Re: GPG signing problem - SOLVED
On Fri, 2016-05-20 at 17:07 +0100, Patrick O'Callaghan wrote: > I'm having a problem in Evolution (3.18.5.2) but suspect that it's > really something in my GPG setup. When I try to sign and encrypt a > message, I get: > > Could not create message. > > Because "gpg: skipped "": No secret key > gpg: signing failed: No secret key > ", you may need to select different mail options. > > I have used GPG in the past with the same key (also from Evolution) > without any problem. Both my own and the destination address are in > my > keyring. > > When I try to use Seahorse to sign a key, it tells me I have no > secret > key to do this with, which looks like the same error. > > So what does "no secret key" mean? All keys in the keyring were > generated by GPG as public/private pairs, so I don't understand > what's > going on. After endless faffing around with no progress, I decided to try sending the email with Thunderbird, and discovered what the root problem was. I hadn't mentioned before (didn't seem relevant) that this was a message to two recipients. It turns out that I only have the public key of one of them in my keyring. IOW the error message from Evolution was completely misleading. When I restricted the message to the person whose key I do have, I was asked for the passphrase and everything worked. I'll report this as a bug. poc -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: GPG signing problem
On Sat, 2016-05-21 at 18:16 -0400, Corey 'linuxmodder' Sheldon wrote: > > 1) when doing this in Evolution, I don't get asked for the > passphrase. > There should be a 'clear saved passphrase' option on next use There isn't. In fact IIRC I've never seen this in years of using Evolution. > uncheck 'use passphrase a Uncheck where? > > 2) the passpharase is different from my login password. > Good > > 3) gnome-keyring-d is running but there appear to be two processes, > > which is suspicious. > is one tied to gpg-agent? No idea. They have PIDs far apart so appear to be unrelated, but I can't discover what's starting them. One of them is connected to a socket, but the other isn't connected to anything as far as I can see: [poc@bree ~]$ pgrep -fl gnome-k 21068 gnome-keyring-d 21866 gnome-keyring-d [poc@bree ~]$ sudo lsof -a -U -p 21068 lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs Output information may be incomplete. COMMAND PID USER FD TYPE DEVICE SIZE/OFFNODE NAME gnome-key 21068 poc7u unix 0x8802dc032580 0t0 5561079 /run/user/1000/keyring/control type=STREAM gnome-key 21068 poc8u unix 0x88039f500780 0t0 5580087 type=DGRAM gnome-key 21068 poc9u unix 0x88026e4b12c0 0t0 5579919 type=STREAM [poc@bree ~]$ sudo lsof -a -U -p 21866 lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs Output information may be incomplete. COMMAND PID USER FD TYPE DEVICE SIZE/OFFNODE NAME gnome-key 21866 poc1u unix 0x8802b67bf440 0t0 5577172 type=STREAM gnome-key 21866 poc2u unix 0x8802b67be900 0t0 5577173 type=STREAM gnome-key 21866 poc5u unix 0x88039f5d6cc0 0t0 5576386 type=STREAM [poc@bree ~]$ ls -l /run/user/1000/keyring/control* srwxr-xr-x. 1 poc poc 0 May 22 13:44 /run/user/1000/keyring/control [poc@bree ~]$ file /run/user/1000/keyring/control* /run/user/1000/keyring/control: socket There's nothing in my .bashrc or .bash_login scripts (or the /etc equivalents), not in my KDE auto-start config. I even tried revering to a clean session start and changing desktop managers, all to no effect. poc -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: GPG signing problem
On Sat, 2016-05-21 at 15:04 -0700, Joe Zeff wrote: > On 05/21/2016 02:16 PM, Patrick O'Callaghan wrote: > > > > 2) the passpharase is different from my login password. > Good; it's supposed to be. And, I hope, it's more than one > word. One > of my friends uses something similar to ThisIsAVeryVeryLongPassword > for > his WiFi router because it's easy to remember and longer than most > password guessers are likely to generate. Yes I know, I was just covering the point in case it came up. poc -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: GPG signing problem
On 05/21/2016 05:16 PM, Patrick O'Callaghan wrote: > On Sat, 2016-05-21 at 12:30 -0400, Corey 'linuxmodder' Sheldon wrote: >> try with gpg (or gpg2 if installed): >> >> >> gpg -o ~/localpath -se /path/to/foo.txt and set the recipient to >> that >> keyid does that also scream 'no secret key' ? > It asked for a passphrase, then warned me that there is no assurance > that the recipient key belongs to the named user. Otherwise it worked. receipient's key is in trustdb ? > Note that: > > 1) when doing this in Evolution, I don't get asked for the passphrase. There should be a 'clear saved passphrase' option on next use uncheck 'use passphrase a > 2) the passpharase is different from my login password. Good > 3) gnome-keyring-d is running but there appear to be two processes, > which is suspicious. is one tied to gpg-agent? > poc > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org -- Corey Sheldon PGP (64b): 8B4E89435A88E539,59276298D2264944 P: +1-310.909.7672 Ameridea , FedoraProject Full Contact Info: https://gist.github.com/linux-modder/ac5dc6fa211315c633c9 Disclaimer: All contents of this and any threaded correspondence should be deemed confidential and priviledged. signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: GPG signing problem
On 05/21/2016 06:04 PM, Joe Zeff wrote: > On 05/21/2016 02:16 PM, Patrick O'Callaghan wrote: >> 2) the passpharase is different from my login password. > > Good; it's supposed to be. And, I hope, it's more than one word. One > of my friends uses something similar to ThisIsAVeryVeryLongPassword > for his WiFi router because it's easy to remember and longer than most > password guessers are likely to generate. > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org take a 20-36 character diagonal password run it thru sha512 or an ec curve and use and offset and pre-defined size can leave the full hash in the clear then even if you didn't want to gpg lock it or other secure means. -- Corey Sheldon PGP (64b): 8B4E89435A88E539,59276298D2264944 P: +1-310.909.7672 Ameridea , FedoraProject Full Contact Info: https://gist.github.com/linux-modder/ac5dc6fa211315c633c9 Disclaimer: All contents of this and any threaded correspondence should be deemed confidential and priviledged. signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: GPG signing problem
On 05/21/2016 02:16 PM, Patrick O'Callaghan wrote: 2) the passpharase is different from my login password. Good; it's supposed to be. And, I hope, it's more than one word. One of my friends uses something similar to ThisIsAVeryVeryLongPassword for his WiFi router because it's easy to remember and longer than most password guessers are likely to generate. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: GPG signing problem
On Sat, 2016-05-21 at 12:30 -0400, Corey 'linuxmodder' Sheldon wrote: > try with gpg (or gpg2 if installed): > > > gpg -o ~/localpath -se /path/to/foo.txt and set the recipient to > that > keyid does that also scream 'no secret key' ? It asked for a passphrase, then warned me that there is no assurance that the recipient key belongs to the named user. Otherwise it worked. Note that: 1) when doing this in Evolution, I don't get asked for the passphrase. 2) the passpharase is different from my login password. 3) gnome-keyring-d is running but there appear to be two processes, which is suspicious. poc -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: GPG signing problem
On 05/21/2016 12:24 PM, Patrick O'Callaghan wrote: > On Sat, 2016-05-21 at 10:11 -0400, Corey 'linuxmodder' Sheldon wrote: >> >> Consider doign any or all fo the following: >> >> 1) re-importing secret (private) key parts for that key > I'll try that as a last resort. > >> 2) checking in gpg or Evolution that the trust level is set (OR >> that >> you have the much more insecure setting 'trust all keys' enabled) > The trust level is set. > >> 3) Check for pinentry-gtk --- If this is not installed (MOST gpg >> encryption / secret key passphrase errors stem from) > I had pinentry-qt (I'm on KDE). I installed pinentry-gtk and it made no > difference. I had previously tried the encryption under Gnome with the > same result. > >> Also is this Default Evolution in the repos or a pre-release >> (alpha/beta)? > Standard version from the stable F23 repo. > > poc > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org try with gpg (or gpg2 if installed): gpg -o ~/localpath -se /path/to/foo.txt and set the recipient to that keyid does that also scream 'no secret key' ? -- Corey Sheldon PGP (64b): 8B4E89435A88E539,59276298D2264944 P: +1-310.909.7672 Ameridea , FedoraProject Full Contact Info: https://gist.github.com/linux-modder/ac5dc6fa211315c633c9 Disclaimer: All contents of this and any threaded correspondence should be deemed confidential and priviledged. signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: GPG signing problem
On Sat, 2016-05-21 at 10:11 -0400, Corey 'linuxmodder' Sheldon wrote: > > > Consider doign any or all fo the following: > > 1) re-importing secret (private) key parts for that key I'll try that as a last resort. > 2) checking in gpg or Evolution that the trust level is set (OR > that > you have the much more insecure setting 'trust all keys' enabled) The trust level is set. > 3) Check for pinentry-gtk --- If this is not installed (MOST gpg > encryption / secret key passphrase errors stem from) I had pinentry-qt (I'm on KDE). I installed pinentry-gtk and it made no difference. I had previously tried the encryption under Gnome with the same result. > Also is this Default Evolution in the repos or a pre-release > (alpha/beta)? Standard version from the stable F23 repo. poc -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: GPG signing problem
On 05/20/2016 03:47 PM, Patrick O'Callaghan wrote: > On Fri, 2016-05-20 at 09:48 -0700, Doug H. wrote: >> On Fri, 2016-05-20 at 17:07 +0100, Patrick O'Callaghan wrote: >>> I'm having a problem in Evolution (3.18.5.2) but suspect that it's >>> really something in my GPG setup. When I try to sign and encrypt a >>> message, I get: >>> >>> Could not create message. >>> >>> Because "gpg: skipped "": No secret key >>> gpg: signing failed: No secret key >>> ", you may need to select different mail options. >>> >>> I have used GPG in the past with the same key (also from Evolution) >>> without any problem. Both my own and the destination address are in >>> my >>> keyring. >>> >>> When I try to use Seahorse to sign a key, it tells me I have no >>> secret >>> key to do this with, which looks like the same error. >>> >>> So what does "no secret key" mean? All keys in the keyring were >>> generated by GPG as public/private pairs, so I don't understand >>> what's >>> going on. >> Not sure this helps, but... >> >> I was able to get that message when I created a reply to this group. >> I >> then moved over to my inbox to create a new message and was able to >> sign it. The trouble for me was clear from the error since I use a >> non >> standard e-mail for this list and that was not in my GPG settings. > The address I'm using to send the mail (and hence to sign it) is one of > those in my keyring. I've tried using both with the actual address and > the 8-digit ID string to select the signing key. Both give the same > error. > > poc > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org Consider doign any or all fo the following: 1) re-importing secret (private) key parts for that key 2) checking in gpg or Evolution that the trust level is set (OR that you have the much more insecure setting 'trust all keys' enabled) 3) Check for pinentry-gtk --- If this is not installed (MOST gpg encryption / secret key passphrase errors stem from) Also is this Default Evolution in the repos or a pre-release (alpha /beta)? -- Corey Sheldon PGP (64b): 8B4E89435A88E539,59276298D2264944 P: +1-310.909.7672 Ameridea , FedoraProject Full Contact Info: https://gist.github.com/linux-modder/ac5dc6fa211315c633c9 Disclaimer: All contents of this and any threaded correspondence should be deemed confidential and priviledged. signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: GPG signing problem
On Fri, 2016-05-20 at 09:48 -0700, Doug H. wrote: > On Fri, 2016-05-20 at 17:07 +0100, Patrick O'Callaghan wrote: > > > > I'm having a problem in Evolution (3.18.5.2) but suspect that it's > > really something in my GPG setup. When I try to sign and encrypt a > > message, I get: > > > > Could not create message. > > > > Because "gpg: skipped "": No secret key > > gpg: signing failed: No secret key > > ", you may need to select different mail options. > > > > I have used GPG in the past with the same key (also from Evolution) > > without any problem. Both my own and the destination address are in > > my > > keyring. > > > > When I try to use Seahorse to sign a key, it tells me I have no > > secret > > key to do this with, which looks like the same error. > > > > So what does "no secret key" mean? All keys in the keyring were > > generated by GPG as public/private pairs, so I don't understand > > what's > > going on. > > Not sure this helps, but... > > I was able to get that message when I created a reply to this group. > I > then moved over to my inbox to create a new message and was able to > sign it. The trouble for me was clear from the error since I use a > non > standard e-mail for this list and that was not in my GPG settings. The address I'm using to send the mail (and hence to sign it) is one of those in my keyring. I've tried using both with the actual address and the 8-digit ID string to select the signing key. Both give the same error. poc -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: GPG signing problem
On Fri, 2016-05-20 at 17:07 +0100, Patrick O'Callaghan wrote: > I'm having a problem in Evolution (3.18.5.2) but suspect that it's > really something in my GPG setup. When I try to sign and encrypt a > message, I get: > > Could not create message. > > Because "gpg: skipped "": No secret key > gpg: signing failed: No secret key > ", you may need to select different mail options. > > I have used GPG in the past with the same key (also from Evolution) > without any problem. Both my own and the destination address are in > my > keyring. > > When I try to use Seahorse to sign a key, it tells me I have no > secret > key to do this with, which looks like the same error. > > So what does "no secret key" mean? All keys in the keyring were > generated by GPG as public/private pairs, so I don't understand > what's > going on. Not sure this helps, but... I was able to get that message when I created a reply to this group. I then moved over to my inbox to create a new message and was able to sign it. The trouble for me was clear from the error since I use a non standard e-mail for this list and that was not in my GPG settings. My error: Because "gpg: skipped "fedoraproject@wombatz.com": No secret key gpg: signing failed: No secret key ", you may need to select different mail options. -- Doug H. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
GPG signing problem
I'm having a problem in Evolution (3.18.5.2) but suspect that it's really something in my GPG setup. When I try to sign and encrypt a message, I get: Could not create message. Because "gpg: skipped "": No secret key gpg: signing failed: No secret key ", you may need to select different mail options. I have used GPG in the past with the same key (also from Evolution) without any problem. Both my own and the destination address are in my keyring. When I try to use Seahorse to sign a key, it tells me I have no secret key to do this with, which looks like the same error. So what does "no secret key" mean? All keys in the keyring were generated by GPG as public/private pairs, so I don't understand what's going on. poc -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org