Re: [Evolution] Signing e-mails with gpg fails

2016-03-01 Thread Stig Roar Wangberg 
ty. den 01. 03. 2016 klokka 10.07 (+) skreiv Pete Biggs:
> > 
> > I'm not sure why but I am currently unable to sign e-mails, I'm getting
> > the following error:
> > 
> > Could not create message.
> > 
> > Because "gpg: skipped "67449612": No secret key
> > gpg: signing failed: No secret key
> > ", you may need to select different mail options.
> 
> In the account preferences under the Security tab, the OpenPGP key ID:
> field has a drop-down - are any keys listed there?
> 
> 
> > 
> > I am using Evolution 3.18.5, GnuPG 1.4.20, Gnome 3.18.2 and Debian Sid
> > 64bit.
> > 
> I seem to remember when I was playing around and trying to get these
> things working that Evolution preferred GnuPG2 - certainly I currently
> have a symbolic link so that /usr/bin/gpg is actually running gpg2 and
> everything works.  
> 
> P.

Oh yeah, on this computer I have two gpg-keys. Could someone tell how I
in the terminal make only one of them primary. I've tried 

gpg --edit-key stig
then flagging it
wrote 'primary' then 'save'
but nothing changed. 

Stig


signature.asc
Description: This is a digitally signed message part
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Signing e-mails with gpg fails

2016-03-01 Thread Milan Crha 
On Tue, 2016-03-01 at 10:07 +, Pete Biggs wrote:
> > I seem to remember when I was playing around and trying to get
> > these
>
> things working that Evolution preferred GnuPG2 - certainly I currently
> have a symbolic link so that /usr/bin/gpg is actually running gpg2 and
> everything works.  

Hi,
this is the cause. Pre-evolution-data-server 3.18.5 gpg had been
preferred, but I changed it to gpg2, because that's what seahorse is
using since 3.18.0 or so. That meant that keys shown in account
preferences were not available in the time of the sign/encrypt, because
the two were using different gpg version. Part of the issue is that the
gpg2 and gpg do not share keys, thus what one can find the other
cannot.
Bye,
Milan
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Signing e-mails with gpg fails

2016-03-01 Thread Pete Biggs 

> 
> I'm not sure why but I am currently unable to sign e-mails, I'm getting
> the following error:
> 
> Could not create message.
> 
> Because "gpg: skipped "67449612": No secret key
> gpg: signing failed: No secret key
> ", you may need to select different mail options.

In the account preferences under the Security tab, the OpenPGP key ID:
field has a drop-down - are any keys listed there?


> 
> I am using Evolution 3.18.5, GnuPG 1.4.20, Gnome 3.18.2 and Debian Sid
> 64bit.
> 
I seem to remember when I was playing around and trying to get these
things working that Evolution preferred GnuPG2 - certainly I currently
have a symbolic link so that /usr/bin/gpg is actually running gpg2 and
everything works.  

P.
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Automatically fetching public key for encrypted mail does not work

2016-03-01 Thread David Woodhouse 
On Tue, 2016-03-01 at 10:03 +0100, Milan Crha wrote:
> 
> there was a Google Summer of Code project providing fetch of X.509
> certificates (for S/MIME, which MS Exchange supports) from address
> books. It took the certificates from Global Address List (GAL), as
> advertised by the MS Exchange server. It's filled here:
> for LDAP: https://bugzilla.gnome.org/show_bug.cgi?id=203251
> for address books in general: 
> https://bugzilla.gnome.org/show_bug.cgi?id=704246
>
> The work is currently blocked on NSS. Feel free to join the later bug,
> the reporter has better overview of the subject.

Actually the interesting bug is #736808. Specifically:
https://bugzilla.gnome.org/show_bug.cgi?id=736808#c2

The "making the certs available" part is solved by evolution-pkcs11.
Although that does want a little updating to make it build against the
latest Evolution.

As Milan says, the reason it's not merged into Evolution (or EDS) and
enabled by *default* is because of NSS.

The NSS PK11_ListCerts() function takes O(n²) time, because it iterates
over the certs, for each one calling back into a naïve 'collector'
function that checks it's unique and adds it to the list.

In my case it takes about ten minutes to process all the certs that
evolution-pkcs11 makes available.

When you bring up the prefs dialog (not even looking at certs),
Evolution calls that PK11_ListCerts() function.

Three times, in quick succession.

From the main thread, before it does any redrawing or anything else.

30 minutes later, you can finally see the prefs dialog :)

So... in comment #2 of the bug, as referenced above, it says what I
think needs doing — populate the dialog asynchronously instead of
making us wait, and instead of using PK11_ListCerts we use our *own*
code to iterate over the certs in the token, calling back to our own
*non-stupid* callback function which quickly inserts each one into a
GHashTable or something like that, instead of a linear list.

In the longer term, I'd love to just ditch NSS completely and use
something saner. But this should suffice for now to enable the GAL
certificate lookup.

-- 
David WoodhouseOpen Source Technology Centre
david.woodho...@intel.com  Intel Corporation



smime.p7s
Description: S/MIME cryptographic signature
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

[Evolution] Signing e-mails with gpg fails

2016-03-01 Thread Rock Storm 
Hi everyone and thanks in advance,

I'm not sure why but I am currently unable to sign e-mails, I'm getting
the following error:

Could not create message.

Because "gpg: skipped "67449612": No secret key
gpg: signing failed: No secret key
", you may need to select different mail options.

I believe signing works and the secret subkey is "find-able" because I
am actually able to do the following without any errors, and this is
why I don't understand the error given by Evolution:

$ gpg --output random.sig --detach-sig random.txt

You need a passphrase to unlock the secret key for
user: "Rock Storm "
4096-bit RSA key, ID 67449612, created 2016-02-21 (main key ID
C96832FD)

$ gpg --verify random.sig random.txt
gpg: Signature made Sun 28 Feb 2016 11:47:47 AM CET using RSA key ID
67449612
gpg: Good signature from "Rock Storm "

I am using Evolution 3.18.5, GnuPG 1.4.20, Gnome 3.18.2 and Debian Sid
64bit.

Thanks again,
Regards,

Rock
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Automatically fetching public key for encrypted mail does not work

2016-03-01 Thread Niklas Andersson 

Thanks tons Milan :-) I know David W. I'll contact him.

Thanks again!

On 01/03/16 10:03, Milan Crha wrote:

better overview of


___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Automatically fetching public key for encrypted mail does not work

2016-03-01 Thread Milan Crha 
On Mon, 2016-02-29 at 22:58 +0100, Niklas Andersson wrote:
> Hi,
> 
>   We are evaluating Evolution as a corporate email client and it
> looks 
> really good. We are in particular very pleased with the integration
> with 
> MS Exchange.
> 
>   One thing we didn't got to work though was automatically download
> of 
> the senders public key from the directory in case the email was send 
> encrypted.
> 
>   Does anybody know if this feature is supposed to work? Is it on
> the 
> todo-list if not? Can we pay someone to get it implemented if not?

Hi,
there was a Google Summer of Code project providing fetch of X.509
certificates (for S/MIME, which MS Exchange supports) from address
books. It took the certificates from Global Address List (GAL), as
advertised by the MS Exchange server. It's filled here:
for LDAP: https://bugzilla.gnome.org/show_bug.cgi?id=203251
for address books in general: https://bugzilla.gnome.org/show_bug.cgi?id=704246

The work is currently blocked on NSS. Feel free to join the later bug,
the reporter has better overview of the subject.
Bye,
Milan
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Automatically fetching public key for encrypted mail does not work

2016-03-01 Thread Niklas Andersson 

...and we are testing with Evolution 3.18.5

On 01/03/16 09:15, Niklas Andersson wrote:

Hi,

 No, we would need to fetch the keys from a LDAP-directory


Assumed it's Linux, did you already try
https://wiki.gnome.org/Apps/Evolution/FAQ#How_can_import_GPG_keys_automatically_from_within_Evolution.3F 
?





___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list


___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Automatically fetching public key for encrypted mail does not work

2016-03-01 Thread Niklas Andersson 

Hi,

 No, we would need to fetch the keys from a LDAP-directory


Assumed it's Linux, did you already try
https://wiki.gnome.org/Apps/Evolution/FAQ#How_can_import_GPG_keys_automatically_from_within_Evolution.3F
 ?




___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list