Re: Problems with Gnus (Emacs) + GnuPG for signing a mail with S/MIME
Hello, Werner Koch writes: >> Any ideas as to what might cause this? > > No. But you may want to add > > debug-pinentry Thanks. I had already tried that, but didn't seem to report anything useful to figure out the problem in my case... -- Ángel de Vicente Research Software Engineer (Supercomputing and BigData) Tel.: +34 922-605-747 Web.: http://research.iac.es/proyecto/polmag/ GPG: 0x8BDC390B69033F52 smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems with Gnus (Emacs) + GnuPG for signing a mail with S/MIME
On Fri, 4 Nov 2022 19:03, Angel de Vicente said: > Any ideas as to what might cause this? No. But you may want to add debug-pinentry to gpg-agent/conf Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems with Gnus (Emacs) + GnuPG for signing a mail with S/MIME
Am Freitag 11 November 2022 14:40:13 schrieb Angel de Vicente: > I actually have no problems signing with S/MIME also inside Emacs (as > far as the passphrase has been cached). And I have no problems signing > with PGP (pinentry loopback works fine then). > > So it looks like something that affects exclusively pinentry loopback > while signing with S/MIME As always, there must be a difference in how OpenPGP and S/MIME signing with GnuPG is called from Emacs/Gnus. (There is a small chance that it is with the specific keypair you are using.) Comparing detailed logs of OpenPGP and S/MIME might reveal the difference. I darkly remember Gnus using GPGME, if this is the case, maybe a GPGME_DEBUG log can help you. Otherwise you need to look into how Emacs can produce more details about what it is going (I am not an Emacs user, so I cannot really help you there.) Regards Bernhard signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems with Gnus (Emacs) + GnuPG for signing a mail with S/MIME
Hello, Bernhard Reiter writes: > Am Freitag 04 November 2022 20:03:35 schrieb Angel de Vicente: >> Any ideas as to what might cause this? > > Not really, I would start the analysis by asserting that > gpgsm --sign > still works outside of Emacs and then somehow try to emulate the loopback > mode. Maybe there is a different problem somewhere. gpgsm --sign outside of Emacs does work without any problems. I actually have no problems signing with S/MIME also inside Emacs (as far as the passphrase has been cached). And I have no problems signing with PGP (pinentry loopback works fine then). So it looks like something that affects exclusively pinentry loopback while signing with S/MIME (actually you will see this e-mail signed with S/MIME. Basically I try to sign it, if I get the error because the passphrase was not cached, I simply sign a region with PGP (which asks me correctly for the passphrase and it gets cached, and then I have no problem signing and sending the message). I really have no clue what could be going on... Thanks, -- Ángel de Vicente Research Software Engineer (Supercomputing and BigData) Tel.: +34 922-605-747 Web.: http://research.iac.es/proyecto/polmag/ GPG: 0x8BDC390B69033F52 smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems with Gnus (Emacs) + GnuPG for signing a mail with S/MIME
Am Freitag 04 November 2022 20:03:35 schrieb Angel de Vicente: > Any ideas as to what might cause this? Not really, I would start the analysis by asserting that gpgsm --sign still works outside of Emacs and then somehow try to emulate the loopback mode. Maybe there is a different problem somewhere. Bernhard -- https://intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Problems with Gnus (Emacs) + GnuPG for signing a mail with S/MIME
Hello, I've been trying to figure out why my setting (Emacs + Gnus) is giving me trouble to sign SMIME messages. Well, the only problem seems to be when I select the option for loopback pinentry, and only for SMIME messags. For signing with PGP loopback seems to work fine and I get asked the passphrase in the Emacs minibuffer, but for SMIME there seems to be a problem. By setting epg-debug in Emacs to True I found that most of the moves are OK, but that the error comes from not being able to get the passphrase: the " *gpg-error* buffer comes with: , | gpgsm: Note: non-critical certificate policy not allowed | gpgsm: Note: non-critical certificate policy not allowed | gpgsm: Note: non-critical certificate policy not allowed | gpgsm: CRLs not checked due to --disable-crl-checks option | gpgsm: DBG: adding certificates at level -2 | gpgsm: ignoring gpg-agent inquiry 'PASSPHRASE' | gpgsm: error creating signature: No passphrase given ` while the gpg-agent.log tells me: , | DBG: chan_9 -> OK Pleased to meet you, process 3382246 | DBG: chan_9 <- RESET | DBG: chan_9 -> OK | DBG: chan_9 <- OPTION ttytype=dumb | DBG: chan_9 -> OK | DBG: chan_9 <- OPTION display=:0.0 | DBG: chan_9 -> OK | DBG: chan_9 <- OPTION xauthority=/home/angelv/.Xauthority | DBG: chan_9 -> OK | DBG: chan_9 <- OPTION putenv=XDG_SESSION_TYPE=x11 | DBG: chan_9 -> OK | DBG: chan_9 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus | DBG: chan_9 -> OK | DBG: chan_9 <- OPTION putenv=INSIDE_EMACS=28.2,epg | DBG: chan_9 -> OK | DBG: chan_9 <- GETINFO version | DBG: chan_9 -> D 2.2.40 | DBG: chan_9 -> OK | DBG: chan_9 <- OPTION allow-pinentry-notify | DBG: chan_9 -> OK | DBG: chan_9 <- OPTION pinentry-mode=loopback | DBG: chan_9 -> OK | DBG: chan_9 <- HAVEKEY FC155E4BAF3DA44364C84711DA0B7137EA89D084 | DBG: chan_9 -> OK | DBG: chan_9 <- ISTRUSTED D1EB23A46D17D68FD92564C2F1F1601764D8E349 | DBG: chan_9 -> S TRUSTLISTFLAG relax | DBG: chan_9 -> OK | DBG: chan_9 <- RESET | DBG: chan_9 -> OK | DBG: chan_9 <- SIGKEY FC155E4BAF3DA44364C84711DA0B7137EA89D084 | DBG: chan_9 -> OK | DBG: chan_9 <- SETKEYDESC | Please+enter+the+passphrase+to+unlock+the+secret+key+for+the+X.509+certificate:%0A%22/CN=Angel+M+de+Vicente/O=Instituto+de+Astrofisica+de+Canarias/STREET=Calle+Vía+Láctea,+s\x2fn/ST=Santa+Cruz+de+Tenerife/C=ES%22%0AS/N+00B4307E9B17A8814A2B5CAE68E09B520E,+ID+0x74A5504B,%0Acreated+2022-10-31,+expires+2024-10-30.%0A | DBG: chan_9 -> OK | DBG: chan_9 <- SETHASH 9 96D6D02821BA0498546EF7BD466B9712FD1C8126AD583F895CD8DDA26DD07B7BBFD74F8A5A6E3087C0893C7BBDD78CCB | DBG: chan_9 -> OK | DBG: chan_9 <- PKSIGN | DBG: agent_get_cache 'FC155E4BAF3DA44364C84711DA0B7137EA89D084'.0 (mode 2) ... | DBG: ... miss | DBG: agent_get_cache '6F4B59E5A9FBC6FB684CB55FDBB7CC30EEE197E3'.0 (mode 2) (stored cache key) ... | DBG: ... miss | DBG: chan_9 -> S INQUIRE_MAXLEN 255 | DBG: chan_9 -> [[Confidential data not shown]] | DBG: chan_9 <- [[Confidential data not shown]] | failed to unprotect the secret key: No passphrase given | failed to read the secret key | command 'PKSIGN' failed: No passphrase given | DBG: chan_9 -> ERR 67109041 No passphrase given | DBG: chan_9 <- [eof] ` I have removed gnome-keyring and seahorse in my system (in case there was a conflict with them). Any ideas as to what might cause this? Many thanks -- Ángel de Vicente Research Software Engineer (Supercomputing and BigData) Tel.: +34 922-605-747 Web.: http://research.iac.es/proyecto/polmag/ GPG: 0x8BDC390B69033F52 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
