Re: [MlMt] S/MIME and OpenPGP issues
On 7 Jan 2021, at 16:32, Sebastian Hagedorn wrote: > On 7 Jan 2021, at 14:49, Benny Kjær Nielsen wrote: > > 2021-01-07 13:07:17.274425+0100 localhost MailMate[39607]: (Security) > Created Activity ID: 0x8641c, Description: > SecKeychainSearchCreateFromAttributes > 2021-01-07 13:07:17.275346+0100 localhost MailMate[39607]: (Security) > Created Activity ID: 0x8641d, Description: SecKeychainSearchCopyNext > 2021-01-07 13:07:17.275713+0100 localhost MailMate[39607]: (Security) > [com.apple.securityd:security_exception] CSSM Exception: -2147413737 > CSSMERR_DL_DATASTORE_DOESNOT_EXIST > 2021-01-07 13:07:17.275826+0100 localhost MailMate[39607]: (Security) > [com.apple.securityd:integrity] dbBlobVersion() failed for a non-existent > database > 2021-01-07 13:07:17.276234+0100 localhost MailMate[39607]: (Security) > [com.apple.securityd:security_exception] CSSM Exception: -2147413737 > CSSMERR_DL_DATASTORE_DOESNOT_EXIST > > But I have no idea what `CSSMERR_DL_DATASTORE_DOESNOT_EXIST` means. Googling > seems to indicate that it might be related to an empty/faulty keychain. Maybe > see if anything in Keychain Access seems out of the ordinary. > > Thanks, I already did. There was an empty keychain called > Microsoft_Intermediate_Certificates that I removed. There is another empty > one that’s called accountsKeychainExport, but apparently that one cannot be > deleted. > > But it’s clearly a local issue on that specific Mac, because I copied all > settings to a different Mac. S/MIME signing works there, but there’s a > different issue: MailMate picks an expired certificate. The problem is that > you need to keep expired certificates around if you want to be able to > decrypt older mails. I verified that the current certificate is in the > keychain. For some reason MailMate picks the wrong one. > I tried to set the certificate using Security.plist. This line looks as if > that worked: > > Setup (S/MIME) mapping of address “haged...@uni-koeln.de” to serial: > “2379AD18EB0F7DADF38A62DF” > > … and it did! I will experiment some more and let you know if U can get this > resolved. For the archive, I managed to solve the problem. The root cause was that the private key for my certificate was in the System keychain as a duplicate. I had noticed a duplicate of my certificate there before and had already deleted that, but the key remained. Before I realized that I had deployed the nuclear option and completely reset my user keychain. After I added my certificate and key, S/MIME worked again, but the “macOS wants to make changes” dialogs were back. Fortunately I noticed that the System keychain was referenced, and that led me to that stray private key. I still see the error CSSMERR_DL_DATASTORE_DOESNOT_EXIST, but apparently that’s not related. -- .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:. smime.p7s Description: S/MIME digital signature ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] S/MIME and OpenPGP issues
On 7 Jan 2021, at 14:49, Benny Kjær Nielsen wrote: > 2021-01-07 13:07:17.274425+0100 localhost MailMate[39607]: (Security) > Created Activity ID: 0x8641c, Description: > SecKeychainSearchCreateFromAttributes > 2021-01-07 13:07:17.275346+0100 localhost MailMate[39607]: (Security) > Created Activity ID: 0x8641d, Description: SecKeychainSearchCopyNext > 2021-01-07 13:07:17.275713+0100 localhost MailMate[39607]: (Security) > [com.apple.securityd:security_exception] CSSM Exception: -2147413737 > CSSMERR_DL_DATASTORE_DOESNOT_EXIST > 2021-01-07 13:07:17.275826+0100 localhost MailMate[39607]: (Security) > [com.apple.securityd:integrity] dbBlobVersion() failed for a non-existent > database > 2021-01-07 13:07:17.276234+0100 localhost MailMate[39607]: (Security) > [com.apple.securityd:security_exception] CSSM Exception: -2147413737 > CSSMERR_DL_DATASTORE_DOESNOT_EXIST > > But I have no idea what `CSSMERR_DL_DATASTORE_DOESNOT_EXIST` means. Googling > seems to indicate that it might be related to an empty/faulty keychain. Maybe > see if anything in Keychain Access seems out of the ordinary. Thanks, I already did. There was an empty keychain called Microsoft_Intermediate_Certificates that I removed. There is another empty one that’s called accountsKeychainExport, but apparently that one cannot be deleted. But it’s clearly a local issue on that specific Mac, because I copied all settings to a different Mac. S/MIME signing works there, but there’s a different issue: MailMate picks an expired certificate. The problem is that you need to keep expired certificates around if you want to be able to decrypt older mails. I verified that the current certificate is in the keychain. For some reason MailMate picks the wrong one. I tried to set the certificate using Security.plist. This line looks as if that worked: Setup (S/MIME) mapping of address “haged...@uni-koeln.de” to serial: “2379AD18EB0F7DADF38A62DF” … and it did! I will experiment some more and let you know if U can get this resolved. -- .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:. signature.asc Description: OpenPGP digital signature ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] S/MIME and OpenPGP issues
On 7 Jan 2021, at 13:11, Sebastian Hagedorn wrote: OpenPGP is working now, but I still haven’t solved the S/MIME issue. I noticed a thread from 2018 in the archives, where this was the last message from Benny Kjær Nielsen: [...] That’s the same error message that I get. I think `errSecInternalComponent` is pretty generic and it can mean all kinds of things. In my case hitting ⌘S does not work, and restarting my Mac hasn’t helped either. I removed one instance of my certificate from the keychain so that MailMate only finds one, but that didn’t resolve the issue either. I ran “log stream” from the Terminal to observe what is happening when that error pos up, but I don’t know what to do with the output: Very good. That does appear to provide more details. 2021-01-07 13:07:17.274425+0100 localhost MailMate[39607]: (Security) Created Activity ID: 0x8641c, Description: SecKeychainSearchCreateFromAttributes 2021-01-07 13:07:17.275346+0100 localhost MailMate[39607]: (Security) Created Activity ID: 0x8641d, Description: SecKeychainSearchCopyNext 2021-01-07 13:07:17.275713+0100 localhost MailMate[39607]: (Security) [com.apple.securityd:security_exception] CSSM Exception: -2147413737 CSSMERR_DL_DATASTORE_DOESNOT_EXIST 2021-01-07 13:07:17.275826+0100 localhost MailMate[39607]: (Security) [com.apple.securityd:integrity] dbBlobVersion() failed for a non-existent database 2021-01-07 13:07:17.276234+0100 localhost MailMate[39607]: (Security) [com.apple.securityd:security_exception] CSSM Exception: -2147413737 CSSMERR_DL_DATASTORE_DOESNOT_EXIST But I have no idea what `CSSMERR_DL_DATASTORE_DOESNOT_EXIST` means. Googling seems to indicate that it might be related to an empty/faulty keychain. Maybe see if anything in Keychain Access seems out of the ordinary. -- Benny ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] S/MIME and OpenPGP issues
Hi, OpenPGP is working now, but I still haven’t solved the S/MIME issue. I noticed a thread from 2018 in the archives, where this was the last message from Benny Kjær Nielsen: > On 24 Aug 2018, at 13:41, Alexandre Takacs wrote: > >> I get to the point I where I am being asked for my keychain pass to access >> the signing cert. But once said password is provided I get >> "errSecInternalComponent (error code -2070)". > > I some times see this error, but I'm not sure what can trigger it. Continuing > to edit and hitting ⌘S usually clears it up. The error itself is > unfortunately not very informative. > > You can enable the following and launch from a Terminal window to see how far > MailMate is before it fails: > > defaults write com.freron.MailMate MmDebugSecurity -bool YES > /Applications/MailMate.app/Contents/MacOS/MailMate > > It might also be a good idea to restart the machine. Although I cannot > reliably reproduce it I have a feeling that the keychain system often gets > into a “bad” state when I'm working with certificates. That’s the same error message that I get. In my case hitting ⌘S does not work, and restarting my Mac hasn’t helped either. I removed one instance of my certificate from the keychain so that MailMate only finds one, but that didn’t resolve the issue either. I ran “log stream” from the Terminal to observe what is happening when that error pos up, but I don’t know what to do with the output: 2021-01-07 13:07:17.274425+0100 localhost MailMate[39607]: (Security) Created Activity ID: 0x8641c, Description: SecKeychainSearchCreateFromAttributes 2021-01-07 13:07:17.275346+0100 localhost MailMate[39607]: (Security) Created Activity ID: 0x8641d, Description: SecKeychainSearchCopyNext 2021-01-07 13:07:17.275713+0100 localhost MailMate[39607]: (Security) [com.apple.securityd:security_exception] CSSM Exception: -2147413737 CSSMERR_DL_DATASTORE_DOESNOT_EXIST 2021-01-07 13:07:17.275826+0100 localhost MailMate[39607]: (Security) [com.apple.securityd:integrity] dbBlobVersion() failed for a non-existent database 2021-01-07 13:07:17.276234+0100 localhost MailMate[39607]: (Security) [com.apple.securityd:security_exception] CSSM Exception: -2147413737 CSSMERR_DL_DATASTORE_DOESNOT_EXIST … Is there anything else I should try? -- .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:. On 5 Jan 2021, at 11:56, Sebastian Hagedorn wrote: > When I try to use S/MIME, the composer window shows; > > S/MIME: Failed to generate the message > Log S/MIME sign/- > Certificates found for all addresses > > Encoder created > Signer added > Requesting detached content > Content updated > errSecInternalComponent (Error code -2070.) > > I enabled debugging and launched MailMate from iTerm. There it says: > > Setting security level/protocol: sign/S/MIME (none/Unknown) > Protocol changed (resetting message): Unknown != S/MIME (none > sign) > Searching for certificate for identity haged...@uni-koeln.de > Looking for preferred certificate > Not found > Require system matched email address > Looking for candidate(s) > Found 2 candidate(s) > Found match (2379AD18EB0F7DADF38A62DF) with score 29 > Found match (2379AD18EB0F7DADF38A62DF) with score 29 > Found 2 valid candidates > S/MIME sign/- > Certificates found for all addresses > > Encoder created > Signer added > Requesting detached content > Content updated > errSecInternalComponent (Error code -2070.) > > Warning: Decoding empty text body for id -26 > Warning: Decoding empty text body for id -29 signature.asc Description: OpenPGP digital signature ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] S/MIME and OpenPGP issues
Thanks, I appreciate your help! Cheers, Sebastian On 5 Jan 2021, at 17:39, Thomas Kahle wrote: > Hi, > > On 5 Jan 2021, at 17:35, Sebastian Hagedorn wrote: > >> The hash function used for the message digest has been obsoleted due to >> security concerns. You should change your OpenPGP settings to use a stronger >> hash algorithm for the digest (such as SHA256). >> >> Do you know off-hand how I can do that? > > I use this in gpg.conf: > > ``` > cert-digest-algo SHA512 > default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 > ZLIB BZIP2 ZIP Uncompressed > personal-digest-preferences SHA512 SHA384 SHA256 SHA224 > ``` > > Cheers, > Thomas > > -- > Thomas Kahle > https://www.thomas-kahle.de > ___ > mailmate mailing list > mailmate@lists.freron.com > https://lists.freron.com/listinfo/mailmate signature.asc Description: OpenPGP digital signature ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] S/MIME and OpenPGP issues
Hi, On 5 Jan 2021, at 17:35, Sebastian Hagedorn wrote: > The hash function used for the message digest has been obsoleted due to > security concerns. You should change your OpenPGP settings to use a stronger > hash algorithm for the digest (such as SHA256). > > Do you know off-hand how I can do that? I use this in gpg.conf: ``` cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed personal-digest-preferences SHA512 SHA384 SHA256 SHA224 ``` Cheers, Thomas -- Thomas Kahle https://www.thomas-kahle.de signature.asc Description: OpenPGP digital signature ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] S/MIME and OpenPGP issues
Hi, that didn’t really help. With that setting I get: gpg: invalid pinentry mode '/usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac' But it led me in the right direction. I commented out the pinentry-mode lines, and now it seems to be working! I get a warning that SHA-1 is used and this recommendation: The hash function used for the message digest has been obsoleted due to security concerns. You should change your OpenPGP settings to use a stronger hash algorithm for the digest (such as SHA256). Do you know off-hand how I can do that? Thanks, Sebastian On 5 Jan 2021, at 17:26, Thomas Kahle wrote: > Hi, > > Why not set > > pinentry-program > /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac > > in gpg-agent.conf? > > In both of your files there are things with ‘pinentry loopback’. I don’t > know what it is, but maybe the first step would be to have a pinentry program > actually pop-up? I don’t know what loopback refers to, but I would start to > investigate there. > > Good luck, > Thomas > > On 5 Jan 2021, at 14:56, Sebastian Hagedorn wrote: > >> Thanks. I went one a side quest for a while, because your public key >> couldn’t be loaded. Somehow the Let’s Encrypted certificate for >> hkps://keys.openpgp.org wasn’t trusted. I switched to >> eu.pool.sks-keyservers.net, and now that part is working, at least. >> >> To answer your question: yes, gpg-agent is running: >> >> 505 1633 1 0 11:15am ?? 0:00.30 gpg-agent --homedir >> /Users/hgd/.gnupg --use-standard-socket --daemon >> >> The version that’s running is from MacGPG. I also have a separate >> installation from Homebrew, but that’s not being used. Perhaps we could >> compare configuration files? >> >> gpg-agent.conf: >> >> default-cache-ttl 300 >> max-cache-ttl 99 >> #pinentry-program >> allow-loopback-pinentry >> >> gpg.conf: >> >> armor >> #openpgp >> default-key haged...@spinfo.uni-koeln.de >> encrypt-to 09C25485 >> force-mdc >> #compress-algo 1 >> #no-secmem-warning >> trust-model direct >> #keyserver hkp://wwwkeys.de.pgp.net >> keyserver-options include-subkeys no-include-revoked timeout=5 >> charset utf8 >> utf8-strings >> group uk...@uni-koeln.de=4D105B45 C46E14A6 >> >> group BUDDY= >> emit-version >> auto-key-locate keyserver >> auto-key-retrieve >> use-agent >> pinentry-mode loopback >> >> To be honest, some of these options are 20 years old, and I don’t even >> remember what there were for :D >> >> Cheers, >> Sebastian >> >> On 5 Jan 2021, at 13:05, Thomas Kahle wrote: >> >>> On 5 Jan 2021, at 12:23, Sebastian Hagedorn wrote: >>> Possible, but IMO that’s not really a solution. Every other mail application I have used had a method for requesting and/or storing the passphrase. It’s also stored in my keychain. Can somebody confirm if that is expected behaviour with a protected key? >>> >>> I use encrypted pgp keys whose passphrases are stored in keychain and it >>> works completely transparently. >>> >>> When I switched from Thunderbird to Mailmate it just worked out of the box. >>> Have you configured gig-agent? Is it running? >>> >>> What’s the output of `ps -ef | grep gpg-agent` ? >>> >>> Cheers, >>> Thomas >>> >>> >>> On 5 Jan 2021, at 12:11, Alexandre Takacs wrote: > It would seems that your key I password protected and PGP is working in a > batch mode not allowing it to request said pass. > > Can you try with a non protected key (as a test to validate the above) ? > > On 5 Jan 2021, at 10:56, Sebastian Hagedorn wrote: > >> gpg: Sorry, we are in batchmode - can't get input >> >> I have a suspicion that is caused by something in my gpg settings, but I >> don’t see anything obvious. >> Ideas? > ___ > mailmate mailing list > mailmate@lists.freron.com > https://lists.freron.com/listinfo/mailmate ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate >>> >>> -- >>> Thomas Kahle >>> https://www.thomas-kahle.de >> >>> ___ >>> mailmate mailing list >>> mailmate@lists.freron.com >>> https://lists.freron.com/listinfo/mailmate > >> ___ >> mailmate mailing list >> mailmate@lists.freron.com >> https://lists.freron.com/listinfo/mailmate > > -- > Thomas Kahle > https://www.thomas-kahle.de > ___ > mailmate mailing list > mailmate@lists.freron.com > https://lists.freron.com/listinfo/mailmate signature.asc Description: OpenPGP digital signature ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] S/MIME and OpenPGP issues
Hi, Why not set pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac in gpg-agent.conf? In both of your files there are things with ‘pinentry loopback’. I don’t know what it is, but maybe the first step would be to have a pinentry program actually pop-up? I don’t know what loopback refers to, but I would start to investigate there. Good luck, Thomas On 5 Jan 2021, at 14:56, Sebastian Hagedorn wrote: > Thanks. I went one a side quest for a while, because your public key couldn’t > be loaded. Somehow the Let’s Encrypted certificate for > hkps://keys.openpgp.org wasn’t trusted. I switched to > eu.pool.sks-keyservers.net, and now that part is working, at least. > > To answer your question: yes, gpg-agent is running: > > 505 1633 1 0 11:15am ?? 0:00.30 gpg-agent --homedir > /Users/hgd/.gnupg --use-standard-socket --daemon > > The version that’s running is from MacGPG. I also have a separate > installation from Homebrew, but that’s not being used. Perhaps we could > compare configuration files? > > gpg-agent.conf: > > default-cache-ttl 300 > max-cache-ttl 99 > #pinentry-program > allow-loopback-pinentry > > gpg.conf: > > armor > #openpgp > default-key haged...@spinfo.uni-koeln.de > encrypt-to 09C25485 > force-mdc > #compress-algo 1 > #no-secmem-warning > trust-model direct > #keyserver hkp://wwwkeys.de.pgp.net > keyserver-options include-subkeys no-include-revoked timeout=5 > charset utf8 > utf8-strings > group uk...@uni-koeln.de=4D105B45 C46E14A6 > > group BUDDY= > emit-version > auto-key-locate keyserver > auto-key-retrieve > use-agent > pinentry-mode loopback > > To be honest, some of these options are 20 years old, and I don’t even > remember what there were for :D > > Cheers, > Sebastian > > On 5 Jan 2021, at 13:05, Thomas Kahle wrote: > >> On 5 Jan 2021, at 12:23, Sebastian Hagedorn wrote: >> >>> Possible, but IMO that’s not really a solution. Every other mail >>> application I have used had a method for requesting and/or storing the >>> passphrase. It’s also stored in my keychain. Can somebody confirm if that >>> is expected behaviour with a protected key? >> >> I use encrypted pgp keys whose passphrases are stored in keychain and it >> works completely transparently. >> >> When I switched from Thunderbird to Mailmate it just worked out of the box. >> Have you configured gig-agent? Is it running? >> >> What’s the output of `ps -ef | grep gpg-agent` ? >> >> Cheers, >> Thomas >> >> >> >>> >>> On 5 Jan 2021, at 12:11, Alexandre Takacs wrote: >>> It would seems that your key I password protected and PGP is working in a batch mode not allowing it to request said pass. Can you try with a non protected key (as a test to validate the above) ? On 5 Jan 2021, at 10:56, Sebastian Hagedorn wrote: > gpg: Sorry, we are in batchmode - can't get input > > I have a suspicion that is caused by something in my gpg settings, but I > don’t see anything obvious. > Ideas? ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate >>> ___ >>> mailmate mailing list >>> mailmate@lists.freron.com >>> https://lists.freron.com/listinfo/mailmate >> >> -- >> Thomas Kahle >> https://www.thomas-kahle.de > >> ___ >> mailmate mailing list >> mailmate@lists.freron.com >> https://lists.freron.com/listinfo/mailmate > ___ > mailmate mailing list > mailmate@lists.freron.com > https://lists.freron.com/listinfo/mailmate -- Thomas Kahle https://www.thomas-kahle.de signature.asc Description: OpenPGP digital signature ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] S/MIME and OpenPGP issues
Thanks. I went one a side quest for a while, because your public key couldn’t be loaded. Somehow the Let’s Encrypted certificate for hkps://keys.openpgp.org wasn’t trusted. I switched to eu.pool.sks-keyservers.net, and now that part is working, at least. To answer your question: yes, gpg-agent is running: 505 1633 1 0 11:15am ?? 0:00.30 gpg-agent --homedir /Users/hgd/.gnupg --use-standard-socket --daemon The version that’s running is from MacGPG. I also have a separate installation from Homebrew, but that’s not being used. Perhaps we could compare configuration files? gpg-agent.conf: default-cache-ttl 300 max-cache-ttl 99 #pinentry-program allow-loopback-pinentry gpg.conf: armor #openpgp default-key haged...@spinfo.uni-koeln.de encrypt-to 09C25485 force-mdc #compress-algo 1 #no-secmem-warning trust-model direct #keyserver hkp://wwwkeys.de.pgp.net keyserver-options include-subkeys no-include-revoked timeout=5 charset utf8 utf8-strings group uk...@uni-koeln.de=4D105B45 C46E14A6 group BUDDY= emit-version auto-key-locate keyserver auto-key-retrieve use-agent pinentry-mode loopback To be honest, some of these options are 20 years old, and I don’t even remember what there were for :D Cheers, Sebastian On 5 Jan 2021, at 13:05, Thomas Kahle wrote: On 5 Jan 2021, at 12:23, Sebastian Hagedorn wrote: Possible, but IMO that’s not really a solution. Every other mail application I have used had a method for requesting and/or storing the passphrase. It’s also stored in my keychain. Can somebody confirm if that is expected behaviour with a protected key? I use encrypted pgp keys whose passphrases are stored in keychain and it works completely transparently. When I switched from Thunderbird to Mailmate it just worked out of the box. Have you configured gig-agent? Is it running? What’s the output of `ps -ef | grep gpg-agent` ? Cheers, Thomas On 5 Jan 2021, at 12:11, Alexandre Takacs wrote: It would seems that your key I password protected and PGP is working in a batch mode not allowing it to request said pass. Can you try with a non protected key (as a test to validate the above) ? On 5 Jan 2021, at 10:56, Sebastian Hagedorn wrote: gpg: Sorry, we are in batchmode - can't get input I have a suspicion that is caused by something in my gpg settings, but I don’t see anything obvious. Ideas? ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate -- Thomas Kahle https://www.thomas-kahle.de ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] S/MIME and OpenPGP issues
On 5 Jan 2021, at 12:23, Sebastian Hagedorn wrote: > Possible, but IMO that’s not really a solution. Every other mail application > I have used had a method for requesting and/or storing the passphrase. It’s > also stored in my keychain. Can somebody confirm if that is expected > behaviour with a protected key? I use encrypted pgp keys whose passphrases are stored in keychain and it works completely transparently. When I switched from Thunderbird to Mailmate it just worked out of the box. Have you configured gig-agent? Is it running? What’s the output of `ps -ef | grep gpg-agent` ? Cheers, Thomas > > On 5 Jan 2021, at 12:11, Alexandre Takacs wrote: > >> It would seems that your key I password protected and PGP is working in a >> batch mode not allowing it to request said pass. >> >> Can you try with a non protected key (as a test to validate the above) ? >> >> On 5 Jan 2021, at 10:56, Sebastian Hagedorn wrote: >> >>> gpg: Sorry, we are in batchmode - can't get input >>> >>> I have a suspicion that is caused by something in my gpg settings, but I >>> don’t see anything obvious. >>> Ideas? >> ___ >> mailmate mailing list >> mailmate@lists.freron.com >> https://lists.freron.com/listinfo/mailmate > ___ > mailmate mailing list > mailmate@lists.freron.com > https://lists.freron.com/listinfo/mailmate -- Thomas Kahle https://www.thomas-kahle.de signature.asc Description: OpenPGP digital signature ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] S/MIME and OpenPGP issues
Possible, but IMO that’s not really a solution. Every other mail application I have used had a method for requesting and/or storing the passphrase. It’s also stored in my keychain. Can somebody confirm if that is expected behaviour with a protected key? On 5 Jan 2021, at 12:11, Alexandre Takacs wrote: It would seems that your key I password protected and PGP is working in a batch mode not allowing it to request said pass. Can you try with a non protected key (as a test to validate the above) ? On 5 Jan 2021, at 10:56, Sebastian Hagedorn wrote: gpg: Sorry, we are in batchmode - can't get input I have a suspicion that is caused by something in my gpg settings, but I don’t see anything obvious. Ideas? ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] S/MIME and OpenPGP issues
It would seems that your key I password protected and PGP is working in a batch mode not allowing it to request said pass. Can you try with a non protected key (as a test to validate the above) ? On 5 Jan 2021, at 10:56, Sebastian Hagedorn wrote: gpg: Sorry, we are in batchmode - can't get input I have a suspicion that is caused by something in my gpg settings, but I don’t see anything obvious. Ideas? ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
[MlMt] S/MIME and OpenPGP issues
Hi, I’m having trouble with both security protocols. When I try to use S/MIME, the composer window shows; S/MIME: Failed to generate the message Log S/MIME sign/- Certificates found for all addresses Encoder created Signer added Requesting detached content Content updated errSecInternalComponent (Error code -2070.) I enabled debugging and launched MailMate from iTerm. There it says: Setting security level/protocol: sign/S/MIME (none/Unknown) Protocol changed (resetting message): Unknown != S/MIME (none > sign) Searching for certificate for identity haged...@uni-koeln.de Looking for preferred certificate Not found Require system matched email address Looking for candidate(s) Found 2 candidate(s) Found match (2379AD18EB0F7DADF38A62DF) with score 29 Found match (2379AD18EB0F7DADF38A62DF) with score 29 Found 2 valid candidates S/MIME sign/- Certificates found for all addresses Encoder created Signer added Requesting detached content Content updated errSecInternalComponent (Error code -2070.) Warning: Decoding empty text body for id -26 Warning: Decoding empty text body for id -29 FWIW, S/MIME worked for a while, but it showed the notorious “macOS wants to make changes” dialog every time (the same in Mail.app). So I removed my certificate and private key from the keychain and re-added them. Now everything appears to be fine in Mail.app, but MailMate isn’t happy. It clearly finds the right key (twice for some reason), but then something goes wrong. Ideas? As for OpenPGP, I see the following: OpenPGP: Unexpectedly found no output when decryption and/or verifying (it might be a temporary system issue) Command /usr/local/bin/gpg --no-verbose --batch --no-tty --compliance "openpgp" --status-fd 2 --textmode --armor --local-user "" --detach-sign Output [GNUPG:] KEY_CONSIDERED CE8BE30386737922A89F86D7197B06994D105B45 2 [GNUPG:] BEGIN_SIGNING H2 [GNUPG:] USERID_HINT 197B06994D105B45 Sebastian Hagedorn [GNUPG:] NEED_PASSPHRASE 197B06994D105B45 197B06994D105B45 17 0 [GNUPG:] INQUIRE_MAXLEN 100 gpg: Sorry, we are in batchmode - can't get input I have a suspicion that is caused by something in my gpg settings, but I don’t see anything obvious. Ideas? Thanks, Sebastian -- .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:. ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
