enigmail prompts for passphrase more than once

teun
2012-11-28
2013-04-29
  • teun
    teun
    2012-11-28

    Hi all,

    Recently i noticed that enigmail (v1.4.6 with tb17.0 on os x 10.7.4) asks me for my passphrase more than once. For example when sending mail, it prompts me to give the passphrase for signing, and then when the email is sent (the window disappears and i'm back at the TB main window) it asks for the passphrase again. Sometimes it does this more than twice. Any ideas what could be going on? It feels like unsafe.

    Any ideas would be appreciated
    thanx
    teun

     
    • I think that's because the "Global Search Indexer" opens the mail saved
      in "Sent" folder, which triggers decryption. The mail is only stored in
      the "Sent" folder after the mail is sent.

       
  • Bat Guano
    Bat Guano
    2013-02-12

    I am sorry to say this, but I am having that problem now under Linux. Running Enigmail 1.5 with Thunderbird 17.0.2.

    In a new Thunderbird-session, having configured Enigmail for use with GnuPG2, the first signature or encryption requires that I enter my password twice in a pinentry-dialog. Afterwards, once on each of the following mails.
    This does not happen, when I let Enigmail find GnuPG 1.4.11 on its own and use the default.

    Having overridden the path to gpg with the path to gpg2, I find it strange, that the entry for "found GnuPG in" is changed to gpg2, too. Screen-Shots of the configuration dialog:
    before: http://pix.toile-libre.org/?img=1360663225.png
    after: http://pix.toile-libre.org/?img=1360663242.png

     
    Last edit: Bat Guano 2013-02-12
    Attachments
  • In a new Thunderbird-session, having configured Enigmail for use with GnuPG2, the first signature or encryption requires that I enter my password twice in a pinentry-dialog. Afterwards, once on each of the following mails.

    Which passphrase caching time did you set in gpg-agent.conf?

    This does not happen, when I let Enigmail find GnuPG 1.4.11 on its own and use the default.

    When gpg1 is used, Enigmail will cache the passphrase and tries to deliver it for both encryption and signing. If the passphrase is identical for primary (used for signing) and subkey (used for decryption), then this will workout. Gpg-agent distinguishes between primary and subkey and will ask for both.

    Having overridden the path to gpg with the path to gpg2, I find it strange, that the entry for "found GnuPG in" is changed to gpg2, too.

    The "found GnuPG in" is where Enigmail displays where it found gpg. Gpg Version 1 is searched first. If you override it with a valid other setting (e.g. a parallel installation of gpg2), it will then confirm, that this will work, too.

     
  • Bat Guano
    Bat Guano
    2013-02-13

    N'abend

    Which passphrase caching time did you set in gpg-agent.conf?

    default-cache-ttl 1800

    Gpg-agent distinguishes between primary and subkey and will ask for both

    Do I understand correctly that this is the case even when I want to only sign or only encrypt? If this is one of the consequences of having sub-keys, I am ready to accept it, although, since 2.6.3in I am using sub-keys but have never encountered the same situation... If Enigmail were the first PGP/GnuPG-frontend that "does it right", it would be high time for us to get accustomed to the repeated input.

    Alas. I have a doubt.

     
    Last edit: Bat Guano 2013-02-13
  • Bat Guano
    Bat Guano
    2013-04-25

    Today, a test of GPA as installed from the Ubuntu resources showed that this front-end does not open two pinentry-boxes. In addition, the focus is set all right and you can right away begin to type your passphrase...

    The observations are made with GnuPG 2.0.19 for Enigmail, a system-provided GnuPG 2.0.17 for GPA. I am about to compile the front-end from sources and will see how it behaves with 2.0.19.

     
    Last edit: Bat Guano 2013-04-25
  • Bat Guano
    Bat Guano
    2013-04-29

    For me the issue is closed as the problem appears to be downright unrelated to Enigmail.

    Let me conclude with just one final word some final words on GPA. The front-end works well when I let Ubuntu install all dependencies, including an older version of GnuPG2. I gave up installing a newer set of packages because it requires research to find the right versions of some libraries and to subsequently install more than one version of the same library on my system, something that I abhor. In conjunction with GnuPG 2.0.19, GPA is thus no alternative (not yet) to Enigmail.

    Merry X-mas and a happy 2014 everybody.

     
    Last edit: Bat Guano 2013-04-29