Description of problem: Version-Release number of selected component (if applicable): 2.0.8-1.fc8.i386 How reproducible: install update Steps to Reproduce: 1. install the update to gnupg2-2.0.8-1.fc8.i386 2. Try to sign a mail in kontact/kmail 3. Error message "nich gefunden" pops up Actual results: Message could not be signed Expected results: Additional info: A reinstall of the older gnupg2 Package solves the problem. Maybe a rebuild of kontact/kmail against the newer gnupg2 Package is necessary?
WORKSFORME on my f7 box, I'll go try reproducing on f8...
Confirmed ok for me too on f8. I notice your error is "nich gefunden" (German?), maybe it's a locale-specific issue? Please confirm your locale in use, and I'll try changing that too.
Sorry for my late response, was very busy this week. Yes that's german: My Locale is de_DE.UTF-8 the complete error message is: "Signierung fehlgeschlagen. nich gefunden" Please note that there is also a little typo in the localisation, it should correctly read: "Signierung fehlgeschlagen: nicht gefunden" But this error message is not very informative, as it doesn't what's not found! I also changed to US locale (switched to US throug control-center), and the problem remains. The error message is now: "signing error: not found" The only cure I found was to force the installation of the old gnupg2 RPM. I suppose that kontact/kmail needs a recompilation against the newer libassuan, as libassuan is only available as a static library. Sincerly, Klaus Steinberger
I can reproduce this problem in en_AU.UTF-8, and its in gpg rather than kmail. Running strace on kmail while signing reveals that it is running "gpg ... --sign --detach --armor -u <uid>", which fails with the message: gpg: protection algorithm 1 (IDEA) is not supported gpg: the IDEA cipher plugin is not present gpg: please see http://www.gnupg.org/faq/why-not-idea.html for more information gpg: skipped "<uid>": unknown cipher algorithm gpg: signing failed: unknown cipher algorithm This can be repeated at the command line. In fact, I can not get any "gpg --sign" to work, even with --disable-cipher-algo IDEA or similar settings in the gnupg config file. gpg2 is no better.
Further to the above, I am not able to reproduce on F8/x86_64 with gnupg-1.4.7-7.x86_64/gnupg2-2.0.8-1.fc8.x86_64. The above observation was on F8/i686 with gnupg-1.4.7-7/gnupg2-2.0.8-1.fc8. I should also add that where I wrote <uid>, it was chosen from a number of known-good-key uids from the local keyring.
I've the default locale in f8 and kmail fails to encrypt messages. Signing works fine but not encryption.
kdepim-3.5.8-11.svn20080109.ent.fc8 gnupg2-2.0.8-2.fc8 $ arch x86_64
Our hunch atm is on pinentry, try this test build (when it finishes): http://koji.fedoraproject.org/koji/taskinfo?taskID=401236
This updates seems to work for me. Nowdays messages in sent folder aren't correclty encrypted, so you need to send yourself to be sure it encrypts. Also noticed that kmail doesn't follow kaddressbook settings for encryption anymore.
pinentry-0.7.4-1.fc8 has been submitted as an update for Fedora 8
pinentry-0.7.4-1.fc7 has been submitted as an update for Fedora 7
pinentry-0.7.4-1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update pinentry'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-1492
I just installed pinentry-0.7.4-1.fc8 from Fedora 8 testing, the problem still persists
Klaus, I'd be happy to test this with someone, please drop me an email to juha.tuomala , my key is in keyserver.
Juha, no way to test it, since gnupg2-2.0.8 it just tells me a "not found" error instead of the pinentry. The new pinentry version doesn't help, just the reinstallation of gunpg2-2.0.7 cure's the problem. As a side note: I use an S/MIME key for signing. Sincerly, Klaus
pinentry-0.7.4-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
pinentry-0.7.4-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
As I already noted the new pinentry Version doesn't cure the problem it persists! The only solution I found for me is to block update of gnupg2 and stay on gnupg2-2.0.7-3.fc8 The new pinentry doesn't help, but its ok so far as it doesn't break the old gnupg2 version. Please again look deeper into changes in gnupg2!
Klaus, Mike (comment #4), seem to be the only ones able to reproduce the problem. Both of you are on i386. So, reopening and setting to i386-specific. I'll be getting an f8/i386 box here in a bit, but in the meantime, frankly, I'm stumped on how to further debug this, much less fix. Would either of you mind taking your issue to gnupg's upstream devs at http://lists.gnupg.org/mailman/listinfo/gnupg-devel ? They would likely be able to offer better help, insight at this point.
And while you're at it, please confirm problem still exists in the latest gnupg2-2.0.8-2 builds in updates.
Yes it persists definitely with gnupg2-2.0.8-2, I just installed it to confirm. Sincerly, Klaus
I can confirm that the problem is still there with gnupg2-2.0.8-2 on F8/ix86/fully-updated, and gnupg-1.4.7-7 for that matter. However, I fear its NOTABUG. I have a lot of ``old'' (1997!) keys derived from good old pgp, which alas, used the IDEA cypher extensively. So whenever I try to sign something, gpg looks for an IDEA module to operate on my keys. As the error message was showing, there is no IDEA module present in either gpg, and for good reason: Bloody Software Patents. I therefore absolve Fedora from fixing this one. I suspect if I rebuilt pgp-2.something,and called it gpg, all would be well. Or built gnupg myself with the IDEA module that is out there (see http://www.nabble.com/IDEA-td15049933.html). But I am probably just going to make some new keys and retire the IDEA-based ones. Good luck Klaus if this is what you are seeing too.
I don't believe that the problem is with IDEA keys, alas if it would be, the cryptic error message would be a bug for itself. I don't have such old keys in my keyring, at least I believe there are no IDEA cypher inside. Also signing on the command line works well with gnupg2-2.0.8-2, but not together with kmail. I even updated to the latest kde updates for Fedora 8, but as far as I install also gnupg2-2.0.8-2 signing in kmail will no longer work. Again the only cure is to revert to gnupg2-2.0.7-3.fc8 Sincerly, Klaus
S/MIME signing is broken for me in kmail on a fully up-to-date f8 box. The error message is "Signing failed: not found". I've noticed the following error messages in the gnupg log: gpgsm[20609]: invalid country code in `/usr/share/gnupg/qualified.txt', line 196 gpgsm[20609]: checking the list of qualified root certificates failed: Bad data [....] gpgsm[20979]: checking for qualified certificate failed: Not found gpgsm[20979]: error creating signature: Not found gpgsm[20979.0] DBG: -> ERR 150994971 Not found Line 196 and line 211 of /usr/share/gnupg/qualified.txt contain fingerprints of German CA certs. However the lines are missing the country code "de", which needs to be appended to the fingerprint just like for the other CAs. Appending "de" to the fingerprint lines fixes the problem and signing works again. Cheers, Andreas
Excellent detective-work! OK, I've confirmed that the German code "de" exists in gnupg-2.0.9. I'll issue an update asap.
gnupg2-2.0.9-2.fc8 has been submitted as an update for Fedora 8
Hrm, we may be seeing some separate issues here, but we'll see how it goes.
On closer inspection, gnupg-2.0.9's file is broken too.
bleh, ignore me. it's good.
I've downloaded gnupg2-2.0.9-2.fc8 (i386) from koji and I can confirm that signing emails (S/MIME) in kmail works again.
gnupg2-2.0.9-2.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update gnupg2'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-6469
gnupg2-2.0.9-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.