Menu

gpg-agent

2016-02-26
2016-04-19
1 2 > >> (Page 1 of 2)
  • Tom Bradschetl

    Tom Bradschetl - 2016-02-26

    Upon handling encrypted messages, I get:

    GnuPG reported an error in the communication with gpg-agent (a component of GnuPG).

    This is a system setup or configuration error that prevents Enigmail from working properly and cannot be fixed automatically.

    We strongly recommend that you consult our support web site at https://enigmail.net/faq.

    Decryption works nonetheless. Sending messages, however, gets aborted with this message. After checking out the FAQ, I got stuck in step 4.

    $ gpg-connect-agent <<EOT
    GETINFO version
    EOT
    ERR 280 not implemented
    

    None of the suggested remedies did the trick for me. Problem persists after I disabled the gnome-manager on startup.

     
  • Patrick Brunschwig

    Did you restart your PC after disabling gnome-keyring?

     
  • Tom Bradschetl

    Tom Bradschetl - 2016-02-26

    Sure.

     
  • Tom Bradschetl

    Tom Bradschetl - 2016-02-26

    Some more info:

    MATE Desktop Environment 1.8.1
    Icedove 38.5.0
    Enigmail version 1.9 (20160223-1641)

    $ echo $GPG_AGENT_INFO
    /run/user/1000/keyring/gpg:0:1
    
     

    Last edit: Tom Bradschetl 2016-02-26
  • Tom Bradschetl

    Tom Bradschetl - 2016-02-26

    Did that:

    $ cp /etc/xdg/autostart/gnome-keyring-gpg.desktop ~/.config/autostart/
    $ echo "Hidden=true" >> ~/.config/autostart/gnome-keyring-gpg.desktop
    // rebbot
    

    Problem persists

    $ sudo dpkg-divert --local --rename --divert /etc/xdg/autostart/gnome-keyring-gpg.desktop-disable --add /etc/xdg/autostart/gnome-keyring-gpg.desktop
    // reboot
    

    Problrem persists

    $ echo "NoDisplay=false" >> ~/.config/autostart/gnome-keyring-gpg.desktop
    // reboot
    

    Problem persists

     

    Last edit: Tom Bradschetl 2016-02-26
  • Ludwig Hügelschäfer

    Please add the following line to ~/.gnupg/gpg-agent.conf

    use-standard-socket

    Let us know if this works - if yes, we'll add an FAQ entry for it.

     
  • Tom Bradschetl

    Tom Bradschetl - 2016-02-27

    Did that and got…

    $ cat .gnupg/gpg-agent.conf 
    pinentry-program /usr/local/bin/pinentry-gtk
    use-standard-socket
    

    Still the same problem after rebooting, though.

     
  • Tom Bradschetl

    Tom Bradschetl - 2016-02-28

    This one works as described:

    $ pinentry <<EOT
    SETDESC Hello World
    CONFIRM
    EOT
    

    This one returns ERR 280 not implemented:

    $ gpg-connect-agent <<EOT
    GETINFO version
    EOT
    
     

    Last edit: Tom Bradschetl 2016-02-28
  • Ludwig Hügelschäfer

    The "ERR 280 not implemented:" comes from the still active gnome keyring. As you're using Mate Desktop - which is a fork of Gnome 2 - the instructions to disable gnome keyring obviously did not work, probably because they refer to a recent Gnome (3) keyring.

    I recommend to open a question in a Mate Desktop support forum/newsgroup/mailing list - you probably get more support from people with this special environment.

    Sorry, that I couldn't help further.

     
    • Tom Bradschetl

      Tom Bradschetl - 2016-02-28

      Just headed over there to find that somebody already opened a thread. ;-)

       
    • Hans

      Hans - 2016-02-28

      The Mate project made its own fork mate-keyring which set up its sockets in other locations than gnome-keyring.  But they dropped it later, using gnome-keyring again.  So there are machines around still using mate-keyring, some upgraded having both, and new installations with gnome-keyring only.

      On an older machine with mate-keyring I could simply disable its gpg component via Mate's desktop settings autostart GUI and it works fine with gpg-agent.

      On a newer machine with gnome-keyring it keeps hijacking gpg-agent even with its gpg component disabled!  Maybe I have do disable its ssh component too, will try tomorrow.

       
      • Hans

        Hans - 2016-02-29

        No luck… disabling gpg and ssh via dpkg --divert / rebooting does not help, gnome-keyring still sets up all four sockets and $GPG_AGENT_INFO.
        I see this as a serious bug in Mate's gnome-keyring.

         
  • Tom Bradschetl

    Tom Bradschetl - 2016-02-28

    Just tried

    $ sudo apt-get remove gnome-keyring 
    $ sudo reboot
    

    Same error, but decryption stopped working. However, now step 4 works and I have

    $ gpg-connect-agent <<EOT
    GETINFO version
    EOT
    D 2.0.26
    OK
    

    In step 5, however:

    gpg-connect-agent <<EOT
    GET_CONFIRMATION Hello
    EOT
    ERR 67108949 No pinentry <GPG Agent>
    
     
  • Ludwig Hügelschäfer

    You have no pinentry executable specified. Install a suited one - pintentry-gtk or pinentry-qt4 and enter it into your gpg-agent.conf file:

    pinentry-program <path-to-your-pinentry-executable>
    
     
  • Tom Bradschetl

    Tom Bradschetl - 2016-02-28

    … So I did some debugging as described in step 6 and I found:

    …
    gpg-agent[1674]: chan_7 <- ERR 67109133 can't exec `/usr/local/bin/pinentry': No such file or directory
    …
    

    Resetting .gnupg/gpg-agent.conf to the correct location of pinentry finally did the trick for me.

    $ whereis pinentry
    pinentry: /usr/bin/pinentry /usr/share/man/man1/pinentry.1.gz
    $ # …
    $ cat .gnupg/gpg-agent.conf 
    pinentry-program /usr/bin/pinentry
    use-standard-socket
    
     
  • Olav Seyfarth

    Olav Seyfarth - 2016-03-03

    I suspect your binary is /usr/bin/pinentry-gtk-2, which is linked to from /usr/bin/pinentry. But the question is, where /usr/local/bin/pinentry came from - anything must be wrongly set in ~/.gnupg/gpg.conf or any other user/system GnuPG config file!

     
  • Jose Fazenda

    Jose Fazenda - 2016-03-10

    Hi !

    / Debian 8
    / Thunderbird 38.6
    / Enigmail 1.9.1

    I just added Enigmail to Thunderbird and I am getting the same error when receiving or sending encrypted emails :

    "GnuPG reported an error in the communication with gpg-agent (a component of GnuPG)..."

    but ... encryption seems to be working fine on both directions

    Any suggestions on how to resolve this problem ?
    Note I also have Thunderbird/Enigmail uptodate version on Windows and it's woking fine.

     
  • Ludwig Hügelschäfer

    Jose: Encryption doesn't need a passphrase, so this might explain something. Decryption and signing requires a passphrase.

    Did you check this FAQ:

    https://www.enigmail.net/index.php/en/faq?view=category&id=11#faqLink_2

     
    • Jose Fazenda

      Jose Fazenda - 2016-03-11

      Thaanks Ludwig,

      I understand that Encryption doesn't require a passphrase but the same message appears when I start a new email to an address that already has an encryption key or when I open a new encrypted email I receive (pls see attached).

      In both cases encryption and decryption worked well. However, I noticed I was only asked for a passphrase when I started Thunderbird with Enigmail the first time.

      I looked through the FAQs, but I didn't find a situation similar to mine (same software and same message).

      I noticed that the encryption keys I imported into Enigmail's Key Manager also appeared in the Genome Keyring. It looks like I have two key managers working simultaneously, but I also saw that in Windows with Kleopatra and didn't have any problems.

      I have been using thundrebird/enigma for a few years on a windows machine without any problems and I am familiar with the settings. I also used it some time ago and for a short period, on Debian machine with previous versions of the same software and it worked well. That's the reason why I thought of taking my email back to Linux. This problem only appeared now.

      My experience with Debian is very limited, mainly because everything I am have been using has worked very easily and only very rarely I had to use terminal and command line (often just to learn a bit more).

      I will appreciate any suggestions you can give me.

       
      • Ludwig Hügelschäfer

        Jose,

        I think you have not found the suited FAQ entry. Please follow this link and scroll a little bit. It is the first item below "Troubleshooting" named "Resolving issues with GnuPG 2.x and gpg-agent". Click on it and it should expand.

         
      • Olav Seyfarth

        Olav Seyfarth - 2016-03-12

        I noticed I was only asked for a passphrase when I started Thunderbird with Enigmail the first time.

        Yes, that's default for integrated keyring managers: they default to keeping a secret for the user login session (and don't differ between caching for decryption and for signing, which I consider a most valuable feature og gpg-agent).

        I noticed that the encryption keys I imported into Enigmail's Key Manager also appeared in the Genome Keyring.

        In fact, there is no such thing as an Enigmail or Gnome keyring: For OpenPGP, it's always the keyring managed by GnuPG which is only accessed by Enigmail (and Gnome, which only caches secret keys and has a very limited feature set). Kleopatra (which is part of KDE and only ported to Windows) is a full-featured frontend to manage GnuPG keyrings.

         

        Last edit: Olav Seyfarth 2016-03-12
  • Jose Fazenda

    Jose Fazenda - 2016-03-12

    Hi Ludwig,

    I had skipped that section because it says " These instructions are for gpg-agent only. If you use an agent like gnome-keyring, seahorse-agent ..., then these instructions don't apply." Now I have been through it and found:

    1. I got the expected graphic window.
    2. I do not have a gpg-agent.conf file
    3. I got the error message "ERR 280 not implemented"
    4. I added "use-agent" to gpg.conf, rebooted and now...

    / The message ""GnuPG reported an error in the communication with gpg-agent (a component of GnuPG)..." disappeared and I am not asked for a passphrage, but ...
    / Messages are neither decryted nor encrypted.

    I suspect the Genome Keyring must be disabled because a statement I found elsewhere in the troubleshooting - "gpg-agent is a mandatory component of GnuPG 2.x. That's a design decision taken by the GnuPG developers, which cannot be influenced by Enigmail. It is not possible to use GnuPG 2.x without gpg-agent.

    Can you help me
    / Activate gpg-agent and direct Enigmail to it
    / Disable Debian Genome Keyring if not possible to have both running.

    Comment: The GPG4Win (v2.3) and Enigmail (1.9.1) I have in the WinPC are not giving me any troubles, but I already disabled automatic update because I am afraid of the consequences.

    Thanks for your patience.

     
1 2 > >> (Page 1 of 2)

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.