Re: [Evolution] Encrypting with GnuPG: `no imported public key` if key is not valid (not ultimate trusted)
- From: Tim Rausch <mail.gnome.org@tim.rausch.family>
- To: evolution-list gnome org
- Subject: Re: [Evolution] Encrypting with GnuPG: `no imported public key` if key is not valid (not ultimate trusted)
- Date: Sat, 04 Nov 2017 14:25:36 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello,
it seems like something about the GPG signature went wrong. In order to
do this right, here's the message again, I hope, the signature works
this time.
I'm sorry for that.
Best regards,
T. Rausch
On Sat, 2017-11-04 at 13:06 +0100, Tim Rausch via evolution-list wrote:
Hello,
I'm running Evolution 3.26.1-1 on Debian stretch (amd64) and would
like
to use GnuPG to secure my mails. My GPG private key is stored on a
YubiKey (but that shouldn't matter).
I imported my own key and the public keys of the people I want to
write
to GPG and selected my key in the preferences of Evolution. Now,
decrypting mails sent to me works as well as sending signed (not
encrypted messages). Sending encrypted messages to myself also works
as
the ownertrust of my own key is set to "ultimate".
The issues now is that I can not send mails to people whos keys are
not
valid, that means they don't have ultimate ownertrust and are not
signed by me. Sending an encrypted mail to such a key fails with
Evolution showing the following error:
Could not create message.
You may need to select different mail options.
Detailed error: Failed to encrypt: Invalid recipient
<recipients@mail.address> specified. A common issue is that the
gpg2 doesn’t have imported public key for this recipient.
But GPG really has the recipient's key imported (`echo "foobar" | gpg
--encrypt -r recipients@mail.address` works).
The output of `strace -p $(pidof evolution) -f -e trace=execve` shows
the command executed by Evolution to encrypt a mail:
[pid 4537] execve("/usr/bin/gpg2", ["gpg2", "--verbose",
"--no-secmem-warning", "--no-greeting", "--no-tty", "--batch",
"--yes", "--status-fd=67", "--encrypt", "--armor", "-u",
"my@mail.address", "-r", "<recipients@mail.address>", "--output",
"-"], [/* 34 vars */]) = 0
When I try to run this command manually on shell (replacing "
--status-
fd=67" with "--status-fd=1"), I get the following:
[GNUPG:] KEY_CONSIDERED <recipient's key fingerprint> 0
gpg: using pgp trust model
gpg: using subkey <recipient's encryption subkey id> instead of
primary key <recipient's primary key id>
[GNUPG:] KEY_CONSIDERED <recipient's key fingerprint> 0
gpg: automatically retrieved 'recipients@mail.address' via Local
gpg: <recipient's encryption subkey id>: There is no assurance
this key belongs to the named user
[GNUPG:] INV_RECP 10 recipients@mail.address
[GNUPG:] FAILURE encrypt 53
gpg: [stdin]: encryption failed: Unusable public key
I think the issue is that the recipient's public key is listed as:
[ unknown] (1). Pecipient's Name <recipients@mail.address>
in `gpg -k`. `[ unknown]` is AFAIK the key's validity. If it is `[
unkonwn]` this causes GPG to ask interactively whether you really
want
to use this key:
➜ ~ echo "foo" | gpg --encrypt -r recipients@mail.address --
armor
gpg: automatically retrieved 'recipients@mail.address' via Local
gpg: <recipient's encryption subkey id>: There is no assurance
this key belongs to the named user
sub rsa4096/<recipient's encryption subkey id> 2015-10-14
Recipient's Name <recipients@mail.address>
Primary key fingerprint: <recipient's key fingerprint>
Subkey fingerprint: <recipient's encryption subkey
fingerprint>
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
-----BEGIN PGP MESSAGE-----
[...]
-----END PGP MESSAGE-----
I think this behaviour of GPG causes the encryption in Evolution to
fail.
Resetting Evolution and GnuPG didn't fix the problem. When running
Evolution as another user, the issue also appeared.
Is this issue already known or could this problem also be caused by
something "on my side"? What can I do to fix this problem?
Thank you very much and best regards,
Tim Rausch
P.S. I asked that question on StackExchange (https://unix.stackexchan
ge
.com/questions/401920/), there might be some further details.
_______________________________________________
evolution-list mailing list
evolution-list gnome org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEjokubpXJvodYRWI9h4qm5jlbG+AFAln9vqsACgkQh4qm5jlb
G+DhCA/9EqgfQW5m44cmBtfkSmoPg1iQ3BltkcGhpfTI5KbzA4vXKOlUNnCtC2Fm
4g8LD6t1rlhZArUV2d9jzAUybyQn6Vs2NRd3kAlp7zDEEYORx/MzQQcDqrcxgC4V
IXhvOHg+/vrhGEpIhX0C5PMkmR4uzTcSeBBJlQJ44WDYFw+SaNTtrOHf/un/PZxM
RaJLkD4R0MQFvBR2/9Qetg0PD8aZdN/MMfcAj6U7tGsT7trmjhLt86/Xh/NK18Bu
OnTxCyMZM/kZoQL7O7nLegFk3PTRNkTqmiDdlpRiiKME7wXSt6tXTSqjcFhUc/Mp
5t7fEeZomD4lg0Lnvfg+6Neqxymhv/6d/flUyAfLBhw62j/LN8lmUBXY3BeJ3nI3
QlNQ3mLV3qtywo9KxRkZ0MlIDtPk6zz9yhW/nS1qu8WgH7fySqLPq3rKd6EdM5eI
eJ2TOWCrhGoufKqrxjojA391YRGeiwRHPfLpm0J7PZDsObxkc48Zigeicu4Zn5py
TF9s+BQUzrVkuWNlY9egecCE1CQtebJRKrd/JmbGUwtRfjrRpPaGHPYvygch3E/j
HbIxca6DHmG/wu/6PYBZ0PsiLebwc1Uv7q/oDJwYCEes4bfadagjVDuHc4mvQGGG
Wo92hUMbP4ajSsJoZ3pUDjn17QROxuxavAPm9kCFPQn+NUjTIA8=
=6X2d
-----END PGP SIGNATURE-----
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
