? Can I update the PGP key so it will have this user ID? It's a flaw in the original specification. The key is just too legacy. To make gpg accept the key you just have to self-sign the user ID. > The FAQ from GNUPG[1] says to GnuPG and RSA the following: "RSA is > included as of GnuPG version 1.0.3." Does this yes-to-RSA-statement > includes 'RSA-legacy' keys? Yes. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041116/22a6582e/attachment.bin From erik.wasser at iquer.net Tue Nov 16 09:47:57 2004 From: erik.wasser at iquer.net (Erik Wasser) Date: Tue Nov 16 09:44:24 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411160051.49256@erwin.ingo-kloecker.de> References: <200410312324.58710.erik.wasser@iquer.net> <200411160028.36052.erik.wasser@iquer.net> <200411160051.49256@erwin.ingo-kloecker.de> Message-ID: <200411160947.58130.erik.wasser@iquer.net> On Tuesday 16 November 2004 00:51, Ingo Kl?cker wrote: > It's a flaw in the original specification. The key is just too > legacy. To make gpg accept the key you just have to self-sign the > user ID. Thanks for helping. The next problem is arising. I created a RSA-legacy key pair version with PGP 8.1 for testing. The tree structure consists of 3 three entries: - Full name RSA legacy key pair | + Full name User ID | + Full name RSA exportable signature When I try to sign the first or second entry the PGP already says "Cannot sign 'Full name ' The Key is already signed be the specified signing key". The third entry can't be signed because it's only the signature. So I'am stuck again here. Can someone test this 'behavior' of PGP. I know this is a ML for GPG, but when I know the bug is in PGP I will go there. Promised! B-) -- So long... Fuzz From wk at gnupg.org Tue Nov 16 10:11:59 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Nov 16 10:14:31 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411160028.36052.erik.wasser@iquer.net> (Erik Wasser's message of "Tue, 16 Nov 2004 00:28:35 +0100") References: <200410312324.58710.erik.wasser@iquer.net> <200411142202.33261.erik.wasser@iquer.net> <200411142341.33071@erwin.ingo-kloecker.de> <200411160028.36052.erik.wasser@iquer.net> Message-ID: <87pt2eqhsw.fsf@wheatstone.g10code.de> On Tue, 16 Nov 2004 00:28:35 +0100, Erik Wasser said: > The FAQ from GNUPG[1] says to GnuPG and RSA the following: "RSA is > included as of GnuPG version 1.0.3." Does this yes-to-RSA-statement > includes 'RSA-legacy' keys? Yes. For some reasons your self-signature is not valid. If you want me to have a look at that key, please send me the public key. Salam-Shalom, Werner From erik.wasser at iquer.net Tue Nov 16 10:45:31 2004 From: erik.wasser at iquer.net (Erik Wasser) Date: Tue Nov 16 10:41:58 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <87pt2eqhsw.fsf@wheatstone.g10code.de> References: <200410312324.58710.erik.wasser@iquer.net> <200411160028.36052.erik.wasser@iquer.net> <87pt2eqhsw.fsf@wheatstone.g10code.de> Message-ID: <200411161045.31446.erik.wasser@iquer.net> On Tuesday 16 November 2004 10:11, Werner Koch wrote: > For some reasons your self-signature is not valid. If you want me to > have a look at that key, please send me the public key. Thanks for your offer. You find the keys in the attachment of this mail: pierre.asc - This is the key that started the whole thing. It's from my brother and was created with PGPfreeware 6.5.8. It's a RSA legacy pair. erik.asc - This is my test key. It's an RSA legacy pair too from PGP 8.1. Both can't be imported in my gpg-1.9.10: 'no valid user IDs'. Thanks for your help and work with me. B-) -- So long... Fuzz -------------- next part -------------- A non-text attachment was scrubbed... Name: erik.asc Type: application/pgp-keys Size: 932 bytes Desc: not available Url : /pipermail/attachments/20041116/db641216/erik-0001.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: pierre.asc Type: application/pgp-keys Size: 939 bytes Desc: not available Url : /pipermail/attachments/20041116/db641216/pierre-0001.bin From wk at gnupg.org Tue Nov 16 12:01:55 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Nov 16 12:04:32 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411161045.31446.erik.wasser@iquer.net> (Erik Wasser's message of "Tue, 16 Nov 2004 10:45:31 +0100") References: <200410312324.58710.erik.wasser@iquer.net> <200411160028.36052.erik.wasser@iquer.net> <87pt2eqhsw.fsf@wheatstone.g10code.de> <200411161045.31446.erik.wasser@iquer.net> Message-ID: <87d5yeqcpo.fsf@wheatstone.g10code.de> On Tue, 16 Nov 2004 10:45:31 +0100, Erik Wasser said: > erik.asc - This is my test key. It's an RSA legacy pair too from PGP > 8.1. I had no problems importing that key. > Both can't be imported in my gpg-1.9.10: 'no valid user IDs'. Ah well, you should not use gpg2 (the OpenPGP part of GnuPG 1.9). It is way behind the development of decent gpg 1.2.x or 1.3.x. Please install gnupg-1.3.92 - if coexists without problems with gnupg 1.9.x (at least with the latest one). There is a reason why it is called gpg2 and not gpg in 1.9. hth, Werner From erik.wasser at iquer.net Tue Nov 16 13:19:18 2004 From: erik.wasser at iquer.net (Erik Wasser) Date: Tue Nov 16 13:15:47 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <87d5yeqcpo.fsf@wheatstone.g10code.de> References: <200410312324.58710.erik.wasser@iquer.net> <200411161045.31446.erik.wasser@iquer.net> <87d5yeqcpo.fsf@wheatstone.g10code.de> Message-ID: <200411161319.18918.erik.wasser@iquer.net> On Tuesday 16 November 2004 12:01, Werner Koch wrote: > I had no problems importing that key. Everytime I think that all my problems are solved with the next answer mail from the ML everything gets worse. B-) > > Both can't be imported in my gpg-1.9.10: 'no valid user IDs'. > > Ah well, you should not use gpg2 (the OpenPGP part of GnuPG 1.9). It > is way behind the development of decent gpg 1.2.x or 1.3.x. Can you tell me something about the different parts? gnupg-1.2.6 is the stable version. gnupg-1.3.92 is the unstable version (what's new in this branch?) gnupg-1.9.10 is another unstable version (what's different in this branch? gpgme-1.0.1 is a interoperability library for kmail vs. gpg, right? I want to use GPG for securing my mails including the attachements. So I can't use the deprecated "inline OpenPGP" method. I've found the Aegypten2 project page[1] and the requirements are: gnupg (>= 1.9.10). Or is that the requirement only for the SMIME standard? > Please install gnupg-1.3.92 - if coexists without problems with gnupg > 1.9.x (at least with the latest one). There is a reason why it is > called gpg2 and not gpg in 1.9. Thanks. After installing I made some softlinks[2] but now everything seems fine. I'm now waiting for a feedback of my crypted mail. Thanks for your great support. [1]Using OpenPGP and PGP/MIME with KMail: http://kmail.kde.org/kmail-pgpmime-howto.html [2] ln -s to /usr/local/gnupg-1.3.92/bin/gpg /usr/bin/gpg ln -s to /usr/local/gnupg-1.3.92/bin/gpg /usr/bin/gpg2 -- So long... Fuzz From bernhard at intevation.de Tue Nov 16 14:28:31 2004 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue Nov 16 14:25:07 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411161319.18918.erik.wasser@iquer.net> References: <200410312324.58710.erik.wasser@iquer.net> <200411161045.31446.erik.wasser@iquer.net> <87d5yeqcpo.fsf@wheatstone.g10code.de> <200411161319.18918.erik.wasser@iquer.net> Message-ID: <20041116132831.GB27997@intevation.de> On Tue, Nov 16, 2004 at 01:19:18PM +0100, Erik Wasser wrote: > On Tuesday 16 November 2004 12:01, Werner Koch wrote: > > > Both can't be imported in my gpg-1.9.10: 'no valid user IDs'. > > > > Ah well, you should not use gpg2 (the OpenPGP part of GnuPG 1.9). It > > is way behind the development of decent gpg 1.2.x or 1.3.x. > > Can you tell me something about the different parts? > > gnupg-1.2.6 is the stable version. Ready for production use. Conservative updates only. > gnupg-1.3.92 is the unstable version (what's new in this branch?) To become 1.4.0 eventually. (Werner know more about the differences, you can see much in reading the announcements archive http://lists.gnupg.org/pipermail/gnupg-announce/) > gnupg-1.9.10 is another unstable version (what's different in this > branch? It merged gpgsm (doing smime) and gpg. > gpgme-1.0.1 is a interoperability library for kmail vs. gpg, right? Almost. ;) http://www.gnupg.org/(en)/related_software/gpgme/index.html GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG easier for applications. It provides a High-Level Crypto API for encryption, decryption, signing, signature verification and key management. It can use gpg 1.9.x and thus provide crypto operations needed for S/MIME and OpenPGP. > I want to use GPG for securing my mails including the attachements. So I > can't use the deprecated "inline OpenPGP" method. That is correct, do not use it. > I've found the Aegypten2 project page[1] and the requirements are: gnupg > (>= 1.9.10). Or is that the requirement only for the SMIME standard? It is for S/MIME. > > Please install gnupg-1.3.92 - if coexists without problems with gnupg > > 1.9.x (at least with the latest one). There is a reason why it is > > called gpg2 and not gpg in 1.9. > > Thanks. After installing I made some softlinks[2] but now everything > seems fine. I'm now waiting for a feedback of my crypted mail. > [1]Using OpenPGP and PGP/MIME with KMail: > http://kmail.kde.org/kmail-pgpmime-howto.html > > [2] > ln -s to /usr/local/gnupg-1.3.92/bin/gpg /usr/bin/gpg > ln -s to /usr/local/gnupg-1.3.92/bin/gpg /usr/bin/gpg2 You do not need the link to gpg2. gnupg1.9.x builds gpg2 just so it can coexist. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041116/7ba5273e/attachment.bin From erik.wasser at iquer.net Tue Nov 16 14:47:12 2004 From: erik.wasser at iquer.net (Erik Wasser) Date: Tue Nov 16 14:43:44 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <20041116132831.GB27997@intevation.de> References: <200410312324.58710.erik.wasser@iquer.net> <200411161319.18918.erik.wasser@iquer.net> <20041116132831.GB27997@intevation.de> Message-ID: <200411161447.12844.erik.wasser@iquer.net> On Tuesday 16 November 2004 14:28, Bernhard Reiter wrote: > [...] Thanks for your explanations and patience. > > [2] > > ln -s to /usr/local/gnupg-1.3.92/bin/gpg /usr/bin/gpg > > ln -s to /usr/local/gnupg-1.3.92/bin/gpg /usr/bin/gpg2 > > You do not need the link to gpg2. > gnupg1.9.x builds gpg2 just so it can coexist. Well... not here. B-) % cd ~/src/gnupg-1.3.92 % ./configure --prefix=/usr/local/gnupg-1.3.92 % make % make install % ls -l /usr/local/gnupg-1.3.92/bin total 4188 -rwxr-xr-x 1 fuzz 504 2798663 Nov 16 12:48 gpg -rwxr-xr-x 1 fuzz 504 147687 Nov 16 12:48 gpgsplit -rwxr-xr-x 1 fuzz 504 1321164 Nov 16 12:48 gpgv % B-) -- So long... Fuzz From kloecker at kde.org Tue Nov 16 23:29:21 2004 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Tue Nov 16 23:25:59 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411161447.12844.erik.wasser@iquer.net> References: <200410312324.58710.erik.wasser@iquer.net> <20041116132831.GB27997@intevation.de> <200411161447.12844.erik.wasser@iquer.net> Message-ID: <200411162329.22794@erwin.ingo-kloecker.de> On Tuesday 16 November 2004 14:47, Erik Wasser wrote: > On Tuesday 16 November 2004 14:28, Bernhard Reiter wrote: > > [...] > > Thanks for your explanations and patience. > > > > [2] > > > ln -s to /usr/local/gnupg-1.3.92/bin/gpg /usr/bin/gpg > > > ln -s to /usr/local/gnupg-1.3.92/bin/gpg /usr/bin/gpg2 > > > > You do not need the link to gpg2. > > gnupg1.9.x builds gpg2 just so it can coexist. > > Well... not here. B-) > > % cd ~/src/gnupg-1.3.92 > % ./configure --prefix=/usr/local/gnupg-1.3.92 > % make > % make install > % ls -l /usr/local/gnupg-1.3.92/bin > total 4188 > -rwxr-xr-x 1 fuzz 504 2798663 Nov 16 12:48 gpg > -rwxr-xr-x 1 fuzz 504 147687 Nov 16 12:48 gpgsplit > -rwxr-xr-x 1 fuzz 504 1321164 Nov 16 12:48 gpgv > % I think you misunderstood Bernhard. Let me rephrase: gnupg-1.3.92 builds gpg. gnupg-1.9.x builds gpg2. gpg and gpg2 can coexist. So you should install gnupg-1.3.x (or the latest gnupg-1.2.x) and gnupg-1.9.x. On the command line you should only use gpg. gpg2 is currently only used by the Aegypten2 stuff. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041116/efdbe329/attachment.bin From wk at gnupg.org Wed Nov 17 08:27:52 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Nov 17 16:48:09 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411162329.22794@erwin.ingo-kloecker.de> (Ingo =?utf-8?q?Kl=C3=B6cker's?= message of "Tue, 16 Nov 2004 23:29:21 +0100") References: <200410312324.58710.erik.wasser@iquer.net> <20041116132831.GB27997@intevation.de> <200411161447.12844.erik.wasser@iquer.net> <200411162329.22794@erwin.ingo-kloecker.de> Message-ID: <87oehx5407.fsf@wheatstone.g10code.de> On Tue, 16 Nov 2004 23:29:21 +0100, Ingo Kl?cker said: > gnupg-1.9.x. On the command line you should only use gpg. gpg2 is > currently only used by the Aegypten2 stuff. Actually gpg2 is not used at all. The current CVS version even displays: log_info ("WARNING: This version of gpg is not very matured and\n"); log_info ("WARNING: only intended for testing. Please keep using\n"); log_info ("WARNING: gpg 1.2.x, 1.3.x or 1.4.x for OpenPGP\n"); Given all the problems I consider to not having build it at all unless a configure option has been given. Shalom-Salam, Werner From kloecker at kde.org Wed Nov 17 22:22:32 2004 From: kloecker at kde.org (Ingo =?utf-8?q?Kl=C3=B6cker?=) Date: Wed Nov 17 22:19:09 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <87oehx5407.fsf@wheatstone.g10code.de> References: <200410312324.58710.erik.wasser@iquer.net> <200411162329.22794@erwin.ingo-kloecker.de> <87oehx5407.fsf@wheatstone.g10code.de> Message-ID: <200411172222.34255@erwin.ingo-kloecker.de> On Wednesday 17 November 2004 08:27, Werner Koch wrote: > On Tue, 16 Nov 2004 23:29:21 +0100, Ingo Kl?cker said: > > gnupg-1.9.x. On the command line you should only use gpg. gpg2 is > > currently only used by the Aegypten2 stuff. > > Actually gpg2 is not used at all. It's not used for OpenPGP by Aegypten2? Interesting. But it's surely used for S/MIME, isn't it? Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041117/298b0a15/attachment.bin From wk at gnupg.org Thu Nov 18 13:26:22 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Nov 18 13:29:32 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411172222.34255@erwin.ingo-kloecker.de> (Ingo =?utf-8?q?Kl=C3=B6cker's?= message of "Wed, 17 Nov 2004 22:22:32 +0100") References: <200410312324.58710.erik.wasser@iquer.net> <200411162329.22794@erwin.ingo-kloecker.de> <87oehx5407.fsf@wheatstone.g10code.de> <200411172222.34255@erwin.ingo-kloecker.de> Message-ID: <87is832vip.fsf@wheatstone.g10code.de> On Wed, 17 Nov 2004 22:22:32 +0100, Ingo Kl?cker said: > It's not used for OpenPGP by Aegypten2? Interesting. But it's surely > used for S/MIME, isn't it? gpgsm is used for S/MIME. The gnupg 1.9 package contains several modules which are all used by the S/MIME backend. There is also a module named gpg2 but that one is more or less for development reasons included - it is not needed and should not be used. OTOH, the packages gnupg 1.2.x and gnupg 1.3.x do only include one module: gpg - which is used for OpenPGP. What a mess; I should have better not included the gpg2 with gnupg 1.9. Werner From bernhard at intevation.de Thu Nov 18 17:21:17 2004 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu Nov 18 17:18:15 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <87is832vip.fsf@wheatstone.g10code.de> References: <200410312324.58710.erik.wasser@iquer.net> <200411162329.22794@erwin.ingo-kloecker.de> <87oehx5407.fsf@wheatstone.g10code.de> <200411172222.34255@erwin.ingo-kloecker.de> <87is832vip.fsf@wheatstone.g10code.de> Message-ID: <20041118162117.GK16792@intevation.de> On Thu, Nov 18, 2004 at 01:26:22PM +0100, Werner Koch wrote: > On Wed, 17 Nov 2004 22:22:32 +0100, Ingo Kl?cker said: > What a mess; I should have better not included the gpg2 with gnupg 1.9. Well the idea would be to actually make gnupg-1.9. be the integrated development line. ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041118/eb7de74b/attachment.bin From aegypten-issues at intevation.de Fri Nov 19 08:30:55 2004 From: aegypten-issues at intevation.de (Bernhard Reiter) Date: Fri Nov 19 08:27:21 2004 Subject: [issue279] Failing s/mime sending, mutt leaves an attachment Message-ID: <1100849455.69.0.671787021277.issue279@intevation.de> New submission from Bernhard Reiter : Mutt CVS 20041109 patch-1.5.6cvs.g10.mdn.3 mutt-crl-too-old-20041004 patch-1.5.6cvs.g10.gpgme.6 (wrongly claiming .4) Try to encrypt, sign a plain/text s/mime email and have this failing because of too old CRL of one of the recipient. What happens is that then you have an extra attachment with the signature left over that you need to delete manually if you retry this (directly or after postponing the email.) A better behaviour would be to not have this attachement there, if the whole operation failed. ---------- messages: 1807 nosy: bernhard priority: minor bug status: unread title: Failing s/mime sending, mutt leaves an attachment topic: mutt ______________________________________________________ Aegypten issue tracker ______________________________________________________ From aegypten-issues at intevation.de Fri Nov 19 08:41:08 2004 From: aegypten-issues at intevation.de (Bernhard Reiter) Date: Fri Nov 19 08:37:34 2004 Subject: [issue280] importing and mailing keys from mutt breaks Message-ID: <1100850068.54.0.339385692493.issue280@intevation.de> New submission from Bernhard Reiter : mutt cvs 20041109 patch-1.5.6cvs.g10.mdn.3 mutt-crl-too-old-20041004 patch-1.5.6cvs.g10.gpgme.4 Press "?" gives you the Control-k is mapped to extract-keys. If you press the button: Nothing work. There is also Esc-k which should pop up a selection for mailing a key. Also does not work. ---------- assignedto: werner messages: 1810 nosy: bernhard, werner priority: bug status: unread title: importing and mailing keys from mutt breaks topic: mutt ______________________________________________________ Aegypten issue tracker ______________________________________________________ From erik.wasser at iquer.net Mon Nov 22 18:38:54 2004 From: erik.wasser at iquer.net (Erik Wasser) Date: Mon Nov 22 18:35:27 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <87oehx5407.fsf@wheatstone.g10code.de> References: <200410312324.58710.erik.wasser@iquer.net> <200411162329.22794@erwin.ingo-kloecker.de> <87oehx5407.fsf@wheatstone.g10code.de> Message-ID: <200411221838.54438.erik.wasser@iquer.net> On Wednesday 17 November 2004 08:27, Werner Koch wrote: > Actually gpg2 is not used at all. The current CVS version even > displays: I don't know if this adds something the discussion but anyway have a look at this: % cd /usr/bin % dir -al gpg* lrwxrwxrwx 1 root root 24 Nov 18 11:38 gpg -> /usr/local/gnupg/bin/gpg lrwxrwxrwx 1 root root 24 Nov 22 18:23 gpg2 -> /usr/local/gnupg/bin/gpg gnupg-1.3.92 is installed in '/usr/local/gnupg'. When I remove the gpg2 link the OpenGPG support vanished in KMail (KMail 1.7.1, KDE 3.3.1). The icons are disabled etc... I just can't select it anymore and it's doesn't working anymore. What does that mean? B-) -- So long... Fuzz From john at johnrshannon.com Mon Nov 22 18:58:12 2004 From: john at johnrshannon.com (John R. Shannon) Date: Mon Nov 22 18:54:53 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411221838.54438.erik.wasser@iquer.net> References: <200410312324.58710.erik.wasser@iquer.net> <87oehx5407.fsf@wheatstone.g10code.de> <200411221838.54438.erik.wasser@iquer.net> Message-ID: <200411221058.12608.john@johnrshannon.com> Hi, I ported the project aegypten software over to NetBSD. One of the biggest problems I had was with Kmail communication with gpg-agent. The following helped me track down my problems: 1. kill any running gpg-agents and kmail 2. In a shell windows start gpg-agent: eval `gpg-agent --daemon` 3. start kmail in the same window so it sees the GPG_AGENT_INFO shell variable 4. Try sending yourself a message. On Monday 22 November 2004 10:38 am, Erik Wasser wrote: > On Wednesday 17 November 2004 08:27, Werner Koch wrote: > > Actually gpg2 is not used at all. The current CVS version even > > displays: > > I don't know if this adds something the discussion but anyway have a > look at this: > > % cd /usr/bin > % dir -al gpg* > lrwxrwxrwx 1 root root 24 Nov 18 11:38 gpg > -> /usr/local/gnupg/bin/gpg > lrwxrwxrwx 1 root root 24 Nov 22 18:23 gpg2 > -> /usr/local/gnupg/bin/gpg > > gnupg-1.3.92 is installed in '/usr/local/gnupg'. > > When I remove the gpg2 link the OpenGPG support vanished in KMail (KMail > 1.7.1, KDE 3.3.1). The icons are disabled etc... I just can't select it > anymore and it's doesn't working anymore. > > What does that mean? B-) -- John R. Shannon john@johnrshannon.com john.r.shannon@saic.com shannonjr@NetBSD.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20041122/02a8f3b0/attachment.bin From wk at gnupg.org Thu Nov 25 14:04:35 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Nov 25 14:04:38 2004 Subject: libassuan 0.6.8 released Message-ID: <87pt22cc64.fsf@wheatstone.g10code.de> Hi! I just released libassuan 0.6.8 which is required for the latest dirmngr from CVS. ftp://ftp.gnupg.org/gcrypt/alpha/libassuan-0.6.8.tar.gz (238k) ftp://ftp.gnupg.org/gcrypt/alpha/libassuan-0.6.8.tar.gz.sig ftp://ftp.gnupg.org/gcrypt/alpha/libassuan-0.6.7-0.6.8.diff.gz (11k) 57465c6d5e1c4c36d7412a03c4f65853 libassuan-0.6.8.tar.gz d18af095b6ea5044d9e31896b04df23e libassuan-0.6.7-0.6.8.diff.gz Noteworthy changes in version 0.6.8 (2004-11-25) ------------------------------------------------ * assuan_write_status does now return an error code. * Fixes for C89 compatibility and some first takes on a W32 port. Happy hacking, Werner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available Url : /pipermail/attachments/20041125/eb7b727b/attachment.bin From michaelnottebrock at gmx.net Thu Nov 25 19:55:18 2004 From: michaelnottebrock at gmx.net (Michael Nottebrock) Date: Thu Nov 25 19:55:36 2004 Subject: libassuan 0.6.8 released In-Reply-To: <87pt22cc64.fsf@wheatstone.g10code.de> References: <87pt22cc64.fsf@wheatstone.g10code.de> Message-ID: <200411251955.19841.michaelnottebrock@gmx.net> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20041125/8a0c0c29/attachment.bin From wk at gnupg.org Sat Nov 27 11:04:34 2004 From: wk at gnupg.org (Werner Koch) Date: Sat Nov 27 11:33:01 2004 Subject: libassuan 0.6.8 released In-Reply-To: <200411251955.19841.michaelnottebrock@gmx.net> (Michael Nottebrock's message of "Thu, 25 Nov 2004 19:55:18 +0100") References: <87pt22cc64.fsf@wheatstone.g10code.de> <200411251955.19841.michaelnottebrock@gmx.net> Message-ID: <87653rmwul.fsf@wheatstone.g10code.de> On Thu, 25 Nov 2004 19:55:18 +0100, Michael Nottebrock said: > In assuan-socket.c, an additional include is required to compile on FreeBSD 4. Somehow I expected those small glitches. Thanks for reporting. Werner From erik.wasser at iquer.net Tue Nov 30 23:39:22 2004 From: erik.wasser at iquer.net (Erik Wasser) Date: Tue Nov 30 23:35:46 2004 Subject: kmail doesn t sign/encrypt e-mails, broken pipe In-Reply-To: <200411221058.12608.john@johnrshannon.com> References: <200410312324.58710.erik.wasser@iquer.net> <200411221838.54438.erik.wasser@iquer.net> <200411221058.12608.john@johnrshannon.com> Message-ID: <200411302339.22996.erik.wasser@iquer.net> On Monday 22 November 2004 18:58, John R. Shannon wrote: > [...] Thanks for your help and for the help of the others: I got now gnupg 1.3.92 *AND* gnupg-1.9.11 on my computer at the same time. gnupg-1.3.92 deals with key and makes the encryption and decryption. From gnupg-1.9.11 I'm only using the gpg-agent in combination with 'pinentry-qt' and KDE. I will not touch this system for years. B-) -- So long... Fuzz