X2Go Bug report logs - #857
Thunderbird Enigmail fails to access password-protected GPG key in pubapps or single app mode

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Michael DePaulo <mikedep333@gmail.com>

To: "submit@bugs.x2go.org" <submit@bugs.x2go.org>

Subject: Thunderbird Enigmail fails to access password-protected GPG key in pubapps or single app mode

Date: Sun, 26 Apr 2015 23:18:10 -0400

Package: x2goserver
Version: 4.0.1.19
Severity: normal

Client: x2goclient 4.0.4.0-2015.04.25-ee11aa4 (nightly build)
Client OS: Windows 10 64-bit build 10049

Server OS: Fedora 21 64-bit with latest updates
Server Desktop Environment: MATE 1.8.2
Thunderbird: 31.6.0-1.fc21
Enigmail version: 1.8.2 (20150416-1748)
Enigmail "About" states: Using gpg executable /usr/bin/gpg2 to encrypt
and decrypt
x2goagent: 3.5.0.31
x2goserver: 4.0.1.19
x2goserver-extensions: 4.0.1.19
x2goserver-fmbindings: 4.0.1.19
x2goserver-xsession: 4.0.1.19

Note: Using Fedora packaging for x2goserver components. Version is:
4.0.1.19-1.fc21
Note: using x2go release build for nx-libs components. Version is:
3.5.0.31-0.0x2go1.1.git20150318.671.main.fc21

For those who do not know, Enigmail is a plugin that adds GPG support
for signing and encryption to Thunderbird.

Description of Problem:

The problem is that when I launch Thunderbird under pubapps mode or
single application mode, Enigmail fails to access my
password-protected private key. So it fails to things decrypt
encrypted emails.

I see error messages like:
enigmail Error - no matching private/secret key found to decrypt
message; click on 'Details' button for more information

When I click on "Eetails" and then "Enigmail Security Info", I see the error:

Error - no matching private/secret key found to decrypt message

gpg: decryption failed: No secret key

However, when I launch Thunderbird under a MATE session, I do not have
this problem. I am prompted for my passphrase for my private key by a
pop-up window, which appears to be the "gcr-prompter" executable. Then
Enigmail is able to access the key.

Investigation I've done so far:

This appears to be related to GPG agent(s).

I was able to produce this bug under a MATE session by unsetting this
environment variable:
GPG_AGENT_INFO=/run/user/40001103/keyring/gpg:0:1
Where 40001103 is my UID.
That file "gpg" is a socket.

Under pubapps mode, I launched a terminal, set that env var, and then
launched Thunderbird, but the problem was still present. However, the
directory /run/user/40001103/keyring did not exist, so the "gpg"
socket under it did not exist.

I figured I should try to determine what process MATE or x2goserver is
starting under a MATE session that enabled Thunderbird to work by
disabling that process for a MATE session.

So I tried disabling these all of these user background applications
(every applications that appeared to be related to keyrings) under
MATE" startup applications", but it still did not cause the problem.
The "keyring" dir still existed, and so did the "gpg" socket
underneath it. And the env var was still set. I do not know what
process is creating these and setting the env var.

Note that I tried disabling all of them at once.

Note I killed any leftover processes from prior sessions too:

Name: Certificate and Key Storage
Command: /usr/bin/gnome-keyring-daemon --start --components=pkcs11
Comment: GNOME Keyring: PKCS#11 Component

Name: GPG Password Agent
Command: /usr/bin/gnome-keyring-daemon --start --components=gpg
Comment: GNOME Keyring: GPG Agent

Name: Secret Storage Service
Command: /usr/bin/gnome-keyring-daemon --start --components=secrets
Comment: GNOME Keyring: Secret Service

Name: SSH Key Agent
Command: /usr/bin/gnome-keyring-daemon --start --components=ssh
Comment: GNOME Keyring: SSH Agent

Send a report that this bug log contains spam.