kmail don't ask the phrase for gpg-encrypted mails

I have a similar problem using kmail under Breezy:

To restate, when I receive a gpg encrypted email, kmail does not prompt for a
passphrase.
Instead the following is displayed:

Encrypted message (decryption not possible)
Reason: Crypto plug-in "openpgp" could not decrypt the data.
Error: Bad passphrase
  Encrypted data not shown.
  End of encrypted message

When I run eval 'gpg-agent --daemon' I get this:
can't connect to `/home/jim/.gnupg/log-socket': Connection refused
switching logging to stderr
gpg-agent[15200]: listening on socket `/tmp/gpg-I3IF9w/S.gpg-agent'
GPG_AGENT_INFO=/tmp/gpg-I3IF9w/S.gpg-agent:15201:1; export GPG_AGENT_INFO;

Workaround: save the msg.asc file to desktop. Open it with KGpg. Enter the
passphrase. The decrypted file is saved to the same directory (Desktop).

Jim

(In reply to comment #0)
> Kmail does not ask for the phrase to decipher post office based with gpg,
nevertheless it does when I send
> cipher emails to other people.
> The stdout i obtain when ran from shell is something like this:
> gpgme_op_decrypt_verify() returned this error code: 117440523
>
> And in other cases it shows to me I engage in a dialog where it says that the
phrase that I have introduced is
> a mistake and that if I want to continue or to cancel.

I wasn't paying enough attention to be able to say what version introduced this problem, but it's fairly new. I can certainly confirm it for the current version in dapper and the unofficial 3.5.1 packages for Breezy.

Still visible in my Kubuntu Dapper Flight5 Up2Date with KDE 3.5.2.

Kmail NEVER asks me for passphrase when opening crypted mails.

Indeed, when sending, passphrase is asked with a warning about gpg-agent (but the package is named gnupg-agent !!! => Confusion...), but never for decryption.

Indeed, for having correct GnuPG working in KMail, fantastic manipulation needs to be done :
http://kmail.kde.org/kmail-pgpmime-howto.html
(french translation disponible here : http://doc.ubuntu-fr.org/applications/kmail_openpgp )

This manipulation IS working, but needs hard work from user, including the creation of the files in ~/.gnupg/ and ~/.kde/Autostart AND going to support wiki (which should not happen, huh...)

So, at least two things to be done :

1. Change that error message that is old and unadapted to (K)Ubuntu (as it could, thanks to packaging)
2. Make gnupg-agent installation a lot more easier (another bug to file ?)

This is the complaint of Kmail about gpg-agent missing (in french, sorry).

I was having the same problem (passphrase asked for when sending mail, but not when attempting to read encrypted mail), but I looked in ~/.gnupg/gpg-agent.conf and found that it was asking for pinentry-qt, which did not exist (was expecting /usr/bin/pinentry-qt) installing this solved the problem, and now on reading encrypted mail, I get the pinentry window.

kubuntu flight5, kmail 1.9.1

The bug is confirmed on my side as well.
But it looks like, that the encryption plugin is borked.
A plain encrypted text, pasted into the mail window and send then without any gpg sign or encrytion via kmail, and the plugin is asking for the passphrase (not using gpg-agent).

mime mails which are encrypted with standard behaviour will not being decrypted properly.

\sh

Posible solution:

http://zerlinna.blogweb.de/archives/61-Get-GPG-Decryption-working-within-Kmail.html

I also have this problem, running edgy on amd64 (last updated a few minutes ago).

Ciao

Martin

This is still a problem

KMail doesn't ask for a passphrase when opening an encrypted mail and just states "bad passphrase"

I fixed it with installing pinentry-qt, gnupg-agent and removing the # in front of use-agent in the gpg.conf

I don't think that's an elegant solution for something as important as email encryption, especially as the dependencys didn't really help.

I read somewhere an idea about a package for this, maybe something like

kmail-gpg
:requires -> pinentry-qt
:requires -> gnupg-agent
and modifying the gpg.conf ...

And a better message then "Bad passphrase" would help people locating the problem, took me some time to find a solution to this

Encrypted message (decryption not possible)
Reason: Crypto plug-in "openpgp" could not decrypt the data.
Error: Bad passphrase

Kmail needs to support gpg properly!

added a whole lot of build deps, so hopefully this will work.

Will have to file a main inclusion report for pinentry-qt - is this absolutely necessary?

Problem exists under Feisty. There's no pinentry-qt program, and I can't seem to find a replacement.

Needed to add the backports repos to sources.list and then I could find pinentry*

JFI: pinentry-qt should be available in the universe repository.

pinentry does seem to be required, but also gpg-agent!

Please see my comment on the upstream bug http://bugs.kde.org/show_bug.cgi?id=136676#c9

I recommend using keychain (http://www.gentoo.org/proj/en/keychain/): this will start gpg-agent for you.

I was fighting with this problem, too.
I have KGpg installed to take care about my keys. The key management worked fine, but first I was not able to set where the gpg.conf is (see bug https://bugs.launchpad.net/ubuntu/+source/kdeutils/+bug/119263). Based on the often referred page http://kontact.kde.org/kmail/kmail-pgpmime-howto.php I have setup the startup script for gpg-agent.

Then KMail worked. In the meantime, I found a workaround for KGpg bug mentioned above. The next day, KMail stopped working again and it took me a lot of time to find out that gpg-agent is run twice - first KGpg and then with the startup script as recommended by kde.org. Then it was simple, I deleted the startup script and made sure KGpg always starts on login.

For end-user, this is quite complicated and confusing. As proposed by others, it would be great if installation of KGpg requires also pinentry-qt and gpg-agent and when the bug 119263 is solved, things should work out-of-the-box.

We are working on getting both pinentry-qt and gpg-agent into Main for Gutsy and adjusting the kmail dependencies to better support crypto out of the box, so this may get solved/improved for gutsy.

Thanks for the update Scott

On 6/26/07, Scott Kitterman <email address hidden> wrote:
>
> We are working on getting both pinentry-qt and gpg-agent into Main for
> Gutsy and adjusting the kmail dependencies to better support crypto out
> of the box, so this may get solved/improved for gutsy.
>
> --
> kmail don't ask the phrase for gpg-encrypted mails
> https://bugs.launchpad.net/bugs/15485
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

Kmail will do gpg just fine if you install gpg-agent and pinentry-qt and add "use-agent" without the quotes to ~/.gnupg/gpg.conf (create the file if it doesn't exist). I've tested this with KDE 3.5.5 on Dapper and KDE 3.5.7 on Feisty. There was a compilation bug settings bug in KDE 3.5.2 that makes this very unlikely to work out of the box on Dapper unless you've upgraded your KDE.

Reassigning this bug to gnupg2 as the only current block to this is needing gpg to be configured to start gpg-agent.

Upon further reflection, this belongs with gnupg as it will use agent also and is the default GPG package to be installed.

gnupg (1.4.6-2ubuntu3) gutsy; urgency=low

  [ Scott Kitterman ]
  * Add 'debian/patches/60_install_options_skel.dpatch': Patch to
    install options file from upstream (LP: #76983)
  * Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg
    (or gpg2) and gpgsm to use a passphrase agent by default (LP: #15485)
  * Add 'debian/patches/70_trust_error.dpatch': Patch to disallow illegal
    zero response for trust level changes (LP: #39459)

  [ Michael Bienia ]
  * Add libcurl4-gnutls-dev to Build-Depends to fix gpg running into a timeout
    updating the keyring (LP: #62864)

 -- Michael Bienia <email address hidden> Fri, 06 Jul 2007 20:56:05 +0200

A note for people that have been following this bug....

The config change to use-agent by default will not get installed if you already have a ~/.gnupg directory. You will have to make the change by hand for an existing user that has used gnupg before. With the recent changes in kmail dependencies in Gutsy and this (and bug #76983) fixed, gpg should just work for new installs and new users.

I encountered this problem when recording a small demo how to use openpgp in linux
(along with 2 other bugs, sigh)

http://limcore.com/learn/openpgp/v2_q3.ogg (short)
http://limcore.com/learn/openpgp/v1_q3.ogg (all the setup of accounts)

shows the bug exactly btw.

Scott, this bug happens still,
(ubuntu amd64 7.10)
Even for freshly created users, and even after nuking ~/.gnupg

I'm attaching ~2 minute record showing this bug fully.

Testuser unix account was just created day ago.
System is up to date.

It seems that the bug still happens, even for newly created user accounts.

The 2nd fix from http://zerlinna.blogweb.de/archives/61-Get-GPG-Decryption-working-within-Kmail.html (that is creating shell script in .kde/env/) works - but it has to be applied by user and it doesn't work OOTB.

I am testing on uptodate ubuntu 7.10 amd64.
This bug should be then re-opened?

Is this a frsh Gutsy install or a Feisty upgrade? If it was an upgrade
from Feisty there is a manual step needed to install the correct skeleton
file for the gnupg conf file. Please see the Gutsy release notes.

If it's not a Feisty upgrade or the problem persists with a new user
created after following the steps in the Gutsy release notes, please file a
new bug (don't reopen this one) and subscribe me to it and we'll get it
sorted out. I've got the working by default on several machines, so I
think thing are fundamentally sound, but something is incorrect in your
configuration.

Marking back to fix released since no one has provided specifics about an ongoing problem. Note: If users think they have this problem, they almost certainly don't in Gutsy/Hardy and should probably file a new bug.