[MlMt] Is Security.plist broken in r5187?

Philip Paeps philip at trouble.is
Sat Nov 28 03:25:50 EST 2015

On 2015-11-28 12:59:18 (+0530), Benny Kjær Nielsen 
<mailinglist at freron.com> wrote:
> On 28 Nov 2015, at 8:17, Philip Paeps wrote:
>> I just noticed that MailMate r5187 is not respecting my PGP 
>> uid->keyid mappings in Security.plist.
>> It was working for me last week.  Did something break? :)
> Not intentionally.


I've got a bunch of valid secret keys which are all valid and I've 
configured Security.plist to pick the correct one for my various email 

         map = (
                 address = "philip at trouble.is";
                 userID = "0x31AEB9B5FDBBCB0E";

This morning I tried to sign a message from philip at trouble.is and 
MailMate wants to use another key, not 0x31AEB9B5FDBBCB0E.  I thought 
the problem might be related to the fact that 0x31AEB9B5FDBBCB0E is 
stored on a Yubikey smartcard (that sometimes confuses GnuPG), but GnuPG 
is happy to use the key:

     [665] (philip at twoflower)...ation Support/MailMate% gpg 
     Application ID ...: D2760001240102000006037039520000
     Version ..........: 2.0
     Manufacturer .....: Yubico
     Serial number ....: 03703952
     Signature key ....: F579 7FCB F1F1 4E2C 28A9  487B 7C62 BC47 76C9 
           created ....: 2015-06-14 20:27:26
     Encryption key....: D034 ACB7 65C9 A8A5 01A5  4F82 935D B834 3AF2 
           created ....: 2015-06-14 20:27:48
     Authentication key: 3BC4 6C0F DA40 B9AF 9FC6  C076 CFF6 3254 4136 
           created ....: 2015-06-14 20:28:12
     General key info..: pub  2048R/0x7C62BC4776C9F29E 2015-06-14 Philip 
Paeps <philip at trouble.is>

> If you launch from a Terminal window then you can get some more 
> details like this:
> 	defaults write com.freron.MailMate MmDebugSecurity -bool YES
> 	/Applications/MailMate.app/Contents/MacOS/MailMate
> You can send me the output off list if it's still not working for you.

It looks like r5187 is not feeding the userID to the gpg --local-user 
command line option.  It's just giving the address:

     2015-11-28 13:34:44.734 MailMate[28147:1947364] Failed to connect 
(_messageView) outlet from (SFCertificateTrustPanel) to (NSTextField): 
missing setter or instance variable

This line turned up as soon as the main window opened.  I'm doubt it's 
related to the problem, but I thought I'd keep it just in case.

      gpg2 --no-verbose --batch --no-tty --openpgp --status-fd 2 
--digest-algo SHA1 --textmode --armor --local-user "<philip at trouble.is>" 

Note the --local-user is not the userID from my Security.plist.

As an aside: is there a particular reason you're specifying SHA1 rather 
than allowing GnuPG to pick the algorithm (in my case, I've told it to 
prefer stronger ciphers in my $HOME/.gnupg/gpg.conf).

      Input string (202): "Content-Type: 
text/plain\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\ntesting 
testing testing\r\n\r\nPhilip\r\n\r\n-- =\r\n\r\nPhilip Paeps\r\nSenior 
Reality Engineer\r\nMinistry of Informati..."
      Command: #!/usr/bin/env bash
     "$MM_GPG" --no-verbose --batch --no-tty --openpgp --status-fd 2 
--digest-algo SHA1 --textmode --armor --local-user "<philip at trouble.is>" 

      Result: Failure
      Output string (0): ""
      Detail: [GNUPG:] USERID_HINT BB5E2C462A0FA8B0 Philip Paeps 
<philip at trouble.is>
      Detail: [GNUPG:] NEED_PASSPHRASE BB5E2C462A0FA8B0 BB5E2C462A0FA8B0 
1 0
      Detail: gpg: cancelled by user
      Detail: gpg: skipped "<philip at trouble.is>": Operation cancelled
      Detail: [GNUPG:] INV_SGNR 0 <philip at trouble.is>
      Detail: gpg: signing failed: Operation cancelled

I expected GnuPG to ask me for the PIN for the key on my smart card, not 
the passphrase for this other key.  Which is what it did until I 



Philip Paeps
Senior Reality Engineer
Ministry of Information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20151128/13232d12/attachment-0001.html>

More information about the mailmate mailing list