Re: pinentry problems

2018-04-16 Thread Daniel Kahn Gillmor 
On Tue 2018-04-17 00:04:11 +0200, Paul H. Hentze wrote:
>> gpg: WARNING: unsafe permissions on homedir '/home/giraffenhorde/.gnupg'
>
> So I fixed that with
>
>> chown -R "$USER:$(id -gn)" ~/.gnupg
>> chmod 700 ~/.gnupg
>> chmod 600 ~/.gnupg/*
>
> from here: https://superuser.com/a/954639

this doesn't look right to me.

in particular, it's going to remove the "execute/traverse" permission on
~/.gnupg/private-keys-v1.d/, which means that gpg-agent isn't going to
be able to get a list of all available secret keys.

Probably, you want to do the following (as your normal user account):

find ~/.gnupg -type d -exec chown 0700 '{}' ';'
find ~/.gnupg -type f -exec chown 0600 '{}' ';'

if you do that, then you should be able to see some files whose names
end in ".key" in ~/.gnupg/private-keys-v1.d/, like so:

ls -l ~/.gnupg/private-keys-v1.d/*.key

if that's the case, then i recommend you ask your running gpg-agent to
shut down because it's probably confused:

   gpgconf --kill gpg-agent

a new gpg-agent should start up again afterward as soon as you need it.
you can also try to see which secret keys are available like this:

   gpg --with-keygrip --list-secret-keys

You should see that the keygrips listed match the files found in the
"ls" output above.

If that doesn't work for you, please report back and we'll try to debug
further :)

--dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

pinentry problems

2018-04-16 Thread Paul H. Hentze 
Hey folks,

I'm kinda stuck here with a problem with pinentry and could use some help.
I described the hole problem in detail here:
https://sourceforge.net/p/enigmail/forum/support/thread/eedabe49/

For all who don't like links, I will copy it down below.
Patrick Brunschwig already asked some questions and I tried some more
stuff, which is all documented under the link above, but nothing helped.

Has anybody any idea what to do?

Best wishes


Paul





- - - - - - - - - - - - - - -

Hi folks,

I'm having some problems with GPG right know and hope you can help me.
Debian 9, Thunderbird 52.7.0 (64-bit), Enigmail 2.0.2, GnuPG 2.1.18

I had a harddrive crash recently and had to set up the whole system from
scratch. Because I couldn't do it properly I saved the .gnupg folder und
now copied the whole thing to my new system at the same place. Since
then, I can't use Mailencryption.
I started with the faq page:
https://www.enigmail.net/index.php/en/faq?view=topic=14#faqLink_2
Under 'How to analyze' I tried debugging and get
> parseErrorOutputWith: status message:
> gpg: WARNING: unsafe permissions on homedir '/home/giraffenhorde/.gnupg'

So I fixed that with

> chown -R "$USER:$(id -gn)" ~/.gnupg
> chmod 700 ~/.gnupg
> chmod 600 ~/.gnupg/*

from here: https://superuser.com/a/954639


Now my secret keys are all gone.
gpg --list-secret-keys gives no output and in enigmail this doesn't work
either.
When I want to put them in enigmail again, the system can't see them.

I tried gpg --gen-key and got even more

>  gpg: agent_genkey failed: Kein Pinentry
> Key generation failed: Kein Pinentry

I went back to the enigmail Troubleshooting advises above under 'How to
fix it' and tried further, so

1. is good
2. is good, I made this symlink thing, didn't help
3. is good, in my case it's
pinentry-program /usr/bin/pinentry-qt4
4. is good, the gnupg versions are matching
5. I don't need this one, because 4 was good they say
6. here is where I get
ERR 67108949 Kein Pinentry 
7. when I type in
killall gpg-agent
 gpg-agent --debug-level expert --use-standard-socket --daemon /bin/sh
I get

> gpg-agent --debug-level expert --use-standard-socket --daemon /bin/sh
> gpg-agent[9469]: WARNING: "--use-standard-socket" is an obsolete
option - it has no effect
> gpg-agent[9469]: enabled debug flags: cache ipc
> gpg-agent[9469]: DBG: chan_4 <- OK Pleased to meet you, process 9469
> gpg-agent[9469]: DBG: chan_4 -> BYE
> gpg-agent: a gpg-agent is already running - not starting a new one
> gpg-agent: secmem usage: 0/65536 bytes in 0 blocks

I tried it without all unnecessary code above:
gpg-agent --debug-level expert /bin/sh
and I get

> gpg-agent[9477]: enabled debug flags: cache ipc
> gpg-agent[9477]: DBG: chan_3 <- OK Pleased to meet you, process 9477
> gpg-agent[9477]: gpg-agent running and available
> gpg-agent[9477]: DBG: chan_3 -> BYE
> gpg-agent[9477]: secmem usage: 0/65536 bytes in 0 blocks

So this debugging doesn't work somehow and there is no other terminal
window which opens as they say.

Have you got any idea what to do?
I could really use some help. Thanks in advance.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: test

2018-04-16 Thread Schlacta, Christopher 
Error:  Test failure:  Testing protocol disengaged.

On Mon, Apr 16, 2018 at 9:10 AM, Paul H. Hentze  wrote:
> test
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

test

2018-04-16 Thread Paul H. Hentze 
test

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgme_op_verify regression with gnupg 2.2.6?

2018-04-16 Thread Werner Koch 
On Mon, 16 Apr 2018 11:44, thomas.jaro...@intra2net.com said:

> I'm wondering how to prevent other people from running into this issue.

I wondered whether I should send out a notice to the announce list but I
doubt that those with problems will read it.  I will add a pointer to
the NEWS entry at gnupg.org with the patch because I assume that will
fast show up in searches.

Given that 1.11.0 is close to a release we decided this morning not to
release a 1.10.1.  GnuPG 2.2.6 is  new enough so that it will be used
only be folks who would also built GPGME from source and thus either the
patch or the forthcoming 1.11.0 should be okay.

> Could gnupg 2.2.7 detect if gpgme is installed at all and if it is,
> make sure it's at least version 1.10.1 / 1.11.0?

:-) - No.


Shalom-Salam,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgphImc4wzd3S.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgme_op_verify regression with gnupg 2.2.6?

2018-04-16 Thread Thomas Jarosch 
Hello Werner,

On Friday, 13 April 2018 12:16:22 CEST Werner Koch wrote:
> On Thu, 12 Apr 2018 15:26, w...@gnupg.org said:
> > Please stay tuned for a GPGME fix.  I hope that you can test it too.
> 
> I pushed a fix as weel as a new test to the master branch.  I may also
> release a 1.10.1 to fix this.  The attached pacth should apply to 1.10.0
> and maybe also to 1.9.

all tests pass fine with the additional fix for gpgme. Thanks!

I'm wondering how to prevent other people from running into this issue.

Could gnupg 2.2.7 detect if gpgme is installed at all and if it is,
make sure it's at least version 1.10.1 / 1.11.0?

Cheers,
Thomas




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users