Description of problem: GPG decrypt & sign operations are failing in claws-mail on F22 Version-Release number of selected component (if applicable): claws-mail 3.11.1-6.fc22 claws-mail-plugins_pgp 3.11.1-6.fc22 gpgme 1.4.3-5.fc22 How reproducible: Every time Steps to Reproduce: 1. When a messages is set to be signed, on clicking send, I get the following error: Could not queue message for sending: Signature failed: Data signing failed, General error 2. Claws also cannot decrypt messages sent to me: "Couldn't decrypt: Decryption failed" appears above the message body 3. GPG signed messages do not appear to be verified either. Actual results: Various error messages Expected results: Properly signed, decrypted and/or verified messages. Additional info: Running claws-mail with --debug here is the output when trying to decrypt: folder.c:4611:Folder Red Hat wants sync folder.c:4611:Folder Red Hat wants sync folder.c:4611:Folder Red Hat wants sync folder.c:4611:Folder Red Hat wants sync folder.c:4611:Folder Red Hat wants sync folder.c:4611:Folder Red Hat wants sync imap.c:1508:trying to fetch cached /home/mhyzon/.claws-mail/imapcache/mail.corp.redhat.com/mhyzon/INBOX/1517664 imap.c:1518:message 1517664 has been already fully cached. message/rfc822 (offset:0 length:1709 encoding: 6) text/plain (offset:1049 length:660 encoding: 0) messageview.c:1355:decrypting message part pgpinline.c:329:decrypting '-----BEGIN PGP MESSAGE----- Version: GnuPG v2 hQEMA+BCAUalKrlWAQf/UCrZrayVtk/PQ0KDwGGzaLViR9dZOgkdB4Ljk/u8+BrZ w8K+p1Z7HauWC+Ha7hxl77tVt0gi5OJPRQKlhlCI2dli+rJhr6P9VuDVQeLS7trz iKEFJY0i35oh4sypggoPPzU6/iZDCZ9COm1HuqI6zmzYF/w64avYtPNvc3CgSIlR OErtmSj5qDLLIv63c9q3TDg+Y0z0IcInViY9VVM9qleXMaCzH0ZfP9+dTflaMNGg k2LXNQ+sk6nqHPtr4I8ocNmiXOkMvyBY/Rmj3qYJj6f6Ko9rhcIPRb5OFsnR8ri4 YksxlMJiXANNOO3M/2THK3hPpndjLtlgOzVO5JbpAtKaAQVBdLB9BVWo8OfDZ/I9 So5Q2a3pHGfnLjzejRMB1Z1zHc6gnUwZMoS7Wq09DgzSp9y46VLOoOpXS/YNIVV/ 4qqnwSHaELxsxaOI8i6HmghaHVtkojjl5mYYa4cBJFzWuwm1i39XYL62+1SL+CxW EmJnEanp1c7w4PhAgqPXc1SwMIN2e2EHbaHsEzUNj7D/qCB8cdN5Gg1a7Q== =mXkz -----END PGP MESSAGE----- ' prefs_gpg.c:542:set GPG_AGENT_INFO=/run/user/1000/keyring/gpg:0:1 sgpgme.c:446:can't decrypt (Decryption failed) textview.c:713:TIMING textview_add_part : 0s000ms textview.c:1170:Viewing text content of type: plain (length: 660) textview.c:819:TIMING textview_add_part : 0s005ms textview.c:836:TIMING recursive_add_parts : 0s005ms textview.c:882:TIMING recursive_add_parts : 0s006ms textview.c:653:TIMING textview_show_part : 0s006ms folder.c:4611:Folder Red Hat wants sync folder.c:4611:Folder Red Hat wants sync folder.c:4611:Folder Red Hat wants sync summaryview.c:3654:TIMING summary_display_msg_full : 0s069ms and when trying to sign: compose.c:5582:src encoding = UTF-8, out encoding = US-ASCII, transfer encoding = 7bit compose.c:5641:main text: 1297 bytes encoded as US-ASCII in 3 procmime.c:2640:procmime_write_mimeinfo procmime.c:2490:procmime_write_message_rfc822 procmime.c:2409:procmime_write_mime_header procmime.c:2640:procmime_write_mimeinfo procmime.c:2640:procmime_write_mimeinfo procmime.c:2566:procmime_write_multipart procmime.c:2409:procmime_write_mime_header procmime.c:2640:procmime_write_mimeinfo sgpgme.c:522:using default gnupg key prefs_gpg.c:542:set GPG_AGENT_INFO=/run/user/1000/keyring/gpg:0:1 pgpmime.c:524:GPG_AGENT_INFO environment defined, running without passphrase callback pgpmime.c:538:gpgme_op_sign error : 7000001 alertpanel.c:254:Creating alert panel dialog... alertpanel.c:213:called inc_lock (lock count 2) and when trying to view a signed message: main.c:895:The name com.google.code.Awn was not provided by any .service files msgcache.c:275:TIMING msgcache_get_msg_list : 0s003ms message/rfc822 (offset:0 length:3840 encoding: 6) text/plain (offset:1372 length:2468 encoding: 0) mimeview.c:510:signed mail sgpgme.c:96:status == NULL sgpgme.c:96:status == NULL sgpgme.c:96:status == NULL textview.c:713:TIMING textview_add_part : 0s000ms textview.c:1170:Viewing text content of type: plain (length: 2468) textview.c:819:TIMING textview_add_part : 0s015ms textview.c:836:TIMING recursive_add_parts : 0s015ms textview.c:882:TIMING recursive_add_parts : 0s015ms textview.c:653:TIMING textview_show_part : 0s016ms sgpgme.c:96:status == NULL mimeview.c:1278:creating thread mimeview.c:1187:checking... mimeview.c:1223:waiting a while
I'm filing this under claws-mail-plugins, but it also could be related to gpgme. Both myself and a colleague have had some issues with gpgme related things after upgrading f21 to f22. We need to use the gpgme rubygem (not RPM packaged) for the heira-eyaml-gpg rubygem. What I had to do was uninstall the gem and reinstall as so: $ gem uninstall gpgme $ gem install gpgme -- --use-system-libraries that got ruby happy. Also vim with the gnupg.vim plugin is working OK.
My workaround was: - Install Thunderbird - Configure PGP-Plugin - (Maybe) use it at once - Claws-Mail will work with pinentry
What fixed it for me was: - export old keyring with gpg (--export-keys, --export-secret-keys --armor) - mv ~/.gnupg /.gnupg.broken - import keyrings with gpg2 upon importing the secret keyring, the pin entry dialog appears and asks for the passphrase. After this procedure pgp operations in both claws and thunderbird work just fine, so it seems somehow along the way gpg2 broke. I carried ~/.gnupg from laptop to laptop for something like 10y and f22 finally forced my to do the above re-import
Thanks Igor, that worked for me as well. Now seahorse/gnome isn't working as the gpg-agent correctly, so I'll work on that now. Not sure if this still needs to remain open.
I ran into similar issue after upgrade to F22. I could reproduce the problem with gpg2 itself, as gpg2 --decrypt foo.asc was failing with: gpg: decryption failed: No secret key I tried removing .gnupg/private-keys-v1.d and re-importing just private to gpg2 (something like gpg --export-secret-keys --armor | gpg2 --import). I got pinentry prompt on import and import succeeded, but decryption still failed. Nuking and re-creating .gnupg as hinted in comment 3 did the trick.
Fresh keypairs from seahorse only visible with secret key in gpg, but not in gpg2. This also broke thunderbird / enigmail as it relies on gpg2. comment 3 fixed it.
Ticket is assigned to the wrong person and component. Please be careful when reassigning tickets. Btw, claws-mail-plugins is just a meta-package. The plugins are part of Claws Mail base package since 3.9.something. [...] Anyway, is this still an issue? There has been a variety of confusing issues due to gpg2 upgrades affecting not only Claws Mail.
(In reply to Michael Schwendt from comment #7) > Ticket is assigned to the wrong person and component. > > Please be careful when reassigning tickets. > > Btw, claws-mail-plugins is just a meta-package. The plugins are part of > Claws Mail base package since 3.9.something. > > [...] > > Anyway, is this still an issue? There has been a variety of confusing issues > due to gpg2 upgrades affecting not only Claws Mail. I think you are correct that it is a larger gpg2 issue. I followed the work around in Comment 3, so now Claws Mail pops up the GPG2 pin-entry screen when sending emails. Looks like most other people find that that solution works for them as well. The fact that Gnome's seahorse doesn't act like a proper GPG2 gpg-agent is the largest usability issue at the moment, but that isn't Claw Mail's problem.