UberStudent Forums

Help and Community for Users of Uberstudent
Return to UberStudent Home Page
It is currently Thu Nov 15, 2018 2:41 am

All times are UTC




UberStudent Logo Shirt
Hey! You can wear this UberCool UberStudent Logo Shirt

Post new topic Reply to topic  [ 20 posts ]  Go to page Previous  1, 2
Author Message
PostPosted: Sun Nov 08, 2015 5:14 am 
Offline
Established UberStudent User

Joined: Thu Sep 17, 2015 4:11 am
Posts: 15
Good news! sort of....

The problem is on a fresh install of UberStudent 4.1 Epicurus Xfce 64-bit:

No gpg.conf file is created and placed in /home/bluestreak/.gnupg when using the setup wizard after installing Enigmail 1.8.2. I have tried installing Enigmail as a plugin for Thunderbird 38.3.0 as well as from Synaptic Package manager on a clean install. No difference.

Procedure followed on Fresh install:

Load live UberStudent Live DVD
Selected 'Install" from desktop
Selected 'Other" for install
installed on sda5, format=yes, mount point /
installed default UberStudent update
Installed the second update which is very large and updates gnupg as well as ggnupg2
Reboot
Open thunderbird and create IMAP mail account
close Thunderbird and reboot
Open Thunderbird and install Enigmail 1.8.2...
followed prompts from wizard to generate a new keypair - so far so good!
Attempted to create a revocation key - FAILS!
Send encrypted mail to myself - decrypt fails
Installed gpgv2 with Synaptic
View /home/bluestreak/.gnupg - identify the problem is two missing text files
missing files: gpg.conf and gpg-agent-info-bluestreak
copy and paste a proper gpg.conf file to /home/bluestreak/.gnupg
Reboot and find that 'gpg-agent-info-bluestreak' has been create
Unknown: if gpg-agent-info-bluestreak was created due to reboot or opening Thundrrbird - sorry lost track at that point
Notes: before the two missing files are placed into /home/bluestreak/.gnupg there are other functions that did not work such as the ability to change passphrase of the keypair.
Removed gpgv2 with Synaptic

The big question is as follows:

Yes, I can make it work. Yes, I did learn a lot from the experience. Yes, it took several days and many, many hours because I am not a Linux guru.

Stephen, can the issue be fixed through a patch? Do you know why the file creation fails?
Should I try a fresh install of Ubuntu 14.04 LTS of Mint 17.2 Cinnamon to see if this issue replicates? I would be willing to to that if it would be of help to know, one way or the other.
The missing files are in place on my production machine only because I stumbled around for a couple of days trying various uninstall and reinstall of various packages. By accident my decryption started working.

I realise a fix for this may not be a high priority because perhaps not a lot of UberStudent users may not be into using Thunderbird for encrypted mail. However, in my circles 90% of us use Thunderbird with Enigmail and for me to recommend to them that UberStudent is the greatest distro ever, the set up should work without problems. The folks that I convert to Linux, don't know the find points of creating a home folder for data, etc. They want it to work and learn more as they have time for. For a person my age trying to exist on Social Security only, it is impossible for me to donate to any distro, however, i can easily compensate by spreading the news about UberStudent and encouraging my network of disgruntled Windows users to convert.

BTW: One important step I learned through this process was to allow level 3 updates to install. On my production machine, I hoped to get longer life out of this distro by only installing level 1 and level 2 updates. Big mistake - th4e gnupg and gnupg2 updates are contained in level 3. You have earned my trust, Thank you :oops:

Paul Frankfurter

Thanks for your dedication to UberStudent Stephen. I am sure there are many folks who appreciate your effort in making a distro that is essentially perfect.


Top
 Profile  
 
PostPosted: Sun Nov 08, 2015 5:33 am 
Offline
Established UberStudent User

Joined: Thu Sep 17, 2015 4:11 am
Posts: 15
Additional info I forgot.

The Enigmail pull-down menu updates as well and offers debugging options etc.


Attachments:
Updated enigmail menu.png
Updated enigmail menu.png [ 451.69 KiB | Viewed 20245 times ]
Top
 Profile  
 
PostPosted: Fri Dec 18, 2015 1:58 am 
Offline
Established UberStudent User

Joined: Thu Sep 03, 2015 8:24 pm
Posts: 15
I gave Thunderbird with Enigmail a try and the same thing happened to me as described above (starting with not saving the revocation certificate). However I did not get it working by following the steps. There was a gpg.conf in .gnupg but not that other file, regardless what I tried. I can also confirm that it works like a charm on Debian or Ubuntu. I spent some time by trying to figure out the issue on Uberstudent without success. In the end it's not that relevant for me either. Just wanted to mention that obviously this issue occurs sometimes.


Top
 Profile  
 
PostPosted: Fri Dec 18, 2015 4:06 am 
Offline
Established UberStudent User

Joined: Thu Sep 17, 2015 4:11 am
Posts: 15
bradley wrote:
I gave Thunderbird with Enigmail a try and the same thing happened to me as described above (starting with not saving the revocation certificate). However I did not get it working by following the steps. There was a gpg.conf in .gnupg but not that other file, regardless what I tried. I can also confirm that it works like a charm on Debian or Ubuntu. I spent some time by trying to figure out the issue on Uberstudent without success. In the end it's not that relevant for me either. Just wanted to mention that obviously this issue occurs sometimes.


This may be helpful:

https://www.enigmail.net/support/gnupg2_issues.php

Resolving issues with GnuPG 2.x and gpg-agent
Note GnuPG 2.x requires an "agent" to handle passphrases. By default this is done by gpg-agent, but there are other tools implementing a subset of its functionality. These instructions are for gpg-agent only. If you use an agent like gnome-keyring, seahorse-agent or the KDE Wallet Manager, then these instructions don't apply.
Most common Problem
Symptoms
The most common issue is that gpg-agent (a part of GnuPG) cannot launch pinentry (the tool used to query your passphrase). Enigmail would display messages like:
when reading messages:
Error - no matching private/secret key found to decrypt message; click on 'Details' button for more information
when sending messages:
- Send operation aborted. Error - encryption command failed
- Send operation aborted. Key 0x....... not found or not valid. The (sub-)key might have expired
How to Analyze
1. Try sending a signed and unencrypted message to yourself.
2. Check the output in the Enimgail log: go to menu Enigmail > Debugging Options > View Log.
3. Search for the following text: parseErrorOutput: status message. You will probably find this message several times. Check what follows below.
4. If the message says something like "no pinentry", "problem with the agent", "Invalid IPC response" or "problem with gpg-agent", then there is something wrong with your gpg-agent and/or pinentry setup.
How to Fix it
1. Execute the following script from a terminal to find out if a graphical version of pinentry is used:
pinentry <<EOT
SETDESC Hello World
CONFIRM
EOT
2. You should get a graphical window with a confirmation message "Hello World". If a "window" is opened within your terminal window then pinentry is text-based, which does not work with Enigmail. To fix this, ensure that a graphical version of pinentry is installed. On Linux/Unix systems, these would typically be pinentry-qt/pinentry-qt4 or pinentry-gtk/pinentry-gtk2, and on Mac OS X pinentry-mac. Rename the existing pinentry file to "pinentry-text" or similar, and create a symlink from pinentry-qt, pinentry-qt4, pinentry-gtk, pinentry-gtk2 or pinentry-mac to pinentry. Then restart your PC.
3. If the above does not help, check the contents of $HOME/.gnupg/gpg-agent.conf. Make sure that there is a configuration entry pinentry-program containing the full path to a graphical version of pinentry as above. E.g.:
pinentry-program /usr/local/bin/pinentry-gtk
Then save the file and restart your PC.
4. If you still can't access your key, then execute the following script from a terminal:
gpg-connect-agent <<EOT
GETINFO version
EOT
The output should be something like the text below, where 2.0.26 represents the agent version number. The version number should match your gpg version number:
D 2.0.26
OK
If you get an error message like "ERR 280 not implemented" then you don't use gpg-agent, but one of the alternatives like gnome-keyring. We recommend you switch to gpg-agent by disabling your current agent. See e.g. askubuntu for how to disable gnome-keyring or how to disable KDE wallet.
5. If you get a useful result from above, then execute the following script from a terminal:
gpg-connect-agent <<EOT
GET_CONFIRMATION Hello
EOT
Pinentry should now open as a graphical window (just like above), with the difference to the step above that this instance of pinentry was launched from gpg-agent. If this is successful, then GnuPG 2 should work correctly in Enigmail.
6. If gpg-agent still cannot launch pinentry from Enigmail, then you need to start debugging gpg-agent. Execute the following commands from a terminal:
killall gpg-agent
gpg-agent --debug-level expert --use-standard-socket --daemon /bin/sh
This will start gpg-agent from the command line, open a new shell and print the debug output to that shell. If the command succeeded, you will see somehting like:
gpg-agent[76979]: gpg-agent 2.0.26 started
Leave the terminal window untouched, start Thunderbird and try to use Enigmail. As you'll try to access gpg-agent, you will see the output in your terminal window. If gpg-agent cannot start pinentry successfully, you will see something like this:
gpg-agent[76993]: starting a new PIN Entry
gpg-agent[76993]: chan_19 <- ERR 67109133 can't exec `/usr/bin/pinentry': No such file or directory
gpg-agent[76993]: chan_19 -> BYE
gpg-agent[76993]: can't connect to the PIN entry module: IPC connect call failed
gpg-agent[76993]: command get_passphrase failed: No pinentry
Press Ctrl+D in the terminal to end the debugging session. The bold line should tell you the reason for the error (in the example above, pinentry cannot be found). Try to fix the error and repeat the test.
7. If all of the above doesn't help, then get help at our mailing list or our support forum.


Top
 Profile  
 
PostPosted: Fri Dec 18, 2015 4:59 am 
Offline
Established UberStudent User

Joined: Thu Sep 17, 2015 4:11 am
Posts: 15
bradley wrote:
I gave Thunderbird with Enigmail a try and the same thing happened to me as described above (starting with not saving the revocation certificate). However I did not get it working by following the steps. There was a gpg.conf in .gnupg but not that other file, regardless what I tried. I can also confirm that it works like a charm on Debian or Ubuntu. I spent some time by trying to figure out the issue on Uberstudent without success. In the end it's not that relevant for me either. Just wanted to mention that obviously this issue occurs sometimes.


Make sure that "use-agent" is uncommented in the gpg.conf file. See partial text below...
# For Ubuntu we now use-agent by default to support more automatic
# use of GPG and S/MIME encryption by GUI programs. Depending on the
# program, users may still have to manually decide to install gnupg-agent.

use-agent

# which tries to use the agent but will fallback to the regular mode
# if there is a problem connecting to the agent. The normal way to
# locate the agent is by looking at the environment variable
# GPG_AGENT_INFO which should have been set during gpg-agent startup.
# In certain situations the use of this variable is not possible, thus
# the option
-------------

Additionally, the contents of my "gpg-agent-info-username" file are as follows:
GPG_AGENT_INFO=/tmp/gpg-kHsfn7/S.gpg-agent:2574:1
I don't know if this is correct, but it works for me. Seems odd to me that information in /tmp would be used for enabling a program to run correctly, but I am far from experienced in these matters. A folder in /tmp named "gpg-kHsfn7" does exist and contains "S.gpg-agent" bytes 0, Type socket. I don't have any other Linux distros installed to compare with.

I can confirm that both gnupg and gnupg2 are required for everything to work correctly, a well as gnupg-agent 2.0.22-3, pinentry-qt4, pinentry-gtk2, libgpg-error0, and pinentry-curses for my installation.


Top
 Profile  
 
PostPosted: Fri Dec 18, 2015 12:54 pm 
Offline
Established UberStudent User

Joined: Thu Sep 03, 2015 8:24 pm
Posts: 15
Paul Frankfurter wrote:
bradley wrote:
I gave Thunderbird with Enigmail a try and the same thing happened to me as described above (starting with not saving the revocation certificate). However I did not get it working by following the steps. There was a gpg.conf in .gnupg but not that other file, regardless what I tried. I can also confirm that it works like a charm on Debian or Ubuntu. I spent some time by trying to figure out the issue on Uberstudent without success. In the end it's not that relevant for me either. Just wanted to mention that obviously this issue occurs sometimes.


Make sure that "use-agent" is uncommented in the gpg.conf file. See partial text below...
# For Ubuntu we now use-agent by default to support more automatic
# use of GPG and S/MIME encryption by GUI programs. Depending on the
# program, users may still have to manually decide to install gnupg-agent.

use-agent

# which tries to use the agent but will fallback to the regular mode
# if there is a problem connecting to the agent. The normal way to
# locate the agent is by looking at the environment variable
# GPG_AGENT_INFO which should have been set during gpg-agent startup.
# In certain situations the use of this variable is not possible, thus
# the option
-------------

Additionally, the contents of my "gpg-agent-info-username" file are as follows:
GPG_AGENT_INFO=/tmp/gpg-kHsfn7/S.gpg-agent:2574:1
I don't know if this is correct, but it works for me. Seems odd to me that information in /tmp would be used for enabling a program to run correctly, but I am far from experienced in these matters. A folder in /tmp named "gpg-kHsfn7" does exist and contains "S.gpg-agent" bytes 0, Type socket. I don't have any other Linux distros installed to compare with.

I can confirm that both gnupg and gnupg2 are required for everything to work correctly, a well as gnupg-agent 2.0.22-3, pinentry-qt4, pinentry-gtk2, libgpg-error0, and pinentry-curses for my installation.


Thanks for the hints. I had all the packages, except pinentry-curses, but even with installing it, the issue still remains. BTW all the software I had and checked, showed the same versions as in the very first post above.

I checked the plain Ubuntu config: There is no gpg-agent-info-username in /.gnupg. I tried to create that file with the given content, but no success. It's indeed strange having that file, because the gpg-folder-name in /tmp changes if you reboot the machine. BTW gpgv2 is not required in plain Ubuntu to get it work.

I did not see any "use-agent" line in gpg.conf. If it's meant to be a simple line "use-agent", I tried that and it's still not working. It's strange though that importing a key through key-management in enigmail works fine, gpg --list-keys shows that everything is correct. Somehow it feels like there is something fishy between enigmail and gpg-agent. Running gpg-agent in terminal it shows though: "gpg-agent running and available".


Top
 Profile  
 
PostPosted: Fri Dec 18, 2015 8:32 pm 
Offline
Established UberStudent User

Joined: Thu Sep 03, 2015 8:24 pm
Posts: 15
What I just noticed: After installing pinentry-curses that file "gpg-agent-info-hostname" appeared in .gnupg (it seems to be hotstname, not username at the end). However I just checked on plain Ubuntu and there is no need for this file in order to get enigmail working. Also there is no use-agent line in gpg.conf. However there is some kind of gpg-agent wrapper in the thunderbird/extensions folder. In Ubuntu there is only one directory in the default folder, which is Mail. In the UberStudent thunderbird folder there is calendar-data, minidumps, extensions, etc. Could it be an issue with that wrapper? I don't know, I'm thinking about making a Mail directory backup and remove thunderbird and enigmail completely and install it again. After putting back the Mail directory I could check again. Is there any harm or data-loss I could suffer this way? I'm not sure but it does not seem so.


Top
 Profile  
 
PostPosted: Sat Dec 19, 2015 7:09 am 
Offline
UberStudent Founder and Lead Developer
User avatar

Joined: Sun Nov 11, 2012 8:54 am
Posts: 958
Location: UberStudent Headquarters
There should be zero difference between Ubuntu and UberStudent in the regards you're discussing.

_________________
UberStudent Must Become Self-Sustaining. If UberStudent and my dedicated support of it has benefited you, it's important to make a donation. Thanks!

The UberStudent Headquarters:
    * Mobo: MSI 870-G45
    * Processor: AMD Phenom II X4 3.4GHz
    * RAM: G.SKILL 8GB DDR3 1600
    * Graphics: MSI NVIDIA GeForce GTX 750 Ti
    * Drive: OCZ Vertex SSD
    * Case: Rosewill ATX Mid Tower
    * Monitors: 2 x Dell UltraSharp
    * With UberStudent 4.3 Development Build
You should build your own computers, too!


Top
 Profile  
 
PostPosted: Sat Dec 19, 2015 4:04 pm 
Offline
Established UberStudent User

Joined: Thu Sep 03, 2015 8:24 pm
Posts: 15
Exactly, that's what came to my mind first too. There should be no difference to plain Ubuntu. The "hello world" script works as it should, window pops up. The other script is showing D 2.0.22. Even starting debbuging shows:
gpg-agent (GnuPG) 2.0.22 started
$ gpg-agent[3928]: handler 0x7f94b48c59b0 for fd 7 started
gpg-agent[3928]: chan_7 -> OK Pleased to meet you, process 3928
gpg-agent[3928]: chan_6 <- OK Pleased to meet you, process 3928
gpg-agent[3928]: chan_6 -> GETINFO pid
gpg-agent[3928]: chan_7 <- GETINFO pid
gpg-agent[3928]: chan_7 -> D 3928
gpg-agent[3928]: chan_7 -> OK
gpg-agent[3928]: chan_6 <- D 3928
gpg-agent[3928]: chan_6 <- OK
gpg-agent[3928]: chan_6 -> BYE
gpg-agent[3928]: chan_7 <- BYE
gpg-agent[3928]: chan_7 -> OK closing connection
gpg-agent[3928]: handler 0x7f94b48c59b0 for fd 7 terminated

To me it's not really an issue, just tried it out of curiosity and it is somehow not working. If I find the culprit, I'll let this thread know. Thank you for all the hints and suggestions anyway.


Top
 Profile  
 
PostPosted: Sat Jan 09, 2016 3:46 pm 
Offline
Established UberStudent User

Joined: Thu Sep 03, 2015 8:24 pm
Posts: 15
Soooo.... End is good, all is good 8-) After having a look at the issue again I just noticed that in comparison to the working plain Ubuntu Thunderbird folder there were some differences: I found files named revocations.txt and pgprules.xml, which are not in use on Ubuntu. Also that gpg-agent wrapper in the thunderbird/extensions folder gave me thinking. This is what I did:

- Copy the whole .thunderbird folder as a backup to somewhere
- Remove Thunderbird and Enigmail e.g. via Synaptic
- Delete the whole content of the .thunderbird folder (uninstalling Thunderbird leaves your profile and e-mail folder on the machine)
- Install Thunderbird and Enigmail again
- Use the following "how-to" to copy the content of the backup folder to a newly created profile: http://email.about.com/od/mozillathunde ... e_prof.htm
[at this stage I'd like to mention that there is a great add-on called "profile switcher"]
Just for clarification: It's about the content of the xyzxyzx.default (backup) folder [or whatever your profile's name was], which should be copied into the folder with ".Restoration Profile" ending (see "how-to"), EXCEPT the Thunderbird files (in my case I just copied the Mail subfolder).
- If you also copied the Thunderbird files into that .Restoration folder, delete and replace them by the files from the newly installed Thunderbird default profile - or otherwise just copy and paste these files into that folder. So basically it was all about having the old Mail folder content in a newly created profile on a fresh install of Thunderbird and Enigmail.

After these steps sending encrypted e-mails with Enigmail started to work as it should. Thanks to Paul for the hints and discovering the issue! It seems there was a culprit in Thunderbird which stopped Enigmail and PGP working together in the proper way.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 20 posts ]  Go to page Previous  1, 2

Click Here to Get Inexpensive UberStudent Discs


Click here to get UberStudent discs delivered to your mailbox
Delivered Directly to Your Mailbox!



All times are UTC


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group