Updated, April 21, 2018 This problem has never been solved in that sense.
I reinstalled Debian 9 and didn't import anything. My keys were all lost and I created new ones.
Hi folks,
I'm having some problems with GPG right know and hope you can help me.
Debian 9, Thunderbird 52.7.0 (64-bit), Enigmail 2.0.2, GnuPG 2.1.18
%% ------this part here is solved, the pinentry problem is still not ----- %%
I had a harddrive crash recently and had to set up the whole system from scratch. Because I couldn't do it properly I saved the .gnupg folder und now copied the whole thing to my new system at the same place. Since then, I can't use Mailencryption.
I started with the faq page: https://www.enigmail.net/index.php/en/faq?view=topic&id=14#faqLink_2
Under 'How to analyze' I tried debugging and get
Now my secret keys are all gone.
gpg --list-secret-keys gives no output and in enigmail this doesn't work either.
When I want to put them in enigmail again, the system can't see them.
Upper part was solved with this (this was a tipp from the GnuPG Users Mailinglist):
Probably, you want to do the following (as your normal user account):
find ~/.gnupg -type d -exec chmod 0700 '{}' ';'
find ~/.gnupg -type f -exec chmod 0600 '{}' ';'
if you do that, then you should be able to see some files whose names
end in ".key" in ~/.gnupg/private-keys-v1.d/, like so:
ls -l ~/.gnupg/private-keys-v1.d/*.key
if that's the case, then i recommend you ask your running gpg-agent to
shut down because it's probably confused:
gpgconf --kill gpg-agent
a new gpg-agent should start up again afterward as soon as you need it.
you can also try to see which secret keys are available like this:
gpg --with-keygrip --list-secret-keys
You should see that the keygrips listed match the files found in the
"ls" output above.
%% ------this upper part here is solved, the pinentry problem down below is still not ---- %%
%% --- this problem is still going ---- %
I tried gpg --gen-key and got even more
gpg: agent_genkey failed: Kein Pinentry
Key generation failed: Kein Pinentry
I went back to the enigmail Troubleshooting advises above under 'How to fix it' and tried further, so
is good
is good, I made this symlink thing, didn't help
is good, in my case it's
pinentry-program /usr/bin/pinentry-qt4
is good, the gnupg versions are matching
I don't need this one, because 4 was good they say
here is where I get
ERR 67108949 Kein Pinentry <GPG Agent="">
I tried this and get that some of the code is not necessary, so in short, it is
gpg-agent --debug-level expert /bin/sh
and I get
gpg-agent[9477]: enabled debug flags: cache ipc
gpg-agent[9477]: DBG: chan_3 <- OK Pleased to meet you, process 9477
gpg-agent[9477]: gpg-agent running and available
gpg-agent[9477]: DBG: chan_3 -> BYE
gpg-agent[9477]: secmem usage:0/65536 bytes in0 blocks
So this debugging doesn't work somehow and there is no other terminal window which opens as they say. I always get, that pinentry is not working, but I can't say why. With this I can't sign or decrypt mails and I'm totally stuck here.
Have you got any idea what to do?
I could really use some help. Thanks in advance.
Last edit: Paul H. Hentze 2018-06-23
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I did that and it worked with the private-keys directory, on the crtls and the openpgp-revocs I got 'No permission'.
After that I could see my private keys again with gpg --list-secret-keys
Then I tried to import the keys again, this worked as well and now I have got the problem with pinentry again.
Before I could get my private keys, I tried gpg --gen-key and this worked.
Are the problems my secret keys?
And what do I do with this pinentry thing?
Last edit: Paul H. Hentze 2018-04-16
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
That's weird. I'm sorry, but I can't help you much beyond this point. I'd suggest asking the gnupg-users@gnupg.org mailing list. I'm sure the GnuPG developers have some more ideas than me, and I'll be eager to see their answer.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When I click on that it doesn't go to the precise area where I think Mr. Hentze is referring to...
Am I not doing something correctly ? If I go to https://www.enigmail.net/index.php/en/faq?view=topic&id=14, this takes me to the same area. Is it possible to do something about this, i.e. have the link go to the precise area? Thanks
Second part
Can you please claify what issue(s) you're still having, i.e are you unable to sign emails?
When I click on that it doesn't go to the precise area where I think Mr.
Hentze is referring to...
If I go to https://www.enigmail.net/index.php/en/faq?view=topic&id=14,
this takes me to the same area. Is it possible to do something about
this, i.e. have the link go to the precise area? Thanks
No that's not possible. I already asked the developer of the "FAQ Tool".
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Second part
Can you please claify what issue(s) you're still having, i.e are you unable to sign emails?
Ok. I can encrypt mails but I can't sign or decrypt mails, cause there would be pinentry needed to open a graphic window where I can give in my key. This doesn't work.
Equally I can't use gpg --gen-key as I wrote above.
Did you already do the following? https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html
You should always add the following lines to your .bashrc or whatever initialization file is used for all shell invocations:
GPG_TTY=$(tty)
export GPG_TTY
Yes I did all this. The problem seems not to be the the gpg-agent.
And the code down below is already part of my .bashrc .
Have you got any further ideas?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Updated, April 21, 2018
This problem has never been solved in that sense.
I reinstalled Debian 9 and didn't import anything. My keys were all lost and I created new ones.
Hi folks,
I'm having some problems with GPG right know and hope you can help me.
Debian 9, Thunderbird 52.7.0 (64-bit), Enigmail 2.0.2, GnuPG 2.1.18
%% ------this part here is solved, the pinentry problem is still not ----- %%
I had a harddrive crash recently and had to set up the whole system from scratch. Because I couldn't do it properly I saved the .gnupg folder und now copied the whole thing to my new system at the same place. Since then, I can't use Mailencryption.
I started with the faq page:
https://www.enigmail.net/index.php/en/faq?view=topic&id=14#faqLink_2
Under 'How to analyze' I tried debugging and get
So I fixed that with
from here: https://superuser.com/a/954639
Now my secret keys are all gone.
gpg --list-secret-keys gives no output and in enigmail this doesn't work either.
When I want to put them in enigmail again, the system can't see them.
Upper part was solved with this (this was a tipp from the GnuPG Users Mailinglist):
Probably, you want to do the following (as your normal user account): find ~/.gnupg -type d -exec chmod 0700 '{}' ';' find ~/.gnupg -type f -exec chmod 0600 '{}' ';' if you do that, then you should be able to see some files whose names end in ".key" in ~/.gnupg/private-keys-v1.d/, like so: ls -l ~/.gnupg/private-keys-v1.d/*.key if that's the case, then i recommend you ask your running gpg-agent to shut down because it's probably confused: gpgconf --kill gpg-agent a new gpg-agent should start up again afterward as soon as you need it. you can also try to see which secret keys are available like this: gpg --with-keygrip --list-secret-keys You should see that the keygrips listed match the files found in the "ls" output above.%% ------this upper part here is solved, the pinentry problem down below is still not ---- %%
%% --- this problem is still going ---- %
I tried gpg --gen-key and got even more
I went back to the enigmail Troubleshooting advises above under 'How to fix it' and tried further, so
pinentry-program /usr/bin/pinentry-qt4
ERR 67108949 Kein Pinentry <GPG Agent="">
and I get
So this debugging doesn't work somehow and there is no other terminal window which opens as they say. I always get, that pinentry is not working, but I can't say why. With this I can't sign or decrypt mails and I'm totally stuck here.
Have you got any idea what to do?
I could really use some help. Thanks in advance.
Last edit: Paul H. Hentze 2018-06-23
There are subdirectories in ~/.gnupg - you might need to chown/chmod them as well.
I did that and it worked with the private-keys directory, on the crtls and the openpgp-revocs I got 'No permission'.
After that I could see my private keys again with gpg --list-secret-keys
Then I tried to import the keys again, this worked as well and now I have got the problem with pinentry again.
Before I could get my private keys, I tried gpg --gen-key and this worked.
Are the problems my secret keys?
And what do I do with this pinentry thing?
Last edit: Paul H. Hentze 2018-04-16
What happens if you do:
Works fine. I get the response in the terminal and the graphical window opens as well.
Then I'd think that gpg --gen-key should work equally. Please killall gpg-agent and try again to create a new key.
No, this doesn't work.
As before I get
That's weird. I'm sorry, but I can't help you much beyond this point. I'd suggest asking the gnupg-users@gnupg.org mailing list. I'm sure the GnuPG developers have some more ideas than me, and I'll be eager to see their answer.
First part is for Mr. Brunschwig, second part is for Mr. Hentze...
First part
I have a question about the link, i.e.
https://www.enigmail.net/index.php/en/faq?view=topic&id=14#faqLink_2
When I click on that it doesn't go to the precise area where I think Mr. Hentze is referring to...
Am I not doing something correctly ? If I go to https://www.enigmail.net/index.php/en/faq?view=topic&id=14, this takes me to the same area. Is it possible to do something about this, i.e. have the link go to the precise area? Thanks
Second part
Can you please claify what issue(s) you're still having, i.e are you unable to sign emails?
Did you already do the following?
https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html
You should always add the following lines to your .bashrc or whatever initialization file is used for all shell invocations:
GPG_TTY=$(tty)
export GPG_TTY
Sincerely,
Daniel Villarreal
Last edit: danielv 2018-04-22
No that's not possible. I already asked the developer of the "FAQ Tool".
Have you got any further ideas?