"encryption command failed" on sending mail
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
Menu
▾
▴
1 Attachments
#403 "encryption command failed" on sending mail
Using OSX 10.10.2
Using Homebrew
Installed gnupg21,pinentry,pinentry-mac with homebrew
Enigmail: nightly build. (build date: 2015-02-08, version: 1.8a1pre, git rev: cd75479dee74bb35b144307ff3da4ff48c1dfc5f)
My GPG key pair has a password.
Steps:
1. Install Thunderbird and Enigmail.
2. Compose an email to myself. Using plain text. Signing. Not encrypting.
3. Send
Expected:
4a. Ask me for the password of my key.
5a. Send the email.
Actual:
4b. It does not ask me for password.
5b. A window pops up. "Title: Sending Message - Test signing"
6b. Before that window goes away, another window pops up. Title: "Enigmail Alert". Content: "Error - encryption command failed".
7b. After closing that alert window, another alert window pops up. Title: "Sending Message Error". Content: "Sending mail failed. Please verify that ...."
The content of gpg-agent.conf is attached.
I don't have a gpg.conf
Content of Enigmail Console:
Initializing Enigmail service ... EnigmailAgentPath=/usr/local/bin/gpg2 enigmail> /usr/local/bin/gpg2 --version --version --batch --no-tty --charset utf-8 --display-charset utf-8 gpg (GnuPG) 2.1.1 libgcrypt 1.6.2 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 enigmail> /usr/local/bin/gpg2 --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -t --clearsign -u <wks1986@gmail.com> --use-agent enigmail> /usr/local/bin/gpg2 --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -t --clearsign -u <wks1986@gmail.com> --use-agentContent of Enigmail Debug Log:
Some extra information:
If I sign anything using the command line
gpg2 --sign, it will ask me for password and sign it. If I then go to Thunderbird and send a signed email, it will sign and send it without problem, using the password cached somewhere.We need a debug log. Please first stop gpg-agent, then restart Thunderbird, replay the above mentioned procedure. Afterwards save the log with Enigmail -> Debugging options -> View log , click on "Save log to file".
Regarding personal information in this file, you may eiter obfuscate it before posting it here or send it to Patrick (patrick at enigmail dot net) or me (ludwig at enigmail dot net) via encrypte mail.
Thanks!
I made sure there was no gpg-agent processes before running Thunderbird. The attached file is the log after I replayed the procedure.
From what I can tell, there is an issue between gpg, gpg-agent and the pinentry-tool you configured. If you used the command line to sign the message, did the graphical version of pinentry pop up (i.e. in a separate window, not in the command line window)?
Yes. A separate window (title: Pinentry Mac) appears, asking me to input the passphase of my OpenPGP secret key.
FYI, I have this line "
pinentry-program /usr/local/bin/pinentry-mac" in my "~/.gnupg/gpg-agent.conf" as attached in the first post.The "
pinentry" package from Homebrew is compiled from ftp://ftp.gnupg.org/gcrypt/pinentry/pinentry-0.9.0.tar.bz2 provided by gnupg.org (http://www.gnupg.org/related_software/pinentry/index.en.html). It is configured with--disable-dependency-tracking,--disable-pinentry-qt4and--disable-pinentry-gtk2options. The contents are:The "
pinentry-mac" package from Homebrew is compiled from https://github.com/GPGTools/pinentry-mac/archive/v0.8.1.tar.gz provided by https://github.com/GPGTools/pinentry-macContents are:
Homebrew creates symbolic links to
/usr/local. For example,/usr/local/bin/pinentry-mac->/usr/local/Cellar/pinentry-mac/0.8.1/bin/pinentry-mac.Last edit: wks 2015-02-08
According to the debug log, Enigmail run the following command:
The output from GnuPG is this:
I'm using GnuPG 2.1.1 myself, and I played around with erroneous configurations yesterday. The above error message only comes if gpg-agent cannot call pinentry, or if pinentry cannot be displayed (e.g. wrong DISPLAY env. var, pinentry-cursrs is used etc.).
In any case, I'd set pinentry-program to /usr/local/Cellar/pinentry-mac/0.8.1/bin/pinentry-mac
The reason is that pinentry-mac relies on the LANG environment variable to work.
Assume
pinentry-macis installed and~/.gnupg/gpg-agent.confcontains this line:pinentry-program /usr/local/bin/pinentry-macBefore executing EACH of the commands below, kill existing gpg-agent by
killall gpg-agent.This will work:
env -i PATH=$PATH LANG=$LANG gpg2 --sign --armorThis will NOT work:
env -i PATH=$PATH gpg2 --sign --armorWhen working, a window will pop up asking me for password.
A small hack reveals that when Thunderbird (Enigmail) calls gpg2, there is no LANG env var. Move
/usr/local/bin/gpg2to/usr/local/bin/gpg3Then make a script and save it as/usr/local/bin/gpg2:The content I see on my machine is:
There is a workaround to this bug: replacing the last line in the hacked
/usr/local/bin/gpg2above with:LANG=en_AU.UTF-8 gpg3 "$@".I suggest letting Thunderbird expose the LANG environment variable to gpg2 when calling so as to make pinentry-mac work.
Which version of gpg2 and from which source do you use? I cannot confirm this for GnuPG 2.1.2 installed from gpgosx.
GPG2 is 2.1.2, installed from homebrew: brew install gnupg21
pinentry-mac is installed from homebrew: brew install pinentry-mac
On 1/03/2015 7:51 pm, Patrick Brunschwig wrote:
Related
Bugs:
#403The LANG variable is actually one of those variables that are passed on from Thunderbird to gpg. But this works of course only, if the LANG variable was set when Thunderbird was started.
I'd suggest you repeat your test, but this time you start Thunderbird from the command line.
I tried opening Thunderbird from the commandline. The LANG variable is set when invoking
/usr/local/bin/gpg2, both when starting Thunderbird withopen -a 'Thunderbird'and directly execute/Applications/Thunderbird.app/Content/MacOS/thunderbird.So it is likely that either Mac OSX or some configurations in the Thunderbird.app package did not include the LANG environment variable.
On 1/03/2015 10:44 pm, Patrick Brunschwig wrote:
Related
Bugs:
#403I cannot see what could be fix in Enigmail for this. We do pass the LANG environment variable to gpg; if this defines the wrong locale, then this is nothing to blame Enigmail.