Problems with Gnus (Emacs) + GnuPG for signing a mail with S/MIME

Angel de Vicente angel.de.vicente at iac.es
Fri Nov 4 20:03:35 CET 2022


Hello,

I've been trying to figure out why my setting (Emacs + Gnus) is giving
me trouble to sign SMIME messages. Well, the only problem seems to be
when I select the option for loopback pinentry, and only for SMIME
messags. For signing with PGP loopback seems to work fine and I get
asked the passphrase in the Emacs minibuffer, but for SMIME there seems
to be a problem. 

By setting epg-debug in Emacs to True I found that most of the moves are
OK, but that the error comes from not being able to get the passphrase:

the " *gpg-error* buffer comes with:
,----
| gpgsm: Note: non-critical certificate policy not allowed
| gpgsm: Note: non-critical certificate policy not allowed
| gpgsm: Note: non-critical certificate policy not allowed
| gpgsm: CRLs not checked due to --disable-crl-checks option
| gpgsm: DBG: adding certificates at level -2
| gpgsm: ignoring gpg-agent inquiry 'PASSPHRASE'
| gpgsm: error creating signature: No passphrase given <GPG Agent>
`----

while the gpg-agent.log tells me:
,----
| DBG: chan_9 -> OK Pleased to meet you, process 3382246
| DBG: chan_9 <- RESET
| DBG: chan_9 -> OK
| DBG: chan_9 <- OPTION ttytype=dumb
| DBG: chan_9 -> OK
| DBG: chan_9 <- OPTION display=:0.0
| DBG: chan_9 -> OK
| DBG: chan_9 <- OPTION xauthority=/home/angelv/.Xauthority
| DBG: chan_9 -> OK
| DBG: chan_9 <- OPTION putenv=XDG_SESSION_TYPE=x11
| DBG: chan_9 -> OK
| DBG: chan_9 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
| DBG: chan_9 -> OK
| DBG: chan_9 <- OPTION putenv=INSIDE_EMACS=28.2,epg
| DBG: chan_9 -> OK
| DBG: chan_9 <- GETINFO version
| DBG: chan_9 -> D 2.2.40
| DBG: chan_9 -> OK
| DBG: chan_9 <- OPTION allow-pinentry-notify
| DBG: chan_9 -> OK
| DBG: chan_9 <- OPTION pinentry-mode=loopback
| DBG: chan_9 -> OK
| DBG: chan_9 <- HAVEKEY FC155E4BAF3DA44364C84711DA0B7137EA89D084
| DBG: chan_9 -> OK
| DBG: chan_9 <- ISTRUSTED D1EB23A46D17D68FD92564C2F1F1601764D8E349
| DBG: chan_9 -> S TRUSTLISTFLAG relax
| DBG: chan_9 -> OK
| DBG: chan_9 <- RESET
| DBG: chan_9 -> OK
| DBG: chan_9 <- SIGKEY FC155E4BAF3DA44364C84711DA0B7137EA89D084
| DBG: chan_9 -> OK
| DBG: chan_9 <- SETKEYDESC
| Please+enter+the+passphrase+to+unlock+the+secret+key+for+the+X.509+certificate:%0A%22/CN=Angel+M+de+Vicente/O=Instituto+de+Astrofisica+de+Canarias/STREET=Calle+Vía+Láctea,+s\x2fn/ST=Santa+Cruz+de+Tenerife/C=ES%22%0AS/N+00B4307E9B17A8814A2B5CAE68E09B520E,+ID+0x74A5504B,%0Acreated+2022-10-31,+expires+2024-10-30.%0A
| DBG: chan_9 -> OK
| DBG: chan_9 <- SETHASH 9 96D6D02821BA0498546EF7BD466B9712FD1C8126AD583F895CD8DDA26DD07B7BBFD74F8A5A6E3087C0893C7BBDD78CCB
| DBG: chan_9 -> OK
| DBG: chan_9 <- PKSIGN
| DBG: agent_get_cache 'FC155E4BAF3DA44364C84711DA0B7137EA89D084'.0 (mode 2) ...
| DBG: ... miss
| DBG: agent_get_cache '6F4B59E5A9FBC6FB684CB55FDBB7CC30EEE197E3'.0 (mode 2) (stored cache key) ...
| DBG: ... miss
| DBG: chan_9 -> S INQUIRE_MAXLEN 255
| DBG: chan_9 -> [[Confidential data not shown]]
| DBG: chan_9 <- [[Confidential data not shown]]
| failed to unprotect the secret key: No passphrase given
| failed to read the secret key
| command 'PKSIGN' failed: No passphrase given
| DBG: chan_9 -> ERR 67109041 No passphrase given <GPG Agent>
| DBG: chan_9 <- [eof]
`----

I have removed gnome-keyring and seahorse in my system (in case there
was a conflict with them). 

Any ideas as to what might cause this?

Many thanks
-- 
Ángel de Vicente
 Research Software Engineer (Supercomputing and BigData)
 Tel.: +34 922-605-747
 Web.: http://research.iac.es/proyecto/polmag/

 GPG: 0x8BDC390B69033F52
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 694 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20221104/ba7281b0/attachment-0001.sig>


More information about the Gnupg-users mailing list