I am new to using Ubuntu/Linux systems and I've been trying to set up Enigmail with Thunderbird running on Ubuntu 15.10. I'm sure that this is a very simple problem to solve, but I have exactly 90 mins experience of working on this OS.
At the moment nothing seems to be working correctly. I have installed the Enigmail extension in Thunderbird and gone through the key creation process. The first hint that all is not well is when attempting to create a revocation certificate - Enigmail complains that a pass phrase was not entered but does not prompt for a passphrase. I believe that Enigmail is attempting to retrieve the passphrase from gpg-agent and failing.
In the preferences diaglogue, if I attempt to change the 'remember pass phrase for...' setting I get the error "Cannot connect to gpg-agent..." Thinking that there might be some sort of conflict with gnome-keyring I have disabled gnome-keyring in start up applications and restarted the machine. The same errors occur.
In the terminal, I can run gpg --list-keys and see the key that I created. If I type gpg-agent I get the message "no gpg-agent running in this session."
Can anyone provide some suggestions about what I should do next?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Here's how I solved the "gpg-agent" issue on Mint 17.3 Cinnamon (Ubuntu 14.04 based but should be the same in this respect). I also disable keyring for ssh since I prefer to use ssh-add.
Thanks, but the advice in the FAQ is to check pinentry, which I've done and it displays the hello world message outside of the terminal. The next step is to add a line to the .conf file. Except I can't because it's owned by root so I can't save changes in gedit and I don't know how to edit this file in the terminal.
I also tried the pkill -f .... but this had no effect.
I feel that I'm out of my depth here trying to get this to work!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You should have a ~/.gnupg/gpg-agent.conf, which should be "yours".
I added "pinentry-program /usr/bin/pinentry" here, and now it works - at least a bit: the password is not remembered anymore.
I had this experience using Lubuntu 15.10, where Enigmail 1.9 complained about pinentry; it differs from the behavior unter Lubuntu 15.4, where there was the gpg-agent issue.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
After adding "use-standard-socket" in ~/.gnupg/gpg-agent.conf, it didn't work anymore, even not after again deleting "use-standard-socket" and logging out and in again.
gpg-agent--debug-levelexpert--use-standard-socket--daemon/bin/shgpg-agent[2185]:enableddebugflags:commandcacheassuangpg-agent[2185]:EswirdaufSocket`/home/u/.gnupg/S.gpg-agent' gehörtgpg-agent[2186]: gpg-agent (GnuPG) 2.0.28 started$ gpg-agent[2186]: Handhabungsroutine 0x812f1730 für fd 6 gestartetgpg-agent[2186]: chan_6 -> OK Pleased to meet you, process 2189gpg-agent[2186]: chan_6 <- RESETgpg-agent[2186]: chan_6 -> OKgpg-agent[2186]: chan_6 <- OPTION display=:0.0gpg-agent[2186]: chan_6 -> OKgpg-agent[2186]: chan_6 <- OPTION xauthority=/home/user/.Xauthoritygpg-agent[2186]: chan_6 -> OKgpg-agent[2186]: chan_6 <- OPTION putenv=XMODIFIERS=@im=ibusgpg-agent[2186]: chan_6 -> OKgpg-agent[2186]: chan_6 <- OPTION putenv=GTK_IM_MODULE=ximgpg-agent[2186]: chan_6 -> OKgpg-agent[2186]: chan_6 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-N4V7jzAeyQgpg-agent[2186]: chan_6 -> OKgpg-agent[2186]: chan_6 <- OPTION putenv=QT_IM_MODULE=ibusgpg-agent[2186]: chan_6 -> OKgpg-agent[2186]: chan_6 <- OPTION allow-pinentry-notifygpg-agent[2186]: chan_6 -> OKgpg-agent[2186]: chan_6 <- AGENT_IDgpg-agent[2186]: chan_6 -> ERR 67109139 Unbekanntes IPC Kommando <GPG Agent>gpg-agent[2186]: chan_6 <- GETINFO cmd_has_option GET_PASSPHRASE repeatgpg-agent[2186]: chan_6 -> OKgpg-agent[2186]: chan_6 <- GET_PASSPHRASE --data --repeat=0 -- 6834495E4BD55B8B990FCC1A984A3A08F502B27B X X Sie+benötigen+eine+Passphrase,+um+den+geheimen+OpenPGP+Schlüssel+zu+entsperren.%0ABenutzer:+%22Matthias+Bergt+<XXX>%22%0A4096-bit+RSA+Schlüssel,+ID+FYYYY,+erzeugt+2012-12-22+(Hauptschlüssel-ID+ZZZ)%0Agpg-agent[2186]: DBG: agent_get_cache `6834495E4BD55B8B990FCC1A984A3A08F502B27B'...gpg-agent[2186]:DBG:...missgpg-agent[2186]:startinganewPINEntrygpg-agent[2186]:chan_7<-OKPleasedtomeetyou,process2186gpg-agent[2186]:DBG:connectiontoPINentryestablishedgpg-agent[2186]:chan_7->OPTIONgrabgpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->OPTIONttyname=/dev/pts/0gpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->OPTIONttytype=xtermgpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->OPTIONallow-external-password-cachegpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->OPTIONdefault-ok=_OKgpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->OPTIONdefault-cancel=_Abbrechengpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->OPTIONdefault-yes=_Jagpg-agent[2186]:chan_7<-ERR83886254UnbekannteOption<Pinentry>gpg-agent[2186]:chan_7->OPTIONdefault-no=_Neingpg-agent[2186]:chan_7<-ERR83886254UnbekannteOption<Pinentry>gpg-agent[2186]:chan_7->OPTIONdefault-prompt=PIN:gpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->OPTIONdefault-pwmngr=ImPasswordmanager_speicherngpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->OPTIONdefault-cf-visi=MöchtenSiedieeingegebenePassphrasewirklichaufdemBildschirmsichtbarmachen?gpg-agent[2186]:chan_7<-ERR83886254UnbekannteOption<Pinentry>gpg-agent[2186]:chan_7->OPTIONdefault-tt-visi=DiePassphrasesichtbarmachengpg-agent[2186]:chan_7<-ERR83886254UnbekannteOption<Pinentry>gpg-agent[2186]:chan_7->OPTIONdefault-tt-hide=Passphraseunsichtbarmachengpg-agent[2186]:chan_7<-ERR83886254UnbekannteOption<Pinentry>gpg-agent[2186]:chan_7->OPTIONtouch-file=/home/user/.gnupg/S.gpg-agentgpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->GETINFOpidgpg-agent[2186]:chan_7<-D2193gpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_6->INQUIREPINENTRY_LAUNCHED2193gpg-agent[2186]:chan_6<-ENDgpg-agent[2186]:chan_7->SETKEYINFOu/6834495E4BD55B8B990FCC1A984A3A08F502B27Bgpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->SETDESCSiebenötigeneinePassphrase,umdengeheimenOpenPGPSchlüsselzuentsperren.%0ABenutzer:%22MatthiasBergt<X>%22%0A4096-bitRSASchlüssel,IDYYY,erzeugt2012-12-22(Hauptschlüssel-IDZZZ)%0Agpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->SETPROMPTPassphrasegpg-agent[2186]:chan_7<-OKgpg-agent[2186]:chan_7->[[Confidential data not shown]]gpg-agent[2186]:chan_7<-[[Confidential data not shown]]gpg-agent[2186]:chan_7<-[[Confidential data not shown]]gpg-agent[2186]:chan_7->BYEgpg-agent[2186]:DBG:agent_put_cache`6834495E4BD55B8B990FCC1A984A3A08F502B27B'requestedttl=0mode=3gpg-agent[2186]:chan_6->[[Confidential data not shown]]gpg-agent[2186]:chan_6->[[Confidential data not shown]]gpg-agent[2186]:chan_6<-[eof]gpg-agent[2186]:Handhabungsroutine0x812f1730fürdenfd6beendetgpg-agent[2186]:Handhabungsroutine0x812f1ef0fürfd7gestartetgpg-agent[2186]:chan_7->OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6<-OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6->GETINFOpidgpg-agent[2186]:chan_7<-GETINFOpidgpg-agent[2186]:chan_7->D2186gpg-agent[2186]:chan_7->OKgpg-agent[2186]:chan_6<-D2186gpg-agent[2186]:chan_6<-OKgpg-agent[2186]:chan_6->BYEgpg-agent[2186]:chan_7<-BYEgpg-agent[2186]:chan_7->OKclosingconnectiongpg-agent[2186]:Handhabungsroutine0x812f1ef0fürdenfd7beendetgpg-agent[2186]:Handhabungsroutine0x812f1ef0fürfd7gestartetgpg-agent[2186]:chan_7->OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6<-OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6->GETINFOpidgpg-agent[2186]:chan_7<-GETINFOpidgpg-agent[2186]:chan_7->D2186gpg-agent[2186]:chan_7->OKgpg-agent[2186]:chan_6<-D2186gpg-agent[2186]:chan_6<-OKgpg-agent[2186]:chan_6->BYEgpg-agent[2186]:chan_7<-BYEgpg-agent[2186]:chan_7->OKclosingconnectiongpg-agent[2186]:Handhabungsroutine0x812f1ef0fürdenfd7beendetgpg-agent[2186]:Handhabungsroutine0x812f1ef0fürfd7gestartetgpg-agent[2186]:chan_7->OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6<-OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6->GETINFOpidgpg-agent[2186]:chan_7<-GETINFOpidgpg-agent[2186]:chan_7->D2186gpg-agent[2186]:chan_7->OKgpg-agent[2186]:chan_6<-D2186gpg-agent[2186]:chan_6<-OKgpg-agent[2186]:chan_6->BYEgpg-agent[2186]:chan_7<-BYEgpg-agent[2186]:chan_7->OKclosingconnectiongpg-agent[2186]:Handhabungsroutine0x812f1ef0fürdenfd7beendetgpg-agent[2186]:Handhabungsroutine0x812f1ef0fürfd7gestartetgpg-agent[2186]:chan_7->OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6<-OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6->GETINFOpidgpg-agent[2186]:chan_7<-GETINFOpidgpg-agent[2186]:chan_7->D2186gpg-agent[2186]:chan_7->OKgpg-agent[2186]:chan_6<-D2186gpg-agent[2186]:chan_6<-OKgpg-agent[2186]:chan_6->BYEgpg-agent[2186]:chan_7<-BYEgpg-agent[2186]:chan_7->OKclosingconnectiongpg-agent[2186]:Handhabungsroutine0x812f1ef0fürdenfd7beendetgpg-agent[2186]:Handhabungsroutine0x812f1730fürfd6gestartetgpg-agent[2186]:chan_6->OKPleasedtomeetyou,process2254gpg-agent[2186]:chan_6<-RESETgpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-OPTIONttyname=/dev/pts/3gpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-OPTIONttytype=xtermgpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-OPTIONdisplay=:0.0gpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-OPTIONxauthority=/home/user/.Xauthoritygpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-OPTIONputenv=XMODIFIERS=@im=ibusgpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-OPTIONputenv=GTK_IM_MODULE=ximgpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-OPTIONputenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-N4V7jzAeyQgpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-OPTIONputenv=QT_IM_MODULE=ibusgpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-OPTIONlc-ctype=de_DE.UTF-8gpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-OPTIONlc-messages=de_DE.UTF-8gpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-getinfoversiongpg-agent[2186]:chan_6->D2.0.28gpg-agent[2186]:chan_6->OKgpg-agent[2186]:chan_6<-[eof]gpg-agent[2186]:Handhabungsroutine0x812f1730fürdenfd6beendetgpg-agent[2186]:Handhabungsroutine0x812f1ef0fürfd7gestartetgpg-agent[2186]:chan_7->OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6<-OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6->GETINFOpidgpg-agent[2186]:chan_7<-GETINFOpidgpg-agent[2186]:chan_7->D2186gpg-agent[2186]:chan_7->OKgpg-agent[2186]:chan_6<-D2186gpg-agent[2186]:chan_6<-OKgpg-agent[2186]:chan_6->BYEgpg-agent[2186]:chan_7<-BYEgpg-agent[2186]:chan_7->OKclosingconnectiongpg-agent[2186]:Handhabungsroutine0x812f1ef0fürdenfd7beendetgpg-agent[2186]:Handhabungsroutine0x812f1ef0fürfd7gestartetgpg-agent[2186]:chan_7->OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6<-OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6->GETINFOpidgpg-agent[2186]:chan_7<-GETINFOpidgpg-agent[2186]:chan_7->D2186gpg-agent[2186]:chan_7->OKgpg-agent[2186]:chan_6<-D2186gpg-agent[2186]:chan_6<-OKgpg-agent[2186]:chan_6->BYEgpg-agent[2186]:chan_7<-BYEgpg-agent[2186]:chan_7->OKclosingconnectiongpg-agent[2186]:Handhabungsroutine0x812f1ef0fürdenfd7beendetgpg-agent[2186]:Handhabungsroutine0x812f1ef0fürfd7gestartetgpg-agent[2186]:chan_7->OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6<-OKPleasedtomeetyou,process2186gpg-agent[2186]:chan_6->GETINFOpidgpg-agent[2186]:chan_7<-GETINFOpidgpg-agent[2186]:chan_7->D2186gpg-agent[2186]:chan_7->OKgpg-agent[2186]:chan_6<-D2186gpg-agent[2186]:chan_6<-OKgpg-agent[2186]:chan_6->BYEgpg-agent[2186]:chan_7<-BYEgpg-agent[2186]:chan_7->OKclosingconnectiongpg-agent[2186]:Handhabungsroutine0x812f1ef0fürdenfd7beendetgpg-agent[2186]:Handhabungsroutine0x812f1730fürfd6gestartetgpg-agent[2186]:chan_6->OKPleasedtomeetyou,process2282gpg-agent[2186]:chan_6<-BYEgpg-agent[2186]:chan_6->OKclosingconnectiongpg-agent[2186]:Handhabungsroutine0x812f1730fürdenfd6beendet
"gpgconf --check-programs"
reports:
gpg:GPGforOpenPGP:/usr/bin/gpg2:1:1:gpg-agent:GPGAgent:/usr/bin/gpg-agent:1:1:gpgconf:FehlerbeiAusführungvon`/usr/lib/gnupg2/scdaemon': wahrscheinlich nicht installiertscdaemon:Smartcard Daemon:/usr/lib/gnupg2/scdaemon:0:0:gpgconf: Fehler bei Ausführung von `/usr/bin/gpgsm':wahrscheinlichnichtinstalliertgpgsm:GPGforS/MIME:/usr/bin/gpgsm:0:0:gpgconf:FehlerbeiAusführungvon`/usr/bin/dirmngr':wahrscheinlichnichtinstalliertdirmngr:DirectoryManager:/usr/bin/dirmngr:0:0:
Any ideas?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If you actually USE a SmartCard (OpenPGP SmartCard 2.0 / NitroKey / YubiKey Neo / ...), there are quite some further hurdles (different thread, please).
Last edit: Olav Seyfarth 2016-02-28
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I don't use a smartcard, that's just the output of "gpgconf --check-programs". Or does it mean something that scdeamon appears there? Then I would apreciate a hint where to fix this.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi there,
I am new to using Ubuntu/Linux systems and I've been trying to set up Enigmail with Thunderbird running on Ubuntu 15.10. I'm sure that this is a very simple problem to solve, but I have exactly 90 mins experience of working on this OS.
At the moment nothing seems to be working correctly. I have installed the Enigmail extension in Thunderbird and gone through the key creation process. The first hint that all is not well is when attempting to create a revocation certificate - Enigmail complains that a pass phrase was not entered but does not prompt for a passphrase. I believe that Enigmail is attempting to retrieve the passphrase from gpg-agent and failing.
In the preferences diaglogue, if I attempt to change the 'remember pass phrase for...' setting I get the error "Cannot connect to gpg-agent..." Thinking that there might be some sort of conflict with gnome-keyring I have disabled gnome-keyring in start up applications and restarted the machine. The same errors occur.
In the terminal, I can run gpg --list-keys and see the key that I created. If I type gpg-agent I get the message "no gpg-agent running in this session."
Can anyone provide some suggestions about what I should do next?
Hi, there are quite some reports with issues concerning the Gnome Keyring hindering gpg-agent to fulfil its tasks. Please check out our FAQ here: https://www.enigmail.net/index.php/en/faq?view=category&id=11#faqLink_2
Here's how I solved the "gpg-agent" issue on Mint 17.3 Cinnamon (Ubuntu 14.04 based but should be the same in this respect). I also disable keyring for ssh since I prefer to use ssh-add.
(default install)
(install gnupg2)
mv /etc/xdg/autostart/gnome-keyring-gpg.desktop /etc/xdg/autostart/gnome-keyring-gpg.desktop.disabled
echo "use-agent" >>~/.gnupg/gpg.conf
(import your keys)
(reboot)
Note that you need a new session, thus either log out and back in or simply reboot.
Last edit: Olav Seyfarth 2016-03-03
(Comming from here) It’s not working for me, either.
^ This file didn't exist in my installation. Instead I have
Also
gnupg-doc
had no installation candidate, but that should be OK, shouldn't it?!Thanks, but the advice in the FAQ is to check pinentry, which I've done and it displays the hello world message outside of the terminal. The next step is to add a line to the .conf file. Except I can't because it's owned by root so I can't save changes in gedit and I don't know how to edit this file in the terminal.
I also tried the pkill -f .... but this had no effect.
I feel that I'm out of my depth here trying to get this to work!
You should have a ~/.gnupg/gpg-agent.conf, which should be "yours".
I added "pinentry-program /usr/bin/pinentry" here, and now it works - at least a bit: the password is not remembered anymore.
I had this experience using Lubuntu 15.10, where Enigmail 1.9 complained about pinentry; it differs from the behavior unter Lubuntu 15.4, where there was the gpg-agent issue.
After adding "use-standard-socket" in ~/.gnupg/gpg-agent.conf, it didn't work anymore, even not after again deleting "use-standard-socket" and logging out and in again.
Step 6 of https://enigmail.net/index.php/en/faq?view=category&id=14 shows the following error message:
(unknown PIC command) and after entering my passphrase:
(unknown option) (several times).
I wonder whether I actally have to reboot?!
I will test and report
OK: Reboot helps, but so does "killall gpg-agent".
Still: Adding "use-standard-socket" in ~/.gnupg/gpg-agent.conf, pinentry does not work anymore.
With just
in ~/.gnupg/gpg-agent.conf, the passphrase will not be cached, which is really annoying.
Logged messages (with "gpg-agent --debug-level expert --use-standard-socket --daemon /bin/sh"):
"gpgconf --check-programs"
reports:
Any ideas?
This one is probably not suited. Which pinentry variants do you have installed? pinentry-qt? pinentry-gtk?
Could you please try one of them?
Last edit: Ludwig Hügelschäfer 2016-02-28
I changed the setting to pinentry-qt4 (-gtk is not installed) - no changes.
In addition, I tried:
and got:
which seems to refer to the IPC problem I already mentioned.
Last edit: Matthias Bergt 2016-02-28
If you still have "use-standard-socket" active, try disabling it.
No, with "use-standard-socket", it doesn't work at all.
If you play with parameters in gpg-agent.conf, make sure to logout/login before you test.
Log out & in again was not enough - I either had to reboot or killall gpg-agent.
If you actually USE a SmartCard (OpenPGP SmartCard 2.0 / NitroKey / YubiKey Neo / ...), there are quite some further hurdles (different thread, please).
Last edit: Olav Seyfarth 2016-02-28
I don't use a smartcard, that's just the output of "gpgconf --check-programs". Or does it mean something that scdeamon appears there? Then I would apreciate a hint where to fix this.
No, scdaemon is a standard component of GnuPG 2.
Call me and I'll give you a kickstart. Report your lessons learned here afterwards.
<--