I'm having a problem in Evolution (3.18.5.2) but suspect that it's really something in my GPG setup. When I try to sign and encrypt a message, I get:
Could not create message.
Because "gpg: skipped "XXXXXXXX": No secret key gpg: signing failed: No secret key ", you may need to select different mail options.
I have used GPG in the past with the same key (also from Evolution) without any problem. Both my own and the destination address are in my keyring.
When I try to use Seahorse to sign a key, it tells me I have no secret key to do this with, which looks like the same error.
So what does "no secret key" mean? All keys in the keyring were generated by GPG as public/private pairs, so I don't understand what's going on.
poc
On Fri, 2016-05-20 at 17:07 +0100, Patrick O'Callaghan wrote:
I'm having a problem in Evolution (3.18.5.2) but suspect that it's really something in my GPG setup. When I try to sign and encrypt a message, I get:
Could not create message.
Because "gpg: skipped "XXXXXXXX": No secret key gpg: signing failed: No secret key ", you may need to select different mail options.
I have used GPG in the past with the same key (also from Evolution) without any problem. Both my own and the destination address are in my keyring.
When I try to use Seahorse to sign a key, it tells me I have no secret key to do this with, which looks like the same error.
So what does "no secret key" mean? All keys in the keyring were generated by GPG as public/private pairs, so I don't understand what's going on.
Not sure this helps, but...
I was able to get that message when I created a reply to this group. I then moved over to my inbox to create a new message and was able to sign it. The trouble for me was clear from the error since I use a non standard e-mail for this list and that was not in my GPG settings.
My error:
Because "gpg: skipped "fedoraproject.org@wombatz.com": No secret key gpg: signing failed: No secret key ", you may need to select different mail options.
On Fri, 2016-05-20 at 09:48 -0700, Doug H. wrote:
On Fri, 2016-05-20 at 17:07 +0100, Patrick O'Callaghan wrote:
I'm having a problem in Evolution (3.18.5.2) but suspect that it's really something in my GPG setup. When I try to sign and encrypt a message, I get:
Could not create message.
Because "gpg: skipped "XXXXXXXX": No secret key gpg: signing failed: No secret key ", you may need to select different mail options.
I have used GPG in the past with the same key (also from Evolution) without any problem. Both my own and the destination address are in my keyring.
When I try to use Seahorse to sign a key, it tells me I have no secret key to do this with, which looks like the same error.
So what does "no secret key" mean? All keys in the keyring were generated by GPG as public/private pairs, so I don't understand what's going on.
Not sure this helps, but...
I was able to get that message when I created a reply to this group. I then moved over to my inbox to create a new message and was able to sign it. The trouble for me was clear from the error since I use a non standard e-mail for this list and that was not in my GPG settings.
The address I'm using to send the mail (and hence to sign it) is one of those in my keyring. I've tried using both with the actual address and the 8-digit ID string to select the signing key. Both give the same error.
poc
On 05/20/2016 03:47 PM, Patrick O'Callaghan wrote:
On Fri, 2016-05-20 at 09:48 -0700, Doug H. wrote:
On Fri, 2016-05-20 at 17:07 +0100, Patrick O'Callaghan wrote:
I'm having a problem in Evolution (3.18.5.2) but suspect that it's really something in my GPG setup. When I try to sign and encrypt a message, I get:
Could not create message. Because "gpg: skipped "XXXXXXXX": No secret key gpg: signing failed: No secret key ", you may need to select different mail options.I have used GPG in the past with the same key (also from Evolution) without any problem. Both my own and the destination address are in my keyring.
When I try to use Seahorse to sign a key, it tells me I have no secret key to do this with, which looks like the same error.
So what does "no secret key" mean? All keys in the keyring were generated by GPG as public/private pairs, so I don't understand what's going on.
Not sure this helps, but...
I was able to get that message when I created a reply to this group. I then moved over to my inbox to create a new message and was able to sign it. The trouble for me was clear from the error since I use a non standard e-mail for this list and that was not in my GPG settings.
The address I'm using to send the mail (and hence to sign it) is one of those in my keyring. I've tried using both with the actual address and the 8-digit ID string to select the signing key. Both give the same error.
poc
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Consider doign any or all fo the following:
1) re-importing secret (private) key parts for that key 2) checking in gpg or Evolution that the trust level is set (OR that you have the much more insecure setting 'trust all keys' enabled) 3) Check for pinentry-gtk --- If this is not installed (MOST gpg encryption / secret key passphrase errors stem from)
Also is this Default Evolution in the repos or a pre-release (alpha /beta)?
On Sat, 2016-05-21 at 10:11 -0400, Corey 'linuxmodder' Sheldon wrote:
Consider doign any or all fo the following:
- re-importing secret (private) key parts for that key
I'll try that as a last resort.
- checking in gpg or Evolution that the trust level is set (OR
that you have the much more insecure setting 'trust all keys' enabled)
The trust level is set.
- Check for pinentry-gtk --- If this is not installed (MOST gpg
encryption / secret key passphrase errors stem from)
I had pinentry-qt (I'm on KDE). I installed pinentry-gtk and it made no difference. I had previously tried the encryption under Gnome with the same result.
Also is this Default Evolution in the repos or a pre-release (alpha/beta)?
Standard version from the stable F23 repo.
poc
On 05/21/2016 12:24 PM, Patrick O'Callaghan wrote:
On Sat, 2016-05-21 at 10:11 -0400, Corey 'linuxmodder' Sheldon wrote:
Consider doign any or all fo the following:
- re-importing secret (private) key parts for that key
I'll try that as a last resort.
- checking in gpg or Evolution that the trust level is set (OR
that you have the much more insecure setting 'trust all keys' enabled)
The trust level is set.
- Check for pinentry-gtk --- If this is not installed (MOST gpg
encryption / secret key passphrase errors stem from)
I had pinentry-qt (I'm on KDE). I installed pinentry-gtk and it made no difference. I had previously tried the encryption under Gnome with the same result.
Also is this Default Evolution in the repos or a pre-release (alpha/beta)?
Standard version from the stable F23 repo.
poc
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
try with gpg (or gpg2 if installed):
gpg -o ~/localpath -se /path/to/foo.txt and set the recipient to that keyid does that also scream 'no secret key' ?
On Sat, 2016-05-21 at 12:30 -0400, Corey 'linuxmodder' Sheldon wrote:
try with gpg (or gpg2 if installed):
gpg -o ~/localpath -se /path/to/foo.txt and set the recipient to that keyid does that also scream 'no secret key' ?
It asked for a passphrase, then warned me that there is no assurance that the recipient key belongs to the named user. Otherwise it worked.
Note that:
1) when doing this in Evolution, I don't get asked for the passphrase.
2) the passpharase is different from my login password.
3) gnome-keyring-d is running but there appear to be two processes, which is suspicious.
poc
On 05/21/2016 02:16 PM, Patrick O'Callaghan wrote:
- the passpharase is different from my login password.
Good; it's supposed to be. And, I hope, it's more than one word. One of my friends uses something similar to ThisIsAVeryVeryLongPassword for his WiFi router because it's easy to remember and longer than most password guessers are likely to generate.
On 05/21/2016 06:04 PM, Joe Zeff wrote:
On 05/21/2016 02:16 PM, Patrick O'Callaghan wrote:
- the passpharase is different from my login password.
Good; it's supposed to be. And, I hope, it's more than one word. One of my friends uses something similar to ThisIsAVeryVeryLongPassword for his WiFi router because it's easy to remember and longer than most password guessers are likely to generate. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
take a 20-36 character diagonal password run it thru sha512 or an ec curve and use and offset and pre-defined size can leave the full hash in the clear then even if you didn't want to gpg lock it or other secure means.
On 05/21/2016 05:16 PM, Patrick O'Callaghan wrote:
On Sat, 2016-05-21 at 12:30 -0400, Corey 'linuxmodder' Sheldon wrote:
try with gpg (or gpg2 if installed):
gpg -o ~/localpath -se /path/to/foo.txt and set the recipient to that keyid does that also scream 'no secret key' ?
It asked for a passphrase, then warned me that there is no assurance that the recipient key belongs to the named user. Otherwise it worked.
receipient's key is in trustdb ?
Note that:
- when doing this in Evolution, I don't get asked for the passphrase.
There should be a 'clear saved passphrase' option on next use uncheck 'use passphrase a
- the passpharase is different from my login password.
Good
- gnome-keyring-d is running but there appear to be two processes,
which is suspicious.
is one tied to gpg-agent?
poc
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On Sat, 2016-05-21 at 15:04 -0700, Joe Zeff wrote:
On 05/21/2016 02:16 PM, Patrick O'Callaghan wrote:
- the passpharase is different from my login password.
Good; it's supposed to be. And, I hope, it's more than one word. One of my friends uses something similar to ThisIsAVeryVeryLongPassword for his WiFi router because it's easy to remember and longer than most password guessers are likely to generate.
Yes I know, I was just covering the point in case it came up.
poc
On Sat, 2016-05-21 at 18:16 -0400, Corey 'linuxmodder' Sheldon wrote:
- when doing this in Evolution, I don't get asked for the
passphrase. There should be a 'clear saved passphrase' option on next use
There isn't. In fact IIRC I've never seen this in years of using Evolution.
uncheck 'use passphrase a
Uncheck where?
- the passpharase is different from my login password.
Good
- gnome-keyring-d is running but there appear to be two processes,
which is suspicious.
is one tied to gpg-agent?
No idea. They have PIDs far apart so appear to be unrelated, but I can't discover what's starting them. One of them is connected to a socket, but the other isn't connected to anything as far as I can see:
[ poc@bree ~]$ pgrep -fl gnome-k 21068 gnome-keyring-d 21866 gnome-keyring-d [ poc@bree ~]$ sudo lsof -a -U -p 21068 lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs Output information may be incomplete. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME gnome-key 21068 poc 7u unix 0xffff8802dc032580 0t0 5561079 /run/user/1000/keyring/control type=STREAM gnome-key 21068 poc 8u unix 0xffff88039f500780 0t0 5580087 type=DGRAM gnome-key 21068 poc 9u unix 0xffff88026e4b12c0 0t0 5579919 type=STREAM [ poc@bree ~]$ sudo lsof -a -U -p 21866 lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs Output information may be incomplete. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME gnome-key 21866 poc 1u unix 0xffff8802b67bf440 0t0 5577172 type=STREAM gnome-key 21866 poc 2u unix 0xffff8802b67be900 0t0 5577173 type=STREAM gnome-key 21866 poc 5u unix 0xffff88039f5d6cc0 0t0 5576386 type=STREAM [ poc@bree ~]$ ls -l /run/user/1000/keyring/control* srwxr-xr-x. 1 poc poc 0 May 22 13:44 /run/user/1000/keyring/control [ poc@bree ~]$ file /run/user/1000/keyring/control* /run/user/1000/keyring/control: socket
There's nothing in my .bashrc or .bash_login scripts (or the /etc equivalents), not in my KDE auto-start config. I even tried revering to a clean session start and changing desktop managers, all to no effect.
poc
On Fri, 2016-05-20 at 17:07 +0100, Patrick O'Callaghan wrote:
I'm having a problem in Evolution (3.18.5.2) but suspect that it's really something in my GPG setup. When I try to sign and encrypt a message, I get:
Could not create message.
Because "gpg: skipped "XXXXXXXX": No secret key gpg: signing failed: No secret key ", you may need to select different mail options.
I have used GPG in the past with the same key (also from Evolution) without any problem. Both my own and the destination address are in my keyring.
When I try to use Seahorse to sign a key, it tells me I have no secret key to do this with, which looks like the same error.
So what does "no secret key" mean? All keys in the keyring were generated by GPG as public/private pairs, so I don't understand what's going on.
After endless faffing around with no progress, I decided to try sending the email with Thunderbird, and discovered what the root problem was. I hadn't mentioned before (didn't seem relevant) that this was a message to two recipients. It turns out that I only have the public key of one of them in my keyring. IOW the error message from Evolution was completely misleading. When I restricted the message to the person whose key I do have, I was asked for the passphrase and everything worked.
I'll report this as a bug.
poc
-
Corey Sheldon -
Doug H. -
Joe Zeff -
Patrick O'Callaghan