-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No key found when GnuPG is correctly connected #699
Comments
The native gnupg keyring contains lots of keys, because |
I have the same issue with the latest mailvelope plugin and a freshly compiled gpgme-1.13.1.
Mailvelope refuses to accept that there are any keys, public or private. |
@toberndo |
Please see https://github.com/mailvelope/mailvelope/wiki/Mailvelope-GnuPG-integration#macos-linux |
Apologies, I should have mentioned that (unlike the OP) my error is experienced using Firefox 68.0.2-3 under Debian. And yes, I have the manifest correctly configured as in the link above. |
I also am following this because I have the same issue. I have gpgme-json (compiled myself) and the file is present. When these things were not true and correct, my client did not give me the option to select GnuPG. It now does, but it cannot see any of my keys. I am using MacOS 10.14.5 and Firefox. I use GPG Suite for GnuPG (just FYI--not to start a big +1 thread). |
I revised the installation instructions at https://github.com/mailvelope/mailvelope/wiki/Mailvelope-GnuPG-integration. When you can select the GnuPG option in the settings then Mailvelope should successfully connect to |
|
I went ahead and set this up with the manifest in the Chrome dir and installed Mailvelope in Brave (Version 0.68.132 Chromium: 76.0.3809.132 (Official Build) (64-bit)), and I had the exact same results before and after the manifest was put in place. Before the JSON file was in place, it couldn't find GPG. When I placed it correctly, it found it, but there were no keys or keyring detected. I imported my OpenPGP.js keys fine and no change. MacOS 10.14 problem? I have a full keyring on GPG (and use it for work every day). |
@crookedstorm I found exactly the same thing on Firefox/Linux so I doubt it's an OS- or browser-specific issue. I have a full normal GPG keyring for daily use and I manually imported my own public key to the mailvelope keyring in the browser. I don't see any option to switch keyrings in the mailvelope settings, just my lonely public key: |
Could you please check logging in the background page of the extension?
|
In case it is at all helpful (considering the error message above), I also have: @andrewgdotcom Do you have the same (or similar) version? |
@crookedstorm Thanks! That brings us a step further. @MaximilianKrambach @AndreHeinecke The error "Error exporting keys: Unsupported protocol" is raised at https://dev.gnupg.org/source/gpgme/browse/master/src/gpgme-json.c;b97434fbf087f3176daf39699ff579d38d265317$2696 when we call |
Here are the options that I'm using for gpgme:
I think the |
I am sure I did not do that when I compiled. While gpgme-json works fine on command line, I can imagine it could be something like that. I'll recompile to check. |
I'm going to try recompiling with those flags now. |
No joy for me I'm afraid. I tried |
@andrewgdotcom Have you also used the |
@toberndo yes, I tried that too. I have a slightly different error message in the debug console though: |
@toberndo I've recompiled without any of the extra configure flags and I get the same error as above, so whatever I'm seeing it's a different issue than @crookedstorm is getting. |
regarding the build issues, can you do a "make check" in GPGME and it passes? There are some tests for gpgme-json under tests/json. If they pass I would need a specific error from gpgme-json to help more. I can not really tell from the log you posted. |
I am also having this problem; GPG is installed, Mailvelope tells me that it can communicate with gpgme but I can see no keys from my keychain. I am using a Mac. I have MacGPG installed. I used brew to install gpgme The two tools seem to interoperate just fine and I verified that /usr/local/Cellar/gnupg/bin/gpg (from brew) works correctly against my keychain. What is the next debugging step? |
Exactly the same problem here, with macOS 10.15 Catalina and gnupg2, gpgme installed from macports. The Browser configuration and mailvelope extension installed as described in the wiki here, in Firefox as well as in Brave Browser. Both times the same result: GnuPG is found and can be selected as backend, but neither my gpg keys nor the keyring selection dropdown is available. Please make this work. Mailvelope without GnuPG is not really an option for people like me, who want to use it with their yubikey... |
I have the same issue on Windows, Gpg4win 3.1.10 (with Browser integration enabled) + Firefox. Mailvelope detects GnuPG, but I cannot switch keyring.
|
i'm using MacOS Catalina, Chrome stable,
Extension sees GnuPG keyring ONLY if Chrome is started from CLI, otherwise nothing. Anyone can comment on the need for this ? Why extension in Chrome cannot call gpgme-json when started from launchbar ? |
Okay, thanks @andrewgdotcom, Now, I've climbed back on to this old horse!
Would you mind just confirming the precise procedure you used to 'disable and re-enable mailvelope' ? |
On 13/09/2021 11:15, Morgan Read wrote:
Would you mind just confirming the precise procedure you used to
'disable and re-enable mailvelope' ?
Go to about:addons, click on mailvelope, and then use the toggle on the right, beside the three-dots menu.
|
I can now reproduce my error at will on both linux and mac, by swapping in one of two public keyring files - a small file with less than 10 keys works perfectly, while a large one with over a thousand causes startup issues (the above "connection timeout" error). Interestingly, the disable/enable trick works on linux, but doesn't (or at least, hasn't yet) worked on mac. The timeout is thrown approximately 5s after enabling the plugin, however it can take over 15s for my huge keyring to fully load, so it isn't simply a case of the call blocking until all records are returned. |
I'll have to do some more sleeping on this - just to confirm, I shouldn't be seeing this text:
And, I should be seeing something else? |
Oops, bump My |
@xpseudonym pubring.kbx is the post-v2.1 standard keyring file, however if it is contains no keys then gnupg falls back on pubring.gpg. You can merge the two by following the "Convert an existing pubring.gpg file to the keybox format" instructions at https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration.html |
Damnit, same problem here! |
@andrewgdotcom Belated thanks for pointer 😃 |
Just pinging to see if there is any progress on this - there has been no update to the plugin since last year, and I can reproduce the connection timeout errors at will. Would a reasonable workaround not be simply to increase the connection timeout when populating the keyring from gnupg? |
I could connect gpgme-json using the manifest file, but getting this error when disable-enable the extension, and of course no keyring available. Building keyring for id localhost|#|gnupg failed Error: Error exporting keys: Unsupported protocol $ gpgme-json --version $ cat gpgmejson.json $ echo '{"op":"keylist","secret":true}' | gpgme-json -s | jq . MBP, 2021, M1 Max |
This is the weirdest thing. Today, by sheer chance, I clicked on the Mailvelope icon on Brave (Version 1.47.186 Chromium: 109.0.5414.119) under macOS Big Sur (11.7.3 (20G1116)). To the best of my knowledge, nothing was changed: Mailvelope is still at version 4.7.1 (November 2022 version). gpg (GnuPG/MacGPG2) is still at 2.2.40. And... it worked! It correctly found GnuPG and immediately allowed me to switch to that. And it was not just that: Gmail integration worked flawlessly, as well as... my own Roundcube installation (for several accounts and domains). Everything worked (I needed to add API integration), like it never worked before — I cannot even remember how long ago it was when I actually got some of my accounts working, but never all of them. Microsoft Edge still seems to have a few hiccups; Firefox has no problems whatsoever (well, it almost never did); and I haven't got anything else installed to test with. What I did? Nothing — I just happened to clean up the system (using OnyX), rebooted the Mac, and that was it... it all started to work again. This is highly suspicious because most certainly it isn't easily reproducible, so I'm pretty sure that Mailvelope is not able to understand why it stops working after a while — my best guess now is that there is some caching mechanism at the many levels (browser, extension, PGP...), and at some point, things just stop working of their own accord, without any explicit reason for it. But nothing is truly broken — it's just that a cleanup + restart will 'fix' (or rather, reset) whatever was blocking Mailvelope from contacting PGP and then it starts working again. At least for a while. Who knows? |
@GwynethLlewelyn in my experience this is a timeout issue, so your experience sounds consistent with mine - a freshly cleaned and rebooted system would presumably be faster to respond and less likely to time out. If it does fail again in the future, check the error console to see if there is any log similar to the one I mentioned in #699 (comment) |
That makes certainly a lot of sense. It's a pity that we cannot get at least a small visual warning saying "connection timeout, please try again later!" :-) |
@GwynethLlewelyn not sure how useful that would be, because there's no way for the user to "try again later" without restarting the app, and in my case that just means I hit the timeout again... 🤪 I stand by my proposal to increase the timeout. It's a one-character change...! |
Come on guys, the error is on |
It‘s not that simple. The timeout blocks keyring initialization for the
majority of Mailvelope users who don‘t use GnuPG. The current value is a
tradeoff between waiting long enough to find GnuPG and not waiting too long
for all the others without GnuPG. Solution would be to load the keyrings
asynchronously.
|
Surely there's a way to detect the presence or absence of GnuPG without waiting for a connection timeout? |
All right! There's your solution then 😁 Alternatively: give some sort of option. You could have an 'advanced mode' if you fear that regular users expect things to work 'automatically', and, by default, give them the current behaviour. But add a checkbox for either longer timeouts; or a modal box saying, 'I've been waiting long enough, do you wish to continue to wait or abort?' and add twice the timeout before asking again (and so forth); or give them a checkbox for 'load keyrings asynchronously'. I'd say that all of the above would be perfectly good suggestions, wouldn't break existing code and/or user expectations, while giving others the chance to extend their timeout to have Mailvelope catch up with whatever it's waiting for on GnuPG... |
Mailvelope v5.0.0 is out which defers loading of the GnuPG keyring and increases the GPGME timeout which should fix the problems related to loading large GnuPG keyrings in Mailvelope. The GnuPG keyring is now only displayed in the Mailvelope keyring UI after it has been fully loaded and initialized. So for example if you restart Mailvelope or browser and quickly open the Mailvelope keyring UI, the GnuPG keyring might be missing. If you wait some more seconds and then refresh the keyring page it should appear. v5.0.0 is already available in the Chrome Web Store. For Firefox we are still waiting for approval, but a test package is available at: https://download.mailvelope.com/releases/v5.0.0/ |
|
Edit 2023: Installing brew formulas by URL is no longer supported sadly because of user-hostile "enshitification" of it. You're better off uninstalling brew and using something else. PSA: Friends don't let friends drink the Homebrew koolaid. Use a better package manager. |
Hi, Thomas. Unfortunately while v5.0.1 is working on two of my three machines (one mac, one linux, both with small keyrings), I'm still seeing the gpgme connection timeout on the machine with the large keyring:
Waiting does not appear to help; I left my firefox running for several hours but still no sign of gpgme. |
I realized that the file
|
I don't understand the reason for the timeout - if I call gpgme-json by hand and tell it to list my entire keyring of 719 keys, it takes less than a second:
|
Having the same issues here on Pop_OS 22.04. I followed https://github.com/drduh/YubiKey-Guide to set up a GPG key on my YubiKey, Mailvelope is able to successfully connect (it shows the GnuPG dropdown option) but it says "This keyring does not yet contain a key pair." despite that gpgme command shared above and DevTools does show an error but no idea if this is why:
|
Hi @bgiesing, I think this is a separate error from the one described above. That was due to a connection timeout, while yours appears to be an API usage error after successful connection. |
I don't use brew anymore. The homebrew core formula lacks the critical |
I don't know if this will help anyone else, but I'll mention it nonetheless. I'm having issues with using GPG and Mailvelope together after my computer restarts (using Windows 10 and GPG4Win) until I take an action that activates my As far as I can tell, this requirement of having |
Thank you so much for this. When I first set Mailvelope up everything worked fine but after restarting my machine I was not able to get it working and I was getting really frustrated until I found your post. Thank you again! |
Description
I'm using GnuPG mode, and GnuPG connection is correctly set up.
But the Key Management tab is still empty, why?
I want to use keys in my native gnupg keyring, is that possible?
System Info
System
macOS 10.14.5
Browser
Chrome 77.0.3865.35
Mailvelope Version
4.1.0
gpgme-tool
gpgme-json
The text was updated successfully, but these errors were encountered: