FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 02-21-2010, 01:50 PM
Mick
 
Default gnupg fails to decrypt on kmail

Yesterday I updated my system and after a series of:

revdep-rebuild --library libjpeg.so.7

and

revdep-rebuild -v -i

I thought all was good to go. Unfortunately, I now noticed that I cannot open
encrypted messages anymore and signing mail fails. This points towards gnupg
which I remerged along with all packages I thought might me relevant. I
haven't yet remerged openssl (will try that in a minute) but I am not sure
that will help. It's not just smime but also openpgp that fails.

Has anyone else noticed this and have you found any fixes for it?
--
Regards,
Mick
 
Old 02-21-2010, 02:08 PM
Willie Wong
 
Default gnupg fails to decrypt on kmail

On Sun, Feb 21, 2010 at 02:50:09PM +0000, Mick wrote:
> Yesterday I updated my system and after a series of:
>
> revdep-rebuild --library libjpeg.so.7
>
> and
>
> revdep-rebuild -v -i
>
> I thought all was good to go. Unfortunately, I now noticed that I cannot open
> encrypted messages anymore and signing mail fails. This points towards gnupg
> which I remerged along with all packages I thought might me relevant. I
> haven't yet remerged openssl (will try that in a minute) but I am not sure
> that will help. It's not just smime but also openpgp that fails.
>
> Has anyone else noticed this and have you found any fixes for it?

Just a random guess: maybe revdep-rebuild updated to a new version and
configuration files changed? Did you look at the elogs of whatever you
re-emerged yesterday?

Cheers,

W
--
Willie W. Wong wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire
et vice versa ~~~ I. Newton
 
Old 02-21-2010, 02:32 PM
Mick
 
Default gnupg fails to decrypt on kmail

On Sunday 21 February 2010 15:08:28 Willie Wong wrote:
> On Sun, Feb 21, 2010 at 02:50:09PM +0000, Mick wrote:
> > Yesterday I updated my system and after a series of:
> >
> > revdep-rebuild --library libjpeg.so.7
> >
> > and
> >
> > revdep-rebuild -v -i
> >
> > I thought all was good to go. Unfortunately, I now noticed that I cannot
> > open encrypted messages anymore and signing mail fails. This points
> > towards gnupg which I remerged along with all packages I thought might me
> > relevant. I haven't yet remerged openssl (will try that in a minute) but
> > I am not sure that will help. It's not just smime but also openpgp that
> > fails.
> >
> > Has anyone else noticed this and have you found any fixes for it?
>
> Just a random guess: maybe revdep-rebuild updated to a new version and
> configuration files changed? Did you look at the elogs of whatever you
> re-emerged yesterday?

Yes and I ran dispatch-conf for a couple of changes. However, nothing that I
recall was related to encryption:

Sat Feb 20 08:05:50 2010 >>> media-libs/jpeg-8
Sat Feb 20 08:20:29 2010 >>> media-sound/phonon-4.3.80-r1
Sat Feb 20 08:36:37 2010 >>> media-libs/tiff-3.9.2
Sat Feb 20 08:39:24 2010 >>> media-libs/libquicktime-1.1.3
Sat Feb 20 08:42:15 2010 >>> media-libs/gd-2.0.35-r1

Anything else I could look into?
--
Regards,
Mick
 
Old 02-21-2010, 04:01 PM
Willie Wong
 
Default gnupg fails to decrypt on kmail

On Sun, Feb 21, 2010 at 03:32:00PM +0000, Mick wrote:
> On Sunday 21 February 2010 15:08:28 Willie Wong wrote:
> > On Sun, Feb 21, 2010 at 02:50:09PM +0000, Mick wrote:
> > > Yesterday I updated my system and after a series of:
> > >
> > > revdep-rebuild --library libjpeg.so.7
> > >
> > > and
> > >
> > > revdep-rebuild -v -i
> > >
> > > I thought all was good to go. Unfortunately, I now noticed that I cannot
> > > open encrypted messages anymore and signing mail fails. This points
> > > towards gnupg which I remerged along with all packages I thought might me
> > > relevant. I haven't yet remerged openssl (will try that in a minute) but
> > > I am not sure that will help. It's not just smime but also openpgp that
> > > fails.
> > >
> > > Has anyone else noticed this and have you found any fixes for it?
> >
> > Just a random guess: maybe revdep-rebuild updated to a new version and
> > configuration files changed? Did you look at the elogs of whatever you
> > re-emerged yesterday?
>
> Yes and I ran dispatch-conf for a couple of changes. However, nothing that I
> recall was related to encryption:
>
> Sat Feb 20 08:05:50 2010 >>> media-libs/jpeg-8
> Sat Feb 20 08:20:29 2010 >>> media-sound/phonon-4.3.80-r1
> Sat Feb 20 08:36:37 2010 >>> media-libs/tiff-3.9.2
> Sat Feb 20 08:39:24 2010 >>> media-libs/libquicktime-1.1.3
> Sat Feb 20 08:42:15 2010 >>> media-libs/gd-2.0.35-r1
>
> Anything else I could look into?

Then I am kind of out of ideas. You mentioned that you remerged gnupg:
was there any warnings or logs at the end of the merge? (If you have
it enabled, the logs maybe stored in /var/log/portage/elog/)

You say that smime and openpgp fails, do you have the error message?
It may help other people who know more about this to answer your
question.

Cheers,

W
--
Willie W. Wong wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire
et vice versa ~~~ I. Newton
 
Old 02-22-2010, 05:49 AM
Mick
 
Default gnupg fails to decrypt on kmail

On Sunday 21 February 2010 17:01:13 Willie Wong wrote:
> On Sun, Feb 21, 2010 at 03:32:00PM +0000, Mick wrote:
> > On Sunday 21 February 2010 15:08:28 Willie Wong wrote:
> > > On Sun, Feb 21, 2010 at 02:50:09PM +0000, Mick wrote:
> > > > Yesterday I updated my system and after a series of:
> > > >
> > > > revdep-rebuild --library libjpeg.so.7
> > > >
> > > > and
> > > >
> > > > revdep-rebuild -v -i
> > > >
> > > > I thought all was good to go. Unfortunately, I now noticed that I
> > > > cannot open encrypted messages anymore and signing mail fails. This
> > > > points towards gnupg which I remerged along with all packages I
> > > > thought might me relevant. I haven't yet remerged openssl (will try
> > > > that in a minute) but I am not sure that will help. It's not just
> > > > smime but also openpgp that fails.
> > > >
> > > > Has anyone else noticed this and have you found any fixes for it?
> > >
> > > Just a random guess: maybe revdep-rebuild updated to a new version and
> > > configuration files changed? Did you look at the elogs of whatever you
> > > re-emerged yesterday?
> >
> > Yes and I ran dispatch-conf for a couple of changes. However, nothing
> > that I recall was related to encryption:
> >
> > Sat Feb 20 08:05:50 2010 >>> media-libs/jpeg-8
> > Sat Feb 20 08:20:29 2010 >>> media-sound/phonon-4.3.80-r1
> > Sat Feb 20 08:36:37 2010 >>> media-libs/tiff-3.9.2
> > Sat Feb 20 08:39:24 2010 >>> media-libs/libquicktime-1.1.3
> > Sat Feb 20 08:42:15 2010 >>> media-libs/gd-2.0.35-r1
> >
> > Anything else I could look into?
>
> Then I am kind of out of ideas. You mentioned that you remerged gnupg:
> was there any warnings or logs at the end of the merge? (If you have
> it enabled, the logs maybe stored in /var/log/portage/elog/)
>
> You say that smime and openpgp fails, do you have the error message?
> It may help other people who know more about this to answer your
> question.

Thanks again for your help. The problem seems to be with pinentry when gpg is
invoked manually:

gpg: problem with the agent: No pinentry

and then as a consequence:

gpg: public key decryption failed: General error
gpg: decryption failed: No secret key

However, I have remerged pinentry. :-(

Initially, I thought this was related to updating media-libs/jpeg-8 and
library libjpeg.so.7, but it seems that it may be related to qt3 becoming
deprecated? Perhaps I should unmask app-crypt/pinentry-0.7.6 which has qt4 in
its USE flags and try with that?

Meanwhile I just resync'ed and there's a load of kde-4.3.5 updates. Perhaps I
was cought up in some major update bonanza and that's why this broke. I'll
finish the update and see how it goes.
--
Regards,
Mick
 
Old 02-24-2010, 10:31 AM
Mick
 
Default gnupg fails to decrypt on kmail

On 22 February 2010 06:49, Mick <michaelkintzios@gmail.com> wrote:
> On Sunday 21 February 2010 17:01:13 Willie Wong wrote:
>> On Sun, Feb 21, 2010 at 03:32:00PM +0000, Mick wrote:
>> > On Sunday 21 February 2010 15:08:28 Willie Wong wrote:
>> > > On Sun, Feb 21, 2010 at 02:50:09PM +0000, Mick wrote:
>> > > > Yesterday I updated my system and after a series of:
>> > > >
>> > > > *revdep-rebuild --library libjpeg.so.7
>> > > >
>> > > > and
>> > > >
>> > > > *revdep-rebuild -v -i
>> > > >
>> > > > I thought all was good to go. *Unfortunately, I now noticed that I
>> > > > cannot open encrypted messages anymore and signing mail fails. *This
>> > > > points towards gnupg which I remerged along with all packages I
>> > > > thought might me relevant. *I haven't yet remerged openssl (will try
>> > > > that in a minute) but I am not sure that will help. *It's not just
>> > > > smime but also openpgp that fails.
>> > > >
>> > > > Has anyone else noticed this and have you found any fixes for it?
>> > >
>> > > Just a random guess: maybe revdep-rebuild updated to a new version and
>> > > configuration files changed? Did you look at the elogs of whatever you
>> > > re-emerged yesterday?
>> >
>> > Yes and I ran dispatch-conf for a couple of changes. *However, nothing
>> > that I recall was related to encryption:
>> >
>> > * * *Sat Feb 20 08:05:50 2010 >>> media-libs/jpeg-8
>> > * * *Sat Feb 20 08:20:29 2010 >>> media-sound/phonon-4.3.80-r1
>> > * * *Sat Feb 20 08:36:37 2010 >>> media-libs/tiff-3.9.2
>> > * * *Sat Feb 20 08:39:24 2010 >>> media-libs/libquicktime-1.1.3
>> > * * *Sat Feb 20 08:42:15 2010 >>> media-libs/gd-2.0.35-r1
>> >
>> > Anything else I could look into?
>>
>> Then I am kind of out of ideas. You mentioned that you remerged gnupg:
>> was there any warnings or logs at the end of the merge? (If you have
>> it enabled, the logs maybe stored in /var/log/portage/elog/)
>>
>> You say that smime and openpgp fails, do you have the error message?
>> It may help other people who know more about this to answer your
>> question.
>
> Thanks again for your help. *The problem seems to be with pinentry when gpg is
> invoked manually:
>
> gpg: problem with the agent: No pinentry
>
> and then as a consequence:
>
> gpg: public key decryption failed: General error
> gpg: decryption failed: No secret key
>
> However, I have remerged pinentry. *:-(
>
> Initially, I thought this was related to updating media-libs/jpeg-8 and
> library libjpeg.so.7, but it seems that it may be related to qt3 becoming
> deprecated? *Perhaps I should unmask app-crypt/pinentry-0.7.6 which has qt4 in
> its USE flags and try with that?
>
> Meanwhile I just resync'ed and there's a load of kde-4.3.5 updates. *Perhaps I
> was cought up in some major update bonanza and that's why this broke. *I'll
> finish the update and see how it goes.

This is rather debilitating ... I have now update pinentry to 0.7.6
and I still have the same problem. :-(

I may have to restore my system from a back up just to access my
encrypted data, which is something I'd rather not have to do after a
mammoth kde update.

The elog of pinentry shows this, but I am not sure I understand what
it means, or if it is related to my problem.

======================================

>>> Messages generated by process 10763 on 2010-02-24 07:01:34 GMT for package a
pp-crypt/pinentry-0.7.6:

LOG: postinst
We no longer install pinentry-curses and pinentry-qt SUID root by default.
Linux kernels >=2.6.9 support memory locking for unprivileged processes.
The soft resource limit for memory locking specifies the limit an
unprivileged process may lock into memory. You can also use POSIX
capabilities to allow pinentry to lock memory. To do so activate the caps
USE flag and add the CAP_IPC_LOCK capability to the permitted set of
your users.
======================================

Since invoking gpg on the CLI does not ask for a passphrase and it returns:

gpg: problem with the agent: No pinentry

I assume that the problem is with pinentry. Is there some other
application involved here that I should look into?
--
Regards,
Mick
 
Old 02-24-2010, 01:48 PM
Willie Wong
 
Default gnupg fails to decrypt on kmail

On Wed, Feb 24, 2010 at 11:31:34AM +0000, Mick wrote:
> Since invoking gpg on the CLI does not ask for a passphrase and it returns:
>
> gpg: problem with the agent: No pinentry
>
> I assume that the problem is with pinentry. Is there some other
> application involved here that I should look into?

pinentry is the standalone package to asks for the passphrase for gpg.
Try up'ing the verbosity on gpg? E.g. run `gpg -vv' on your CLI and
post full output (modulo anything sensitive, of course)?

(Also, a stupid question: at any point did you rebuild gpg? Did you
restart the gpg-agent afterwards?)

Cheers,

W
--
Willie W. Wong wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire
et vice versa ~~~ I. Newton
 
Old 02-24-2010, 02:03 PM
Willie Wong
 
Default gnupg fails to decrypt on kmail

On Wed, Feb 24, 2010 at 11:31:34AM +0000, Mick wrote:
> Since invoking gpg on the CLI does not ask for a passphrase and it returns:
>
> gpg: problem with the agent: No pinentry
>
> I assume that the problem is with pinentry. Is there some other
> application involved here that I should look into?

Hum, also, try getting some debug output from gpg-agent:

(1) 'killall gpg-agent' (and run ps aux to see if they are really
killed)
(2) Restart gpg-agent via

eval 'gpg-agent --daemon --no-detach --debug-level guru --log-file ~/gpg-agent.log'
(3) Run gpg.

Look at the content of ~/gpg-agent.log to see if anything is amiss.

HTH,

W
--
Willie W. Wong wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire
et vice versa ~~~ I. Newton
 
Old 02-24-2010, 09:51 PM
Mick
 
Default gnupg fails to decrypt on kmail

On Wednesday 24 February 2010 15:03:06 Willie Wong wrote:

> Hum, also, try getting some debug output from gpg-agent:
>
> (1) 'killall gpg-agent' (and run ps aux to see if they are really
> killed)
> (2) Restart gpg-agent via
>
> eval 'gpg-agent --daemon --no-detach --debug-level guru --log-file
> ~/gpg-agent.log' (3) Run gpg.
>
> Look at the content of ~/gpg-agent.log to see if anything is amiss.

Thank you very much for persevering with me! :-)

I changed your eval argument a bit and this is what I noticed:

eval "$(gpg-agent --daemon --no-detach --debug-level guru --log-file gpg-
agent.log)"
gpg-agent[7276]: enabled debug flags: command mpi crypto memory cache memstat
hashing assuan

The log file shows:
================================================
2010-02-24 20:32:01 gpg-agent[7276] listening on socket `/tmp/gpg-
IX4A40/S.gpg-agent'
2010-02-24 20:32:01 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 started
2010-02-24 20:32:13 gpg-agent[7277] SIGINT received - immediate shutdown
2010-02-24 20:32:13 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 stopped
2010-02-24 20:32:13 gpg-agent[7277] random usage: poolsize=600 mixed=0
polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
2010-02-24 20:32:13 gpg-agent[7277] secmem usage: 0/32768 bytes in 0 blocks
================================================

However, when I invoke gpg it looks for another socket ... different to the
one that the agent is listening on.
================================================
$ gpg -vv DATA/some_data.ods.gpg
gpg: using character set `iso-8859-1'
gpg: enabled debug flags: memstat
ubkey enc packet: version 3, algo 16, keyid <ZZZZZZZZZZZ>
data: [2048 bits]
data: [2045 bits]
gpg: public key is XXXXXXXX
gpg: using subkey XXXXXXXX instead of primary key YYYYYYYY

You need a passphrase to unlock the secret key for
user: "me <me@gmail.com>"
gpg: using subkey XXXXXXXX instead of primary key YYYYYYYY
2048-bit ELG key, ID XXXXXXXX, created 2010-01-25 (main key ID YYYYYYYY)

can't connect to `/tmp/gpg-pNLb9Y/S.gpg-agent': No such file or directory
gpg: can't connect to the agent - trying fall back
can't connect to `/home/michael/.gnupg/S.gpg-agent': No such file or directory
gpg: no running gpg-agent - starting one
gpg-agent[7265]: enabled debug flags: assuan
can't connect to `/home/michael/.gnupg/log-socket': Connection refused
gpg: problem with the agent: No pinentry
:encrypted data packet:
length: 22577
mdc_method: 2
gpg: encrypted with 2048-bit ELG key, ID XXXXXXXX, created 2010-01-25
"me <me@gmail.com>"
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key
================================================

Why is this? Invoking gpg to decrypt different (encrypted) files always
brings up that socket '/tmp/gpg-pNLb9Y/S.gpg-agent'. Shouldn't it be a
different socket each time?

Another thing that shows something has gone south is that pinentry no longer
asks for a passphrase as shown above. Also, when I encrypt a file it still
does not ask for my passphrase - it just encrypts the file!
--
Regards,
Mick
 
Old 02-24-2010, 11:09 PM
Willie Wong
 
Default gnupg fails to decrypt on kmail

On Wed, Feb 24, 2010 at 10:51:38PM +0000, Mick wrote:
> eval "$(gpg-agent --daemon --no-detach --debug-level guru --log-file gpg-
> agent.log)"
> gpg-agent[7276]: enabled debug flags: command mpi crypto memory cache memstat
> hashing assuan
>
> The log file shows:
> ================================================
> 2010-02-24 20:32:01 gpg-agent[7276] listening on socket `/tmp/gpg-
> IX4A40/S.gpg-agent'
> 2010-02-24 20:32:01 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 started
> 2010-02-24 20:32:13 gpg-agent[7277] SIGINT received - immediate shutdown
> 2010-02-24 20:32:13 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 stopped
> 2010-02-24 20:32:13 gpg-agent[7277] random usage: poolsize=600 mixed=0
> polls=0/0 added=0/0
> outmix=0 getlvl1=0/0 getlvl2=0/0
> 2010-02-24 20:32:13 gpg-agent[7277] secmem usage: 0/32768 bytes in 0 blocks
> ================================================
>
> However, when I invoke gpg it looks for another socket ... different to the
> one that the agent is listening on.
> ================================================
> $ gpg -vv DATA/some_data.ods.gpg
> gpg: using character set `iso-8859-1'
> gpg: enabled debug flags: memstat
> ubkey enc packet: version 3, algo 16, keyid <ZZZZZZZZZZZ>
> data: [2048 bits]
> data: [2045 bits]
> gpg: public key is XXXXXXXX
> gpg: using subkey XXXXXXXX instead of primary key YYYYYYYY
>
> You need a passphrase to unlock the secret key for
> user: "me <me@gmail.com>"
> gpg: using subkey XXXXXXXX instead of primary key YYYYYYYY
> 2048-bit ELG key, ID XXXXXXXX, created 2010-01-25 (main key ID YYYYYYYY)
>
> can't connect to `/tmp/gpg-pNLb9Y/S.gpg-agent': No such file or directory
> gpg: can't connect to the agent - trying fall back
<snip>
> ================================================
>
> Why is this? Invoking gpg to decrypt different (encrypted) files always
> brings up that socket '/tmp/gpg-pNLb9Y/S.gpg-agent'. Shouldn't it be a
> different socket each time?

Ack, let's do this one step at a time then. First let's try to figure
out the problem with the gpg-agent.

This time, run the command from gpg-agent, not inside a eval
statement. Just by itself on the commandline.

It should spit out the environmental variable GPG_AGENT_INFO.
Copy the content of that variable (so copy the whole thing
GPG_AGENT_INFO="......." )
In a new prompt, first paste the variable, then type gpg -vv *file*

So it should be

GPG_AGENT_INFO="......" gpg -vv DATA/filename.ogg

Quick explanation: gpg finds out where the agent is by looking at the
environmental variable GPG_AGENT_INFO. We want to try to make sure it
is in fact looking at that variable. Take a look at the man pages for
gpg-agent and gpg for more information.

Now look at the output again to see if it is still connecting to the
"wrong" socket.

W
--
Willie W. Wong wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire
et vice versa ~~~ I. Newton
 

Thread Tools




All times are GMT. The time now is 09:37 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org