Hans, Enigmail only needs GPG_AGENT_INFO as an indication of a running gpg-agent, if the installed gpg is below version 2.0.16.
From 2.0.16 on, gpg starts a gpg-agent instance if necessary, and it runs for the session from then on. Gpg 2.0.16 (dated July 2010) or newer should be included in all recent Linux distributions.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ludwig, sorry, not totally true, at least not here. Now, after work, I'm sitting here at yet another machine with a quite recent and up-to-date install of Linux Mint Debian Edition 2 (Betsy, Debian Jessie based) with Mate Desktop 1.12.0 . I just restarted TB causing Enigmail updating from 1.8.2 to 1.9 and getting the same trouble.
A pristine and updated LMDE2 Mate Distro currently brings gpg 1.4.18-7 and gpg2 2.0.26-6 . gpg-agent is therefore installed, but is not started. gnome-keyring 3.14.0.2+betsy is installed and started with all its four components via four entries in /etc/xdg/autostart/ : it sets GPG_AGENT_INFO pointing to its socket at /run/user/1000/keyring/gpg:0:1 .
In terminal echo | gpg2 --sign complains about hijacking, so gpg-agent is either not started or not recognized.
Manually starting gpg-agent --daemon does not change GPG_AGENT_INFO and the above gpg2 command still complains about hijacking, so the now running gpg-agent is still not recognized. Even not after reboot with autostarting it.
Unsetting GPG_AGENT_INFO (or sourcing ~/.gpg-agent-info) in terminal helps: the above gpg2 command now works quietly.
Likewise, Enigmail 1.9 still complains, the now running gpg-agent is not recognized. Restarting Thunderbird via Patrick's wrapper (either unsetting GPG_AGENT_INFO or sourcing ~/.gpg-agent-info) helps: Enigmail now works well and quietly. No reboot needed.
Stopping TB, killing pgp-agent, restarting TB via the wrapper: Enigmail works, a new pgp-agent process was started. So far you're right, BUT: Obviously gpg2 follows GPG_AGENT_INFO if set, but does not set or change it when starting gpg-agent. Huh? (Which explains why Enigmail is not in a position to follow ~/.gpg-agent-info, I see now.)
To summarize my conclusions for LMDE2 Mate: mate-keyring was well-behaved and allowed gpg-agent to do its work or rather used it directly. Current gnome-keyring is impossible to keep from interfering. I do not need to set up an autostart for gpg-agent, but I need a wrapper script for Thunderbird unsetting GPG_AGENT_INFO or pointing it away from gnome-keyrings's socket to gpg-agent's socket. Finally, solved for me. Phew.
Thanks to all, Hans
Last edit: Hans 2016-02-29
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Linux is not Windows - you cannot change the content of an environment variable globally. You can only change an environment variable for the current process and all its child processes. And you cannot have a child process change the environment variable for its parent process.
My suggestion is this: edit your ~/.xinitrc or ~/.xsessionrc file (whichever you have) and add the following two lines at the end of the file. This should overwrite the existing value of GPG_AGENT_INFO for your session.
eval $(gpg-agent --daemon)
export GPG_AGENT_INFO
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am aware of that. This was what Tom's unanswered question was about.
In LMDE Mate there are neither ~/.xinitrc nor ~/.xsessionrc. (There is a /etc/X11/Xsession.d/90gpg-agent — which does not start gpg-agent if GPG_AGENT_INFO is already set.)
So I created ~/.xsessionrc per your suggestion (~/.xinitrc was not recognized here) with the additional --use-standard-socket option. Unfortunately this does not work because gnome-keyring is slower (its socket stats about 0.1 seconds younger than gpg-agent's) so it wins again overwriting GPG_AGENT_INFO…
Thus, for me the simplest working solution so far remains the wrapper script for TB (and any other uses of gpg2).
Last edit: Hans 2016-03-01
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hey!
I'm coming here to report the same problem with Enigmail, on my 2 computers running on Debian 8 Jessie
Icedove v38.6.0 (Thunderbird by Debian....) + Enigmail version 1.9.1 (20160306-1158)
System fully updated today.
Crypt a mail, it's ok.
Sign the message, it's impossible, same error message as your screenshot on 1st page.
Decrypt a received mail, I put my password, then the same error message is coming, but the mail is shown without problem...
I don't remember well, but I think this error message as came after an update (which one, I'm not sure...)
Everything is fine on the windows7 with Thunderbird...
I hope it will help, and this major issue will be solved soon ;)
Good luck!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In every case you should ensure that the files to be moved already exist. If not, or you're feeling unsafe, please ask for advice on Debian support channels. You could also ask on our mailing list (enigmail-users@enigmail.net), as the Debian mainainer for Enigmail and GnuPG is an active member there.
It's no wonder, why gpg-agent works out of the box on Windows and Mac OS X: There is simply no other software which could interfere like Gnome Keyring or KDE-Wallet on linux systems.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Ludwig,
I'm using SeaMonkey/2.40 as email client in Debian 8, and having the same communication issue with the gpg-agent; Where is the log file created by enigmail? In the support page I cannot find too much information. the version of gpg-agent is 2.0.26. Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The log file isn't created on disk, it's held in memory. In order to view it, go to: Menu -> Enigmail -> Debugging options -> View Log. There you can inspect it and/or save to disk.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hans, Enigmail only needs GPG_AGENT_INFO as an indication of a running gpg-agent, if the installed gpg is below version 2.0.16.
From 2.0.16 on, gpg starts a gpg-agent instance if necessary, and it runs for the session from then on. Gpg 2.0.16 (dated July 2010) or newer should be included in all recent Linux distributions.
Ludwig, sorry, not totally true, at least not here. Now, after work, I'm sitting here at yet another machine with a quite recent and up-to-date install of Linux Mint Debian Edition 2 (Betsy, Debian Jessie based) with Mate Desktop 1.12.0 . I just restarted TB causing Enigmail updating from 1.8.2 to 1.9 and getting the same trouble.
A pristine and updated LMDE2 Mate Distro currently brings gpg 1.4.18-7 and gpg2 2.0.26-6 . gpg-agent is therefore installed, but is not started. gnome-keyring 3.14.0.2+betsy is installed and started with all its four components via four entries in /etc/xdg/autostart/ : it sets GPG_AGENT_INFO pointing to its socket at /run/user/1000/keyring/gpg:0:1 .
In terminal
echo | gpg2 --signcomplains about hijacking, so gpg-agent is either not started or not recognized.Manually starting
gpg-agent --daemondoes not change GPG_AGENT_INFO and the above gpg2 command still complains about hijacking, so the now running gpg-agent is still not recognized. Even not after reboot with autostarting it.Unsetting GPG_AGENT_INFO (or sourcing ~/.gpg-agent-info) in terminal helps: the above gpg2 command now works quietly.
Likewise, Enigmail 1.9 still complains, the now running gpg-agent is not recognized. Restarting Thunderbird via Patrick's wrapper (either unsetting GPG_AGENT_INFO or sourcing ~/.gpg-agent-info) helps: Enigmail now works well and quietly. No reboot needed.
Stopping TB, killing pgp-agent, restarting TB via the wrapper: Enigmail works, a new pgp-agent process was started. So far you're right, BUT: Obviously gpg2 follows GPG_AGENT_INFO if set, but does not set or change it when starting gpg-agent. Huh? (Which explains why Enigmail is not in a position to follow ~/.gpg-agent-info, I see now.)
To summarize my conclusions for LMDE2 Mate: mate-keyring was well-behaved and allowed gpg-agent to do its work or rather used it directly. Current gnome-keyring is impossible to keep from interfering. I do not need to set up an autostart for gpg-agent, but I need a wrapper script for Thunderbird unsetting GPG_AGENT_INFO or pointing it away from gnome-keyrings's socket to gpg-agent's socket. Finally, solved for me. Phew.
Thanks to all, Hans
Last edit: Hans 2016-02-29
Linux is not Windows - you cannot change the content of an environment variable globally. You can only change an environment variable for the current process and all its child processes. And you cannot have a child process change the environment variable for its parent process.
My suggestion is this: edit your ~/.xinitrc or ~/.xsessionrc file (whichever you have) and add the following two lines at the end of the file. This should overwrite the existing value of GPG_AGENT_INFO for your session.
I am aware of that. This was what Tom's unanswered question was about.
In LMDE Mate there are neither ~/.xinitrc nor ~/.xsessionrc. (There is a /etc/X11/Xsession.d/90gpg-agent — which does not start gpg-agent if GPG_AGENT_INFO is already set.)
So I created ~/.xsessionrc per your suggestion (~/.xinitrc was not recognized here) with the additional --use-standard-socket option. Unfortunately this does not work because gnome-keyring is slower (its socket stats about 0.1 seconds younger than gpg-agent's) so it wins again overwriting GPG_AGENT_INFO…
Thus, for me the simplest working solution so far remains the wrapper script for TB (and any other uses of gpg2).
Last edit: Hans 2016-03-01
Hey!
I'm coming here to report the same problem with Enigmail, on my 2 computers running on Debian 8 Jessie
Icedove v38.6.0 (Thunderbird by Debian....) + Enigmail version 1.9.1 (20160306-1158)
System fully updated today.
Crypt a mail, it's ok.
Sign the message, it's impossible, same error message as your screenshot on 1st page.
Decrypt a received mail, I put my password, then the same error message is coming, but the mail is shown without problem...
I don't remember well, but I think this error message as came after an update (which one, I'm not sure...)
Everything is fine on the windows7 with Thunderbird...
I hope it will help, and this major issue will be solved soon ;)
Good luck!
Hi, I can only say how to disable gnome keyring on Ubuntu-based systems. Type these two commands in a Terminal window:
Also, put the following line:
into your ~/.gnupg/gpg.conf
Afterwards log out and log in again.
In every case you should ensure that the files to be moved already exist. If not, or you're feeling unsafe, please ask for advice on Debian support channels. You could also ask on our mailing list (enigmail-users@enigmail.net), as the Debian mainainer for Enigmail and GnuPG is an active member there.
It's no wonder, why gpg-agent works out of the box on Windows and Mac OS X: There is simply no other software which could interfere like Gnome Keyring or KDE-Wallet on linux systems.
Thx Ludwig for your answer.
The problem reproduce, same message as before, sadly...
No luck, thx for the try ;)
Indeed gnome keyring was the culprit; it's working now like a charm. Thanks!!
Few tests, fresh installs with Debian 8, and 2 GUI
- MATE : I got the problem !
- XFCE : no problem...
So I think it can be a MATE issue......?
Hi Ludwig,
I'm using SeaMonkey/2.40 as email client in Debian 8, and having the same communication issue with the gpg-agent; Where is the log file created by enigmail? In the support page I cannot find too much information. the version of gpg-agent is 2.0.26. Thanks
The log file isn't created on disk, it's held in memory. In order to view it, go to: Menu -> Enigmail -> Debugging options -> View Log. There you can inspect it and/or save to disk.
Instructions for how to create a debug log file can be found here:
http://www.enigmail.net/index.php/en/faq-en?view=topic&id=15 (Section Debugging Log File).
Instructions for how to review/fix such issues can be found here:
http://www.enigmail.net/index.php/en/faq-en?view=topic&id=14 (Section "Resolving issues with GnuPG 2.x and gpg-agent")