Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gpa
S/MIME signing fails on a SUSE 9.3 system
kuenne at rentec
May 31, 2005, 11:37 AM
Post #1 of 7 (4929 views)
Permalink
Hi,

I have trouble signing kmail messages with S/MIME on a freshly installed SUSE
9.3 system. The relevant SW versions are:

gpg2-1.9.14-6.2
gpgme-1.0.2-3
pinentry-0.7.1-4

If I try to sign a message with S/MIME I only get a popup telling me "Signing
failed: No pinentry". But pinentry is installed and works fine (I tried it
from the command line) and I also have no trouble signing with OpenPGP/MIME.
With OpenPGP/MIME the pinentry window pops up and asks me for the passphrase
and everything works, but with S/MIME it fails. Following is the bottom of
the debug log:

...
[client at fd 5 connected]
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> Home: ~/.gnupg
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: ->
Config: /home2/kuenne/.gnupg/gpgsm.conf
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: ->
AgentInfo: /tmp/gpg-CLY3PY/S.gpg-agent:25887:1
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> DirmngrInfo: [not
set]
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> GNU Privacy Guard's
S/M server 1.9.14 ready
4 - 2005-05-31 14:24:11 gpgsm[32713.0x807faa8] DBG: <- [EOF]
[client at fd 4 disconnected]
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- OPTION display=:0.0
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> OK
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- OPTION
lc-ctype=en_US.UTF-8
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> OK
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- OPTION
lc-messages=en_U
S.UTF-8
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> OK
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- OPTION include-certs
1
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> OK
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- RESET
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> OK
5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- SIGNER
C56D2498E0CB350DCD84F0B6585D50789C9DA837
5 - 2005-05-31 14:24:11 gpgsm[32715]: DBG: connection to agent established
5 - 2005-05-31 14:24:12 gpgsm[32715]: certificate is good
5 - 2005-05-31 14:24:12 gpgsm[32715]: CRLs not checked due to
--disable-crl-checks option
5 - 2005-05-31 14:24:12 gpgsm[32715.0x807faa8] DBG: -> OK
5 - 2005-05-31 14:24:12 gpgsm[32715.0x807faa8] DBG: <- INPUT FD=27
5 - 2005-05-31 14:24:12 gpgsm[32715.0x807faa8] DBG: -> OK
5 - 2005-05-31 14:24:13 gpgsm[32715.0x807faa8] DBG: <- OUTPUT FD=33
5 - 2005-05-31 14:24:13 gpgsm[32715.0x807faa8] DBG: -> OK
5 - 2005-05-31 14:24:13 gpgsm[32715.0x807faa8] DBG: <- SIGN --detached
5 - 2005-05-31 14:24:13 gpgsm[32715]: DBG: adding certificates at level 1
5 - 2005-05-31 14:24:13 gpgsm[32715]: error creating signature: No pinentry
<GPG Agent>
5 - 2005-05-31 14:24:13 gpgsm[32715.0x807faa8] DBG: -> ERR 67108949 No
pinentry <GPG Agent>
5 - 2005-05-31 14:24:17 gpgsm[32715.0x807faa8] DBG: <- [EOF]
[client at fd 5 disconnected]


And this is my gpgsm.conf:

agent-program /usr/bin/gpg-agent
dirmngr-program /usr/bin/dirmngr
disable-crl-checks

###+++--- GPGConf ---+++###
debug-level basic
log-file socket:///home2/kuenne/.gnupg/log-socket
###+++--- GPGConf ---+++### Tue 31 May 2005 02:23:02 PM EDT
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.


The gpg-agent is running and GPG_AGENT_INFO is set correctly. Does anybody
know what's going on here?


Karsten.
--
Oliver's Law:
Experience is something you don't get until just after you need
it.
Re: S/MIME signing fails on a SUSE 9.3 system [ In reply to ]
wk at gnupg
Jun 2, 2005, 3:08 AM
Post #2 of 7 (4782 views)
Permalink
On Tue, 31 May 2005 14:37:44 -0400, Karsten Künne said:

> The gpg-agent is running and GPG_AGENT_INFO is set correctly. Does anybody
> know what's going on here?

It does not find pinentry for reasons I don't know. The easiest
workaround is to add a line like

pinentry-program /usr/lib/pinentry/pinentry-gtk

to gpg-agent.conf. Replace gtk by qt or gtk2 according on your taste.
Also try to run pinnetry using exactly the filename as given in that
line.



Salam-Shalom,

Werner
Re: S/MIME signing fails on a SUSE 9.3 system [ In reply to ]
kuenne at rentec
Jun 2, 2005, 1:42 PM
Post #3 of 7 (4791 views)
Permalink
On Thursday 02 June 2005 06:08, Werner Koch wrote:
> On Tue, 31 May 2005 14:37:44 -0400, Karsten Künne said:
> > The gpg-agent is running and GPG_AGENT_INFO is set correctly. Does
> > anybody know what's going on here?
>
> It does not find pinentry for reasons I don't know. The easiest
> workaround is to add a line like
>
> pinentry-program /usr/lib/pinentry/pinentry-gtk
>
> to gpg-agent.conf. Replace gtk by qt or gtk2 according on your taste.
> Also try to run pinnetry using exactly the filename as given in that
> line.
>

The pinentry is not the issue, I configured it in gpg-agent.conf and it is
found. I looked a bit deeper and apparently someone is talking garbage to the
gpg-agent program. Following is from the agent's debug log:

...
5 - 2005-06-02 15:46:43 gpgsm[7635.0x807d230] DBG: <- OPTION display=:0.0
5 - 2005-06-02 15:46:43 gpgsm[7635.0x807d230] DBG: <- OPTION
lc-ctype=en_US.UTF-8
5 - 2005-06-02 15:46:43 gpgsm[7635.0x807d230] DBG: <- OPTION
lc-messages=en_US.UTF-8

That are the options the agent supposedly gets. BUT, somebody is lying here!
Because this is what I can see if I strace the agent:

19760 read(0, "OPTION display=:0.0", 1002) = 19
19760 read(0, "OPTION lc-ctype=en_US.UTF-8", 1002) = 27
19760 read(0, "OPTION display=en_US.UTF-8", 1002) = 26

So, the first and second option are correct but the third one is garbage. The
debug output says it's "lc-ctype=en_US.UTF8" but what the agent gets is
"display=en_US.UTF8" which is completely bogus. And as a result pinentry
fails to open the display. Now the question is where does that bogus option
come from? Is it kmail which is talking to gpg-agent directly or is gpgme
involved? I have no idea how the chain of command works in kmail from KDE
3.4.1. The interesting thing is that it works fine in the OpenPGP/Mime case
(except for the fact that it apparently doesn't like german umlauts in the
"To" header but that's another issue).


Karsten.
--
If you think education is expensive, try ignorance.
-- Derek Bok, president of Harvard
Re: S/MIME signing fails on a SUSE 9.3 system [ In reply to ]
kuenne at rentec
Jun 2, 2005, 1:55 PM
Post #4 of 7 (4788 views)
Permalink
On Thursday 02 June 2005 16:42, Karsten Künne wrote:
> On Thursday 02 June 2005 06:08, Werner Koch wrote:
> > On Tue, 31 May 2005 14:37:44 -0400, Karsten Künne said:
> > > The gpg-agent is running and GPG_AGENT_INFO is set correctly. Does
> > > anybody know what's going on here?
> >
> > It does not find pinentry for reasons I don't know. The easiest
> > workaround is to add a line like
> >
> > pinentry-program /usr/lib/pinentry/pinentry-gtk
> >
> > to gpg-agent.conf. Replace gtk by qt or gtk2 according on your taste.
> > Also try to run pinnetry using exactly the filename as given in that
> > line.
>
> The pinentry is not the issue, I configured it in gpg-agent.conf and it is
> found. I looked a bit deeper and apparently someone is talking garbage to
> the gpg-agent program. Following is from the agent's debug log:
>
> ...
> 5 - 2005-06-02 15:46:43 gpgsm[7635.0x807d230] DBG: <- OPTION display=:0.0
> 5 - 2005-06-02 15:46:43 gpgsm[7635.0x807d230] DBG: <- OPTION
> lc-ctype=en_US.UTF-8
> 5 - 2005-06-02 15:46:43 gpgsm[7635.0x807d230] DBG: <- OPTION
> lc-messages=en_US.UTF-8
>
> That are the options the agent supposedly gets. BUT, somebody is lying
> here! Because this is what I can see if I strace the agent:
>
> 19760 read(0, "OPTION display=:0.0", 1002) = 19
> 19760 read(0, "OPTION lc-ctype=en_US.UTF-8", 1002) = 27
> 19760 read(0, "OPTION display=en_US.UTF-8", 1002) = 26
>
> So, the first and second option are correct but the third one is garbage.
> The debug output says it's "lc-ctype=en_US.UTF8" but what the agent gets is
> "display=en_US.UTF8" which is completely bogus. And as a result pinentry
> fails to open the display. Now the question is where does that bogus option
> come from? Is it kmail which is talking to gpg-agent directly or is gpgme
> involved? I have no idea how the chain of command works in kmail from KDE
> 3.4.1.

Forget that last sentence, it's of course gpgsm which is screwing things up
here. SUSE ships version 1.9.14. I'll have a look at it and see why it's
talking garbage to the agent.


Karsten.
--
Living on Earth may be expensive, but it includes an annual free trip
around the Sun.
Re: S/MIME signing fails on a SUSE 9.3 system [ In reply to ]
kuenne at rentec
Jun 2, 2005, 3:12 PM
Post #5 of 7 (4776 views)
Permalink
On Thursday 02 June 2005 16:55, Karsten Künne wrote:
> On Thursday 02 June 2005 16:42, Karsten Künne wrote:
> > On Thursday 02 June 2005 06:08, Werner Koch wrote:
> > > On Tue, 31 May 2005 14:37:44 -0400, Karsten Künne said:
> > > > The gpg-agent is running and GPG_AGENT_INFO is set correctly. Does
> > > > anybody know what's going on here?
> > >
> > > It does not find pinentry for reasons I don't know. The easiest
> > > workaround is to add a line like
> > >
> > > pinentry-program /usr/lib/pinentry/pinentry-gtk
> > >
> > > to gpg-agent.conf. Replace gtk by qt or gtk2 according on your taste.
> > > Also try to run pinnetry using exactly the filename as given in that
> > > line.
> >
> > The pinentry is not the issue, I configured it in gpg-agent.conf and it
> > is found. I looked a bit deeper and apparently someone is talking garbage
> > to the gpg-agent program. Following is from the agent's debug log:
> >
> > ...
> > 5 - 2005-06-02 15:46:43 gpgsm[7635.0x807d230] DBG: <- OPTION
> > display=:0.0 5 - 2005-06-02 15:46:43 gpgsm[7635.0x807d230] DBG: <- OPTION
> > lc-ctype=en_US.UTF-8
> > 5 - 2005-06-02 15:46:43 gpgsm[7635.0x807d230] DBG: <- OPTION
> > lc-messages=en_US.UTF-8
> >
> > That are the options the agent supposedly gets. BUT, somebody is lying
> > here! Because this is what I can see if I strace the agent:
> >
> > 19760 read(0, "OPTION display=:0.0", 1002) = 19
> > 19760 read(0, "OPTION lc-ctype=en_US.UTF-8", 1002) = 27
> > 19760 read(0, "OPTION display=en_US.UTF-8", 1002) = 26
> >
> > So, the first and second option are correct but the third one is garbage.
> > The debug output says it's "lc-ctype=en_US.UTF8" but what the agent gets
> > is "display=en_US.UTF8" which is completely bogus. And as a result
> > pinentry fails to open the display. Now the question is where does that
> > bogus option come from? Is it kmail which is talking to gpg-agent
> > directly or is gpgme involved? I have no idea how the chain of command
> > works in kmail from KDE 3.4.1.
>
> Forget that last sentence, it's of course gpgsm which is screwing things up
> here. SUSE ships version 1.9.14. I'll have a look at it and see why it's
> talking garbage to the agent.
>
>

O.k., I keep following up to myself. Looks like gnupg-1.9.14 has a "brown
paper bag" bug in common/asshelp.c ;-). It's fixed in 1.9.15, SUSE apparently
shipped a broken version of gpg2 in 9.3.


Karsten.
--
"Not Hercules could have knock'd out his brains, for he had none."
-- Shakespeare
Re: S/MIME signing fails on a SUSE 9.3 system [ In reply to ]
wk at gnupg
Jun 3, 2005, 5:11 AM
Post #6 of 7 (4799 views)
Permalink
On Thu, 2 Jun 2005 18:12:09 -0400, Karsten Künne said:

> O.k., I keep following up to myself. Looks like gnupg-1.9.14 has a "brown
> paper bag" bug in common/asshelp.c ;-). It's fixed in 1.9.15, SUSE apparently
> shipped a broken version of gpg2 in 9.3.

Ah well:

2005-01-03 Werner Koch <wk@g10code.com>

* asshelp.c (send_pinentry_environment): Fixed changed from
2004-12-18; cut+paste error for lc-messages.



Shalom-Salam,

Werner
Re: S/MIME signing fails on a SUSE 9.3 system [ In reply to ]
bernhard at intevation
Jun 3, 2005, 6:17 AM
Post #7 of 7 (4814 views)
Permalink
On Thu, Jun 02, 2005 at 06:12:09PM -0400, Karsten Künne wrote:
> On Thursday 02 June 2005 16:55, Karsten Künne wrote:
> > On Thursday 02 June 2005 16:42, Karsten Künne wrote:

> O.k., I keep following up to myself.


No problem, this is a lot better than to keep quiet and suffer.
It is good to see the issue fixed.

> Looks like gnupg-1.9.14 has a "brown
> paper bag" bug in common/asshelp.c ;-). It's fixed in 1.9.15, SUSE apparently
> shipped a broken version of gpg2 in 9.3.

Note that the "gpg2" binary itself should not be used for production,
only gpg-agent and gpgsm is good to use.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal