Bug 179997

Summary: can't sign mails with gpg
Product: [Unmaintained] kmail Reporter: Salvo "LtWorf" Tomaselli <tiposchi>
Component: encryptionAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED UNMAINTAINED    
Severity: normal CC: alain.baeckeroot, anselmolsm, cannewilson, cassianoleal, envite, lacsilva
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Salvo "LtWorf" Tomaselli 2009-01-08 09:24:16 UTC
Version:           KMail: 1.10.92 (using Devel)
OS:                Linux
Installed from:    Compiled sources

When i try to send a gpg signed mail, a popup says that it can't sign because of "bad passphrase". Well i bet it should ask me to insert the passphrase before passing it to gpg, and i am not prompted to insert it.. So obviously it doesn't work.
Comment 1 Luis Silva 2009-01-09 17:03:52 UTC
I can confirm this with launchpad/kubuntu ppa packages for kde 4.2 beta 2.
Comment 2 Anne Wilson 2009-01-16 15:25:24 UTC
That sounds as though you don't have pinentry-qt installed
Comment 3 Salvo "LtWorf" Tomaselli 2009-01-16 17:29:36 UTC
I don't have it installed... But I can read encrypted mails. And to do that i need to enter the passphrase.
I'll try what happens if i install it, and if it works i'll report to debian to add it to dependecies.
Comment 4 Salvo "LtWorf" Tomaselli 2009-01-16 20:27:49 UTC
I've tried installing it... Nothing changes.
Comment 5 Cassiano Leal 2009-01-26 18:29:07 UTC
I can confirm the problem with KDE4.2 from http://kde42.debian.net/ . I have installed pinentry-qt4 but nothing has changed.
Comment 6 Salvo "LtWorf" Tomaselli 2009-05-13 11:35:18 UTC
Now i can read encrypted messages, but still i can't sign. I guess this means that the pinentry stuff is correctly installed and you will finally admit it is a bug... The message i get now when i try to sign is that the recipient doesn't have encryption preferences. Am i supposed to set those preferences for each item in my address book? I'll be old when i finish...
Comment 7 Anne Wilson 2009-05-13 13:22:11 UTC
(In reply to comment #6)
> Now i can read encrypted messages, but still i can't sign. I guess this means
> that the pinentry stuff is correctly installed and you will finally admit it is
> a bug... The message i get now when i try to sign is that the recipient doesn't
> have encryption preferences. Am i supposed to set those preferences for each
> item in my address book? I'll be old when i finish...

Calm down :-) I had exactly the same problem as this for some time.  After long investigation it turned out that something on my keyring was corrupt.  It's simple enough to test for this.  Back up your keyring, then remove gpg from your system, and start afresh so that it creates an empty keyring.  Import your own public key, and replace your private keyring from the backup file.  If signing now works there is a corruption in the old keyring.

As for the message about contacts, I don't know whether it is connected with the other problem, or whether it is a distro-specific problem.  I've never seen it.  Try the new-keyring solution first.
Comment 8 Salvo "LtWorf" Tomaselli 2009-05-13 15:16:29 UTC
Bad passphrase...
And since my key is RSA with RSA subkey, it complains because it says it is impossible to use it to sign (false).
Comment 9 Anne Wilson 2009-05-13 17:11:38 UTC
(In reply to comment #8)
> Bad passphrase...
> And since my key is RSA with RSA subkey, it complains because it says it is
> impossible to use it to sign (false).

Please quote exact error messages.

Have you tried the new keyring solution?
Comment 10 Salvo "LtWorf" Tomaselli 2009-05-13 17:28:55 UTC
Bad passphrase was the message i got after doing the keyring thing and after editing the recipient contact to walkaround the problem i had before.
Comment 11 Anne Wilson 2009-05-13 17:49:15 UTC
Please describe exactly what you have done - removed and reinstalled gpg?  started a new, clean key-ring? re-installed pinentry-qt?  Especially, describe the 'contact editing' that you did.  Plus anything else that might have a bearing on this.  The more information you can give, the better your chances of finding the problem and fixing it.
Comment 12 Salvo "LtWorf" Tomaselli 2009-05-13 18:34:42 UTC
I deleted the ~/.gnupg directory. Then i imported my public key from keyserver and then i copied private keys.
Then i opened kaddressbook, opened myself contact and set openpgp/mime in cryptographic settings.
Then i tried to sent to myself a signed mail, and the old and familiar bad passphrase without the asking dialog first appeared.
Comment 13 Anne Wilson 2009-05-13 20:41:59 UTC
(In reply to comment #12)
> I deleted the ~/.gnupg directory. Then i imported my public key from keyserver
> and then i copied private keys.
> Then i opened kaddressbook, opened myself contact and set openpgp/mime in
> cryptographic settings.
> Then i tried to sent to myself a signed mail, and the old and familiar bad
> passphrase without the asking dialog first appeared.

Have you set up Configure KMail > Identities > (Highlight identity) Modify > Cryptography tab?  You need to set your key for both signing and encrypting if you are going to use both.
Comment 14 Salvo "LtWorf" Tomaselli 2009-05-13 22:29:31 UTC
I did.
Comment 15 Cassiano Leal 2009-05-13 22:38:40 UTC
I have created an executable file called ~/.kde/env/gpgagent.sh with the following contents:

eval "$(gpg-agent --daemon)"

This came from a comment in an Ubuntu bug, but I can't find the link right now. The dialogue asking for a passphrase has been popping up since then. Don't forget to make the file executable and logging out of / into KDE.

I still find that it's a bug, but this workaround has worked for me.
Comment 16 Anselmo L. S. Melo (anselmolsm) 2009-10-21 02:57:02 UTC
I had this problem in the past, it works here now, using 

Qt-4.6.0-beta1
KDE Version 4.3.72 (KDE 4.3.72 (KDE 4.4 >= 20091015))
KMail Version 1.12.90

Can anyone else recheck this? Thanks
Comment 17 Anselmo L. S. Melo (anselmolsm) 2009-10-21 02:57:24 UTC
*** Bug 211107 has been marked as a duplicate of this bug. ***
Comment 18 Alain BAECKEROOT 2009-10-27 20:54:47 UTC
How can this bug can be tagged resolved, when the brand new 4.3 suffers from it, and makes kmail unusable !

On 4th August 2009, KDE 4.3.0 was released by the KDE community and no distribution is shipping 4.4 !
Comment 19 Alain BAECKEROOT 2009-10-27 20:56:56 UTC
the workaround given in #15 does not work for me.
Comment 20 Anne Wilson 2009-10-27 21:50:26 UTC
This is not a KDE issue, as far as I can see.  I an many others sign and encrypt mail in KMail.  On the other hand, it could possibly be a packaging issue, so you should file a bug report with your distro.

I find it strange, though, that getting gpg-agent to work actually activated the pinentry-qt.  That should have worked without gpg-agent.  The agent's task is to cache your passphrase for a set length of time so that you don't have to enter it for every message you sign.  The fact that it did work (Comment 15) does point to a distro bug.
Comment 21 Salvo "LtWorf" Tomaselli 2009-10-27 23:53:32 UTC
I did fill a bugreport for debian linking this bug. I guess at this point we users just have to sit and watch the fight.
Comment 22 Christophe Marin 2009-10-28 10:48:36 UTC
Installing pinentry-qt or pinentry-qt4 is not enough if you don't tell gnupg to use it.

http://userbase.kde.org/KMail/PGP_MIME#Issues for more informations. (It's not up to KMail to configure gnupg, sorry)
Comment 23 Anne Wilson 2009-10-28 11:10:23 UTC
Of course, and that's the reason I suggested creating the gpg-agent config file.  However, since the reason for that file is unrelated to pinentry-qt it seems strange that it is the only place I can think of where the instruction exists.  Since I've been using such a setup for years, using the same config files in fact, I can't honestly remember how I originally got it to work.  I do remember times after a new install when I was asked for the passphrase for every message, which suggests that agent is not necessary, though obviously desirable.
Comment 24 Alain BAECKEROOT 2009-10-28 12:40:05 UTC
Finally it works :-) thanks to #22 and the installation of pinetry-qt4 and reconfiguration with kgpg.
Comment 25 Salvo "LtWorf" Tomaselli 2010-05-05 22:18:45 UTC
Using gpg-agent allowed me to sign, but i still think there is something wrong.

Without gpg-agent and pinentry i can actually enter my passphrase and READ the encrypted emails in my inbox, but i can't sign and i can't read the emails encrypted with my own key in my outbox.

I would expect a more consistent behaviour: either kmail can work without the agent or can't, but this.. partial working is nonsense IMHO.
Comment 26 envite 2010-08-05 15:42:46 UTC
Check if duplicate of 233277
Comment 27 Laurent Montel 2015-04-12 10:24:06 UTC
Thank you for taking the time to file a bug report.

KMail2 was released in 2011, and the entire code base went through significant changes. We are currently in the process of porting to Qt5 and KF5. It is unlikely that these bugs are still valid in KMail2.

We welcome you to try out KMail 2 with the KDE 4.14 release and give your feedback.