[MlMt] S/MIME and OpenPGP issues
Sebastian Hagedorn
Hagedorn at uni-koeln.de
Tue Jan 5 11:35:54 EST 2021
Hi,
that didn’t really help. With that setting I get:
gpg: invalid pinentry mode '/usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac'
But it led me in the right direction. I commented out the pinentry-mode lines, and now it seems to be working! I get a warning that SHA-1 is used and this recommendation:
The hash function used for the message digest has been obsoleted due to security concerns. You should change your OpenPGP settings to use a stronger hash algorithm for the digest (such as SHA256).
Do you know off-hand how I can do that?
Thanks,
Sebastian
On 5 Jan 2021, at 17:26, Thomas Kahle wrote:
> Hi,
>
> Why not set
>
> pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
>
> in gpg-agent.conf?
>
> In both of your files there are things with ‘pinentry loopback’. I don’t know what it is, but maybe the first step would be to have a pinentry program actually pop-up? I don’t know what loopback refers to, but I would start to investigate there.
>
> Good luck,
> Thomas
>
> On 5 Jan 2021, at 14:56, Sebastian Hagedorn wrote:
>
>> Thanks. I went one a side quest for a while, because your public key couldn’t be loaded. Somehow the Let’s Encrypted certificate for hkps://keys.openpgp.org wasn’t trusted. I switched to eu.pool.sks-keyservers.net, and now that part is working, at least.
>>
>> To answer your question: yes, gpg-agent is running:
>>
>> 505 1633 1 0 11:15am ?? 0:00.30 gpg-agent --homedir /Users/hgd/.gnupg --use-standard-socket --daemon
>>
>> The version that’s running is from MacGPG. I also have a separate installation from Homebrew, but that’s not being used. Perhaps we could compare configuration files?
>>
>> gpg-agent.conf:
>>
>> default-cache-ttl 300
>> max-cache-ttl 999999
>> #pinentry-program
>> allow-loopback-pinentry
>>
>> gpg.conf:
>>
>> armor
>> #openpgp
>> default-key Hagedorn at spinfo.uni-koeln.de
>> encrypt-to 09C25485
>> force-mdc
>> #compress-algo 1
>> #no-secmem-warning
>> trust-model direct
>> #keyserver hkp://wwwkeys.de.pgp.net
>> keyserver-options include-subkeys no-include-revoked timeout=5
>> charset utf8
>> utf8-strings
>> group uklan at uni-koeln.de=4D105B45 C46E14A6
>>
>> group BUDDY=
>> emit-version
>> auto-key-locate keyserver
>> auto-key-retrieve
>> use-agent
>> pinentry-mode loopback
>>
>> To be honest, some of these options are 20 years old, and I don’t even remember what there were for :D
>>
>> Cheers,
>> Sebastian
>>
>> On 5 Jan 2021, at 13:05, Thomas Kahle wrote:
>>
>>> On 5 Jan 2021, at 12:23, Sebastian Hagedorn wrote:
>>>
>>>> Possible, but IMO that’s not really a solution. Every other mail application I have used had a method for requesting and/or storing the passphrase. It’s also stored in my keychain. Can somebody confirm if that is expected behaviour with a protected key?
>>>
>>> I use encrypted pgp keys whose passphrases are stored in keychain and it works completely transparently.
>>>
>>> When I switched from Thunderbird to Mailmate it just worked out of the box. Have you configured gig-agent? Is it running?
>>>
>>> What’s the output of `ps -ef | grep gpg-agent` ?
>>>
>>> Cheers,
>>> Thomas
>>>
>>>
>>>
>>>>
>>>> On 5 Jan 2021, at 12:11, Alexandre Takacs wrote:
>>>>
>>>>> It would seems that your key I password protected and PGP is working in a batch mode not allowing it to request said pass.
>>>>>
>>>>> Can you try with a non protected key (as a test to validate the above) ?
>>>>>
>>>>> On 5 Jan 2021, at 10:56, Sebastian Hagedorn wrote:
>>>>>
>>>>>> gpg: Sorry, we are in batchmode - can't get input
>>>>>>
>>>>>> I have a suspicion that is caused by something in my gpg settings, but I don’t see anything obvious.
>>>>>> Ideas?
>>>>> _______________________________________________
>>>>> mailmate mailing list
>>>>> mailmate at lists.freron.com
>>>>> https://lists.freron.com/listinfo/mailmate
>>>> _______________________________________________
>>>> mailmate mailing list
>>>> mailmate at lists.freron.com
>>>> https://lists.freron.com/listinfo/mailmate
>>>
>>> --
>>> Thomas Kahle
>>> https://www.thomas-kahle.de
>>
>>> _______________________________________________
>>> mailmate mailing list
>>> mailmate at lists.freron.com
>>> https://lists.freron.com/listinfo/mailmate
>
>> _______________________________________________
>> mailmate mailing list
>> mailmate at lists.freron.com
>> https://lists.freron.com/listinfo/mailmate
>
> --
> Thomas Kahle
> https://www.thomas-kahle.de
> _______________________________________________
> mailmate mailing list
> mailmate at lists.freron.com
> https://lists.freron.com/listinfo/mailmate
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20210105/72bca649/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20210105/72bca649/attachment.sig>
More information about the mailmate
mailing list