Once I had Qubes up and running with Thunderbird and enough basics to be able,
more or less, use it as my main computing platform, I setup Split GPG and
installed the Enigmail extension. At first it appeared to work fine as I was
able to send signed email messages with my public key attached. However, it
soon stopped working. I am now trying to resolve this issue.
So far I have been unsuccessful, so am appealing for assistance/pointers. That
means providing rather a lot of information, but if you would bear with me, I
would be grateful. By the way, Screenshot in an appVM (Fedora-29) just gives me
a white rectangle when I view the saved image :-( That is why I have typed in
almost all the information below (in most cases I could not use copy-and-paste).
System
Qubes R4.0.1 with all updates applied.
Thunderbird 60.3.1
All Split-GPG parts installed (or it would not have worked in the first place)
The Problem
When I click Ctrl+Enter (to send the message), I get a pop up dialog request
from the vault appVM, "Do you allow VM 'personal' to access your GPG keys..." I
click "Yes" and there is a momentary notification that the keyring is being
accessed (is there any way to make the notification persist longer than the 1
or 2 seconds it pops up for as it is almost impossible to both notice it and
actually read it?). As best I could read it, it said: "Keyring access from
domain personal".
Then the following dialog box pops up:
====================
[personal] Enigmail Information
Send operation aborted.
The configured key ID "0x6EC..." cannot be found on your keyring.
====================
Configuration
Here are some configuration files:
[dom0] /etc/qubes-rpc/policy/qubes.Gpg (why the capital G?)
====================
personal vault allow
$anyvm $anyvm ask
====================
[personal] /tw/config/gpg-split-domain
====================
vault
====================
[vault] ~/.bash_profile
====================
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# User specific environment and startup programs
QUBES_GPG_AUTOACCEPT=86400
====================
Note: The above appears to have no effect on the request for permission which
still states the default 300 seconds (and appears to honour the 300 seconds).
Other Debugging
[vault] terminal
====================
[user@vault ~]$ gpg --list-secret-keys
/home/user/.gnupg/pubring.gpg
-----------------------------
sec rsa2048 2019-01-11 [SCEA]
0E98... 6837
uid [ultimate] John R. Goold <jrg.pub...@goold.net>
ssb rsa2048 2019-01-11 [SEA]
[user@vault ~]$
====================
What is bizarre is that if I use "gpg --list-keys", the output is identical,
which makes very little sense to me. I tried gpg2 but it gives the same result
(not surprising as I deleted gpg and created gpg as a symbolic link to gpg2
(this was in an attempt to guess why things were going wrong).
[personal] terminal
====================
[user@personal ~]$ qubes-gpg-client -K
/home/user/.gnupg/pubring.gpg
-----------------------------
sec rsa2048 2019-01-11 [SCEA]
0E98.. 6837
uid [ultimate] John R. Goold <jrg.pub...@goold.net>
ssb rsa2048 2019-01-11 [SEA]
[user@personal ~]$
====================
Note: After issuing the qubes-gpg-client command, there was a pop-dialog box
asking for permission.
Following the advice in a thread in the qubes-users forum, I launched
Thunderbird, deactivated and then deleted Enigmail. I then used Software in the
template VM to install Enigmail. That did not change the result when attempting
to send mail.
The only other thing of significance is that I changed the template VM for my
personal (and personal-projects) VM from Debian to Fedora for consistency.
However, that change did not coincide with the Enigmail/Split-GPG problem.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c7c9b8a4-22b8-478d-b780-b9a5f64ae7bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
