Michael Tatge
2018-03-21 11:45:41 UTC
Hi,
i'm trying to run mutt with s/mime and
$crypt_use_gpgme set, but i keep running into errors when it comes to
decryption. Signing / verifying works ok.
TL;DR i cannot decrypt messages that are encrypted for me.
[-- Begin signature information --]
Good signature from:
1.2.840.113549.1.9.1=#6D69636861656C2E7461746765406D63666573732D69742E636F6D
aka: <***@XXX>
created: Wed Mar 21 12:22:08 2018
[-- End signature information --]
[-- The following data is signed --]
BUT:
[-- The following data is S/MIME encrypted --]
[-- Error: decryption failed: Invalid value passed to IPC --]
[-- End of S/MIME encrypted data --]
Sending s/mime encypted messages seems ok too.
Maybe i'm doing something wrong.
Mutt 1.9.4 (2018-02-28) (debian package from testing)
gpgsm (GnuPG) 2.2.5
libgcrypt 1.8.1
libksba 1.3.5-unknown
gpg:OpenPGP:/usr/bin/gpg
gpg-agent:Private Keys:/usr/bin/gpg-agent
scdaemon:Smartcards:/usr/lib/gnupg/scdaemon
gpgsm:S/MIME:/usr/bin/gpgsm
dirmngr:Network:/usr/bin/dirmngr
pinentry:Passphrase Entry:/usr/bin/pinentry
gpg-agent.conf:
default-cache-ttl 600
pinentry-program /usr/bin/pinentry-curses
gpgsm.conf:
default-key C1:B3:80:90:E5:8F:FE:53:8C:44:2B:70:7E:79:CD:E2:72:55:59:85
auto-issuer-key-retrieve
include-certs -1 # this will include all certificates in the chain up to the root
gpgsm --list-keys
is listing all certs including the whole ca chain
gpgsm --list-secret-keys is listing my secret key
running gpgsm manually seems to be working ok
$ echo "some text" | gpgsm --sign --armor | gpgsm --verify
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: DBG: adding certificates at level -1
gpgsm: signature created
gpgsm: Signature made 2018-03-21 11:09:21 using certificate ID
0x72555985
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Good signature from "/EMail=***@XXX"
gpgsm: aka "***@XXX"
$ echo "some text" | gpgsm --encrypt --recipient ***@XXX --armor | gpgsm --decrypt
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: encrypted data created
gpgsm: DBG: recp 0 - issuer: 'CN=COMODO RSA Client Authentication and
Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater
Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 069B11DBBF7D5819F2ED167B024F009F
some text
relevant muttrc:
unset smime_is_default
set crypt_autosmime
set crypt_use_gpgme
I'm NOT sourcing gpg.rc or smime.rc.
If I source both and unset crypt_use_gpgme
Everything is fine tough, but it uses smime_keys then.
Thanks,
Michael
i'm trying to run mutt with s/mime and
$crypt_use_gpgme set, but i keep running into errors when it comes to
decryption. Signing / verifying works ok.
TL;DR i cannot decrypt messages that are encrypted for me.
[-- Begin signature information --]
Good signature from:
1.2.840.113549.1.9.1=#6D69636861656C2E7461746765406D63666573732D69742E636F6D
aka: <***@XXX>
created: Wed Mar 21 12:22:08 2018
[-- End signature information --]
[-- The following data is signed --]
BUT:
[-- The following data is S/MIME encrypted --]
[-- Error: decryption failed: Invalid value passed to IPC --]
[-- End of S/MIME encrypted data --]
Sending s/mime encypted messages seems ok too.
Maybe i'm doing something wrong.
Mutt 1.9.4 (2018-02-28) (debian package from testing)
gpgsm (GnuPG) 2.2.5
libgcrypt 1.8.1
libksba 1.3.5-unknown
gpg:OpenPGP:/usr/bin/gpg
gpg-agent:Private Keys:/usr/bin/gpg-agent
scdaemon:Smartcards:/usr/lib/gnupg/scdaemon
gpgsm:S/MIME:/usr/bin/gpgsm
dirmngr:Network:/usr/bin/dirmngr
pinentry:Passphrase Entry:/usr/bin/pinentry
gpg-agent.conf:
default-cache-ttl 600
pinentry-program /usr/bin/pinentry-curses
gpgsm.conf:
default-key C1:B3:80:90:E5:8F:FE:53:8C:44:2B:70:7E:79:CD:E2:72:55:59:85
auto-issuer-key-retrieve
include-certs -1 # this will include all certificates in the chain up to the root
gpgsm --list-keys
is listing all certs including the whole ca chain
gpgsm --list-secret-keys is listing my secret key
running gpgsm manually seems to be working ok
$ echo "some text" | gpgsm --sign --armor | gpgsm --verify
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: DBG: adding certificates at level -1
gpgsm: signature created
gpgsm: Signature made 2018-03-21 11:09:21 using certificate ID
0x72555985
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Good signature from "/EMail=***@XXX"
gpgsm: aka "***@XXX"
$ echo "some text" | gpgsm --encrypt --recipient ***@XXX --armor | gpgsm --decrypt
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: encrypted data created
gpgsm: DBG: recp 0 - issuer: 'CN=COMODO RSA Client Authentication and
Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater
Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 069B11DBBF7D5819F2ED167B024F009F
some text
relevant muttrc:
unset smime_is_default
set crypt_autosmime
set crypt_use_gpgme
I'm NOT sourcing gpg.rc or smime.rc.
If I source both and unset crypt_use_gpgme
Everything is fine tough, but it uses smime_keys then.
Thanks,
Michael
--
PGP-Key-ID: 0xDE3C3D3BEEE7D043
Jabber: ***@jabber.de
PGP-Key-ID: 0xDE3C3D3BEEE7D043
Jabber: ***@jabber.de