I have installed Enigmail with Thunderbird and ReinerSCT komfort
Smartcard reader. In order to get GnuPG work with my Smartcard inserted,
I had to add two command line parameters:
I added these in the Enigmail configuration, too.
Now I see an error when sending/signing a message: no SmartCard found in reader!
This is because of the additional wrong command line parameter added by
You can see the full gpg command in the following console snippet:
Please remove the standard --use-agent from enigmail.
Thanks and bye
Initializing Enigmail service ...
enigmail> /usr/bin/gpg --version --version --batch --no-tty --charset
utf-8 --display-charset utf-8
gpg (GnuPG) 1.4.14
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Öff. Schlüssel: RSA, RSA-E, RSA-S, ELG-E, DSA
Verschlü.: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2
EnigTest: START ********************************
EnigTest: To: firstname.lastname@example.org
TEST MESSAGE 123
TEST MESSAGE 345
enigmail> /usr/bin/gpg --charset utf-8 --display-charset utf-8
--disable-ccid --no-use-agent --batch --no-tty --status-fd 2 --comment
Using GnuPG with undefined - http://www.enigmail.net/ -t --clearsign -u
Enigmail version: 1.4
Tested with enigmail version 1.5.2, error is now:
Fehler - Verschlüsselung fehlgeschlagen
(eng.: error - crypting not possible)
Now, after reboot, signing and sending email works fine!
But: receiving crypted email from email@example.com is not possible to decrypt...
I have imported public key from keyserver, but I think enigmail gets messed up with internationalization: public key in key management is english, while "from" address in email is german.
If I set to manually select public key there is no given choice and potentially evaluatable public key of key trust is empty.
Anybody a clue, how I get signing and decryption to work?
For decryption you don't need any public key, you only need your private key.
I'd say the problem is still related to the first issue you had. Enigmail will unconditionally append --use-agent if the environment variable GPG_AGENT_INFO is set, i.e. if it detects that gpg-agent is configured and used. You will need to unset the env. variable to ensure that Enigmail would not try to use gpg-agent.
you are right: I need to access my secret key stored on smartcard to decrypt the test message.
And I do not get Enigmail to decrypt and verify the signature. In fact it says:
Fehler - Überprüfung der Unterschrift fehlgeschlagen"
And only mentiones the signature not the decryption.
This all is tested with your hint of unsetting the environment variable in .bashrc:
But in console it still has the two console parameters:
--no-use-agent ... --use-agent
Do you have another clue?
Hi again Patrick,
now I am lost: the previously working message signing with my smartcard private key is now broken (again?).
I rebooted, no way, but I noticed a change in Thunderbird version from 17 to 24.
Can that be related?
You should not use "export var=", but "unset var" to not set it.
There is no relevant difference in Enigmail between TB 17 and TB 24.
I'd suggest you attach a debug log file, then I can possibly tell you more.
See here for how to create a debug log file: https://www.enigmail.net/support/bugs.php#execTrace
Thanks for the hints.
I can read smartcard info with enigmail and decrypt with gpg on command line.
I cannot sign/crypt/decrypt with enigmail.
Here is the log!
You still have the GPG_AGENT_INFO environment variable set, thus Enigmail will forcibly use gpg-agent.
You have to unset GPG_AGENT_INFO in your .xinitrc or .xsessionrc and make sure that the variable is really not set, otherwise you will not succeed.
I do unset GPG_AGENT_INFO in .xinitrc or .xsessionrc in Ubuntu, but in env it is still set!
There seems to be other bugs with unsetting this variable, see here:
I have no way of disabling the env variable GPG_AGENT_INFO other than putting the unset command in .bashrc
But this does not prevent thunderbird/enigmail from putting --use-agent to the gpg command line. Same for .xsessionrc and .xinitrc
Could you please provide a nightly build without the option --use-agent in it?
If --use-agent is still sent, then the variable is still set, or you activated the option to use gpg-agent. If you post another debug log file I'll check why Enigmail still uses --use-agent.
I won't change the logic in Enigmail.
--use-agent is still sent, see attached log.
env variable GPG_AGENT_INFO is unset in .xsessionrc
The option you mentioned is not evaluated by enigmail, either set or unset, confirmed by a pop-up box.
Why is an option used for a program that is not installed on my computer:
Die Anwendung »gpg-agent« ist momentan nicht installiert. Sie können sie durch folgende Eingabe installieren:
sudo apt-get install gnupg-agent
Please have a look at my provided log!
The variable is still set (see below). Unsetting it in .bashrc won't unset it for programs started via the GUI, this only works from the command line. I think that gnome-keyring or seahorse-agent is started. I would try uninstalling these tools.
2013-10-06 01:20:48.603 [DEBUG] enigmail.js: detectGpgAgent
2013-10-06 01:20:48.603 [DEBUG] enigmail.js: detectGpgAgent: GPG_AGENT_INFO variable available
2013-10-06 01:20:48.603 [DEBUG] enigmail.js: detectGpgAgent: GPG_AGENT_INFO='/run/user/1000/keyring-8tBmfa/gpg:0:1'
When I remove gnome-keyring or seahorse then the whole ubuntu-desktop will be removed, too. I cannot do that.
Don't you think it is a pity that the command line option clash described in the ticket title breaks the use of smartcard?
Then I'd suggest one of the two following options:
Try to set up Gnome keyring such that it's not started during the login process
Write a wrapper shell script to launch Thunderbird which unsets GPG_AGENT_INFO
OK, I have written wrapper with unset GPG_AGENT_INFO and now the first signature w/ smartcard key works! Following signatures and any encryption does not work with the following error message:
Sending of the message failed. Check account settings.
That's most likely due to [bugs:#175], which will be fixed in the next release.
Thanks a lot. Looking forward to next version of enigmail.
Thanks for Version 1.6: smartcard support with above configuration works fine now. Here is what I did for Reiner SCT komfort smartcard reader:
-install packages libifd-cyberjack6 and fxcyberjack under ubuntu
-add the following lines to ~.gnupg/gpg.conf:
-Last line replaces original entry use-agent
Go for it!
P. S. it is a good idea to add a group named cyberjack and add the current user to this group. I do not know if ubuntu automagically does this. Please refer to documentation man for this.
One more hint -
If the enigmail error debug console still shows command line option --use-agent here is what to do in Ubuntu linux
- create dir ~/bin
- cd bin
- put file thunderbird with the following contents
After logout/login e-mail and enigmail should work fine.
put an # in front of line