Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
gpg-agent & mutt unable to decrypt mail
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
s|mon
Tux's lil' helper
Tux's lil' helper


Joined: 04 Jul 2004
Posts: 127
Location: Bayern [de]

PostPosted: Sat Dec 28, 2019 3:31 pm    Post subject: gpg-agent & mutt unable to decrypt mail Reply with quote

while i primarily use sylpheed on my main machine i'd like to have a console based fallback (e.g for remote ssh). This is mutt on my second machine (where also the mails are).
I connect via ssh to it and invoke mutt

I recently found out that i'm no longer able to view encrypted mails there.
All i get from mutt is "Could not decrypt PGP message" and "Could not copy message"

Following some hints in a similar topic i tried looging at mutt debug output (-d3) Which does not give me further hints (see below)
In my muttrc i only source gpg.rc (which for testing i copied from the distributed /usr/share/doc/mutt/samples/gpg.rc.bz2 and replaced my keys)

I'm not asked to enter a password at all. So i added logging to gpg-agent and this gave some hints - but not enough for me to close the loop yet.
When i then decrypt a file on the command line with gpg --decrypt i'm asked to enter my password and if i invoke mutt within the default-cache-ttl i can also read my mails.

But why is there no password entry from mutt/pinentry? Any hints

gpg-agent.conf
Code:

allow-loopback-pinentry
pinentry-program /usr/bin/pinentry-curses
debug-level 5
debug-pinentry
debug 1024
no-grab
default-cache-ttl 600
log-file /home/user/gpg-agent.log


gpg-agent.log
Quote:

2019-12-28 16:24:09 gpg-agent[9307] gpg-agent (GnuPG) 2.2.17 started
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK Pleased to meet you, process 9304
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- RESET
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- OPTION ttyname=/dev/pts/8
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- OPTION ttytype=xterm-256color
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- OPTION lc-ctype=en_US.utf8
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- OPTION lc-messages=C
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- GETINFO version
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> D 2.2.17
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- OPTION allow-pinentry-notify
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- OPTION agent-awareness=2.1.0
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- OPTION pinentry-mode=loopback
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- HAVEKEY B6...B40F
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- HAVEKEY 35..CD2 B6..B40F
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- HAVEKEY B6...B40F
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- RESET
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- SETKEY B6...B40F
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:secret
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> OK
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- PKDECRYPT
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> S INQUIRE_MAXLEN 4096
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> INQUIRE CIPHERTEXT
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- [ 44 .. 3a 72 ...(535 byte(s) skipped) ]
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- END
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> S INQUIRE_MAXLEN 255
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> [[Confidential data not shown]]
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 <- [eof]
2019-12-28 16:24:09 gpg-agent[9307] failed to unprotect the secret key: End of file
2019-12-28 16:24:09 gpg-agent[9307] failed to read the secret key
2019-12-28 16:24:09 gpg-agent[9307] command 'PKDECRYPT' failed: End of file
2019-12-28 16:24:09 gpg-agent[9307] DBG: chan_10 -> ERR 67125247 End of file <GPG Agent>
2019-12-28 16:24:09 gpg-agent[9307] Assuan processing failed: Broken pipe



muttdebug0
Quote:

[2019-12-28 15:58:54] Invoking PGP...
[2019-12-28 15:58:54] commands.c:118: mutt_mktemp returns "/tmp/mutt-server-1005-7446-19935774411337629526".
[2019-12-28 15:58:54] WEED is Set
[2019-12-28 15:58:54] Reorder: x = 0; hdr_count = 1
[2019-12-28 15:58:54] Reorder: x = 0; hdr_count = 1
...
[2019-12-28 15:58:55] Reorder: x = 0; hdr_count = 1
[2019-12-28 15:58:55] Entering pgp_encrypted handler
[2019-12-28 15:58:55] crypt-gpgme.c:2625: mutt_mktemp returns "/tmp/mutt-server-1005-7446-1966718014403363785".
[2019-12-28 15:58:55] Could not decrypt PGP message
[2019-12-28 15:58:57] Leaving pgp_encrypted handler
[2019-12-28 15:58:57] Failed on attachment of type multipart/encrypted.
[2019-12-28 15:58:57] Bailing on attachment of type multipart/encrypted.
[2019-12-28 15:58:57] Could not copy message
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15294

PostPosted: Sat Dec 28, 2019 5:49 pm    Post subject: Reply with quote

When pinentry works for your gpg --decrypt invocation, does it prompt using a forwarded X window or prompt by taking control of the terminal and using the text input interface? If you ssh in, start gpg-agent explicitly in one terminal, log in again in a second terminal, run mutt there, and access an encrypted e-mail, does the terminal with the explicit gpg-agent prompt you for a password? Are you doing anything with /bin/su or sudo that could lead to a mismatch between your current active user and the permissions of your tty?
Back to top
View user's profile Send private message
s|mon
Tux's lil' helper
Tux's lil' helper


Joined: 04 Jul 2004
Posts: 127
Location: Bayern [de]

PostPosted: Sat Dec 28, 2019 9:01 pm    Post subject: Reply with quote

When i invoke gpg --decrypt it asks for a password in the terminal not as X-Window.
On your advice I also tried to start two ssh connections ran killall gpg-agent and started "gpg-agent --server" in the first and then invoked mutt in the second. There was no password prompt in any of them.

On the question regarding su or sudo: not that i would be aware of. I connect via
Quote:
ssh -Y -i .ssh/ssh_host_rsa_key -l remoteuser servername'

I already tried without "-Y" - no change.

[edit] just checked - also when i login directly on the system (terminal not X) there is no password challenge and it of course fails.

[edit 2] if i disable gpgme by commenting "set crypt_use_gpgme = yes" i get the password challenge from mutt and decryption works. Something i could live with but i'd still be interested in understanding why i don't get the challenge with gpgme.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum