[MlMt] Is Security.plist broken in r5187?
Philip Paeps
philip at trouble.is
Sat Nov 28 03:25:50 EST 2015
On 2015-11-28 12:59:18 (+0530), Benny Kjær Nielsen
<mailinglist at freron.com> wrote:
> On 28 Nov 2015, at 8:17, Philip Paeps wrote:
>> I just noticed that MailMate r5187 is not respecting my PGP
>> uid->keyid mappings in Security.plist.
>> It was working for me last week. Did something break? :)
>
> Not intentionally.
😀
I've got a bunch of valid secret keys which are all valid and I've
configured Security.plist to pick the correct one for my various email
addresses:
{
map = (
{
address = "philip at trouble.is";
userID = "0x31AEB9B5FDBBCB0E";
},
{
[...]
This morning I tried to sign a message from philip at trouble.is and
MailMate wants to use another key, not 0x31AEB9B5FDBBCB0E. I thought
the problem might be related to the fact that 0x31AEB9B5FDBBCB0E is
stored on a Yubikey smartcard (that sometimes confuses GnuPG), but GnuPG
is happy to use the key:
[665] (philip at twoflower)...ation Support/MailMate% gpg
--card-status
Application ID ...: D2760001240102000006037039520000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 03703952
[...]
Signature key ....: F579 7FCB F1F1 4E2C 28A9 487B 7C62 BC47 76C9
F29E
created ....: 2015-06-14 20:27:26
Encryption key....: D034 ACB7 65C9 A8A5 01A5 4F82 935D B834 3AF2
5C94
created ....: 2015-06-14 20:27:48
Authentication key: 3BC4 6C0F DA40 B9AF 9FC6 C076 CFF6 3254 4136
DF54
created ....: 2015-06-14 20:28:12
General key info..: pub 2048R/0x7C62BC4776C9F29E 2015-06-14 Philip
Paeps <philip at trouble.is>
[...]
> If you launch from a Terminal window then you can get some more
> details like this:
>
> defaults write com.freron.MailMate MmDebugSecurity -bool YES
> /Applications/MailMate.app/Contents/MacOS/MailMate
>
> You can send me the output off list if it's still not working for you.
It looks like r5187 is not feeding the userID to the gpg --local-user
command line option. It's just giving the address:
2015-11-28 13:34:44.734 MailMate[28147:1947364] Failed to connect
(_messageView) outlet from (SFCertificateTrustPanel) to (NSTextField):
missing setter or instance variable
This line turned up as soon as the main window opened. I'm doubt it's
related to the problem, but I thought I'd keep it just in case.
OpenPGP
gpg2 --no-verbose --batch --no-tty --openpgp --status-fd 2
--digest-algo SHA1 --textmode --armor --local-user "<philip at trouble.is>"
--detach-sign
Note the --local-user is not the userID from my Security.plist.
As an aside: is there a particular reason you're specifying SHA1 rather
than allowing GnuPG to pick the algorithm (in my case, I've told it to
prefer stronger ciphers in my $HOME/.gnupg/gpg.conf).
Input string (202): "Content-Type:
text/plain\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\ntesting
testing testing\r\n\r\nPhilip\r\n\r\n-- =\r\n\r\nPhilip Paeps\r\nSenior
Reality Engineer\r\nMinistry of Informati..."
Command: #!/usr/bin/env bash
"$MM_GPG" --no-verbose --batch --no-tty --openpgp --status-fd 2
--digest-algo SHA1 --textmode --armor --local-user "<philip at trouble.is>"
--detach-sign
Result: Failure
Output string (0): ""
Detail: [GNUPG:] USERID_HINT BB5E2C462A0FA8B0 Philip Paeps
<philip at trouble.is>
Detail: [GNUPG:] NEED_PASSPHRASE BB5E2C462A0FA8B0 BB5E2C462A0FA8B0
1 0
Detail: gpg: cancelled by user
Detail: [GNUPG:] MISSING_PASSPHRASE
Detail: gpg: skipped "<philip at trouble.is>": Operation cancelled
Detail: [GNUPG:] INV_SGNR 0 <philip at trouble.is>
Detail: gpg: signing failed: Operation cancelled
I expected GnuPG to ask me for the PIN for the key on my smart card, not
the passphrase for this other key. Which is what it did until I
upgraded.
Thanks.
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20151128/13232d12/attachment-0001.html>
More information about the mailmate
mailing list