No pinentry prompt for PGP signing #137
Comments
|
The specific message you mentioned "Secret key not found" - could have multiple causes. The Evolution Help pages, on "Setting up GPG for your mail account", state this "Your key ID is an eight-character string with random numbers and letters." - when you use the full key id in the Evolution it does not find it. Additionally, remove all the spaces as well, because multiple keys are separated through a space between them. My issue is related to the "pinentry" prompt. It does not happen on my system. Trying to resolve that. |
|
There is a similar downstream report: The gpg claims an error:
which feels related. I tried it here, to sign and encrypt a message with a key stored on the host system with an ancient gpg 2.2.20 and the latest Evolution from Flathub (3.50.0), which has gpg 2.2.41, and I am asked for the password for the key and when I provide it the message is properly signed and encrypted (the password is needed only for the signing), thus it looks like the incompatibility of the versions is truly only a warning. The "Secret key not found" can be from libsecret, when it's trying to read a password stored in the keyring and it cannot find it. As the password prompt allows to "Save in password manager" I enabled it and verified the key is read from the keyring. After that I opened seahorse and deleted the GPG key from it. Starting Evolution I'm asked for the password again, I do not get the "Secret key not found" error. The evolution-data-server sources contain only one occurrence of the "Secret key not found" message, but only together with "Failed to decrypt MIME part: Secret key not found", which is not your case, I suppose. I guess there is missing private key for the gpg key used in the encrypted mail, if it's the time you see this error at. Why gpg cannot locale it I do not know. @Sesivany it looks like the |
|
In ralation to the bug https://gitlab.gnome.org/GNOME/evolution/-/issues/2536, I can confirm that does no difference between the using kwallet and pam_kwallet_5 or gnome-keyring and pam_gnome-keyring on an Debian 11 system. With kwallet and pam_kwallet_5 gnome-keyring and pam_gnome-keyring One point is interesting on my second testdevice with gnome-keyring: If I unlock my Nitrokey with the local installation from evolution, close evolution but keep the stick inside and run the flatpak gnome.org.evolution it can decrypt all messages. |
|
I wonder: can you also reproduce it with 3.50? What distribution and version of flatpak and xdg-desktop-portal are you using? I don't mind going back to building our own pinentry, but first I would like to find out how many users could be possibly affected by this and if it's the only way to prevent the problem. |
Is that question for be or for @madbehaviorus ? From my side I use xdg-desktop-portal 1.16.0-2 from Debian stable. I just tried it again with 3.50 and it seems to be still the same as described above: With |
|
I've just pushed a new update with its own pinentry to the beta channel. I'd appreciate if someone could test it if it fixes the issue. I can't reproduce it either. |
|
@Sesivany I also checked it with my other device and updated on the stable channel to 3.50.0 and I have the same issue there. |
|
I'm wondering, is the problem with the Flatpak sandbox or with the gpg configuration? It could be checked when you install package-based Evolution, not Flatpak-based. The thing is, the gpg runs in the Flatpak sandbox, but the sandbox has opened access to the gpg home on the host machine, thus the keys can be shared between the Flatpak Evo and the host system. How it works with the key cards I've no idea, I'm sorry. |
|
My GPG configuration works like a charm with all other programs. I don't know witch action open the password querry window for checking smartcards. |
It's not directly connected to this issue, I'm only wondering where libsecret connects to in your case then, because there is one implementation of its D-Bus interface, and it's the gnome-keyring. There could be something for KDE Wallet too, but I do not follow it, I do not know what state they are in. Evolution itself doesn't talk to gnome-keyring, it doesn't have a dependency on it, it just uses libsecret. The libsecret is used to save your credentials for the configured accounts. Whether gpg has anything to do with libsecret I do not know, though my guess is it does not (I can be wrong). |
Perhaps this is connected to #12.
The problem is, that I do not get a password prompt when trying to PGP sign or encrypt with a passphrase protected key. In the GUI it says: "Secret key not found".
My observation is, that if there is a gpg-agent running, it never works and if not it is kind of random, it worked once in ten tries. Didn't manage to detect a course.
Here I found a workaround by setting
socket=gpg-agentpermission tofalse, but I think this not a real solution.I tried to play around with
but cannot see anything enlightening in the output.
Any advice how to get closer to the problem here?
Version used for latest tests:
$> flatpak info org.gnome.Evolution Evolution - Ihre E-Mails, Kontakte und Terminplanung verwalten Kennung: org.gnome.Evolution Ref: app/org.gnome.Evolution/x86_64/stable Architektur: x86_64 Zweig: stable Version: 3.48.4 Lizenz: GPL-2.0+ and GFDL-1.3 Ursprung: flathub Sammlung: org.flathub.Stable Installation: system Installiert: 61,8 MB Laufzeitumgebung: org.gnome.Platform/x86_64/44 Sdk: org.gnome.Sdk/x86_64/44 Commit: 45cacdba238ad33c9e69f85a35fe73e631a2ce797322050a9ed545685aab4c59 Parent: 18b94f8428db3edbb8dc1f0e45e83445867ff35c0b13de01f30ca4bb7520e99a Betreff: Update to 3.48.4 (ee1be398) Datum: 2023-07-24 13:11:49 +0000The text was updated successfully, but these errors were encountered: