GNOME Bugzilla – Bug 693527
PGP Signing of Emails Stores Password for Subsequent Emails
Last modified: 2015-04-15 17:49:39 UTC
PGP signing an email in evolution (3.6.3-1) leaves the key open for subsequent emails (despite user opting out of leaving the key open). The key needs to be opened again upon reboot. I have filed an arch linux bug at :<https://bugs.archlinux.org/task/33792> Initially I though the bug was only relegated to : 1) successfully sign an email with a PGP key 2) cancel the mail sending process 3) send another email (to find I do not need to open the key) However, I have found this issue replicates even when : 1) successfully sign an email with a PGP key 2) successfully send an email 3) send another email (to find I do not need to open the key) An excerpt of of the PGP debugging log from evolution (with sensitive information removed (bracketted in "<>") : status: [GNUPG:] USERID_HINT <16 characters> Mark Edward Lee (Mark's Email PGP Key) <email> status: [GNUPG:] NEED_PASSPHRASE <16 characters> <16 characters> <2 characters> <1 characters> status: [GNUPG:] GOOD_PASSPHRASE status: [GNUPG:] BEGIN_SIGNING H8 status: [GNUPG:] SIG_CREATED <1 characters> <2 characters> <1 character> <2 characters> <10 characters> <40 characters> status: [GNUPG:] SIG_ID <27 characters> 2013-02-10 <10 characters> status: [GNUPG:] GOODSIG <16 characters> Mark Edward Lee (Mark's Email PGP Key) <email> status: [GNUPG:] VALIDSIG <40 characters> 2013-02-10 <10 characters> <1 character> <1 character> <1 character> <2 characters> <1 character> <2 characters> <40 characters>
Created attachment 237453 [details] mine PGP password prompt Thanks for a bug report. How does the password prompt look like, please? It can be either a builtin prompt from evolution, or a gpg agent, as evolution follows this setting. The attached is a builtin prompt, where if I do not check the "remember for this session", then I'm reasked when sending the next email.
Created attachment 237464 [details] Evolution PGP Prompt
The prompt seems built in (see attached picture).
That's coming from gnome-keyring-daemon, not Evolution. It's correct for that to store your pgp key until the end of your session (i.e. until you log out of GNOME). If you don't want Evolution to use gnome-keyring-daemon then hit Alt+F2, launch gnome-session-properties, uncheck "GPG Password Agent" and re-login to GNOME; I think then Evolution will handle the key itself and you'll get the prompt Milan attached. (But I am learning and any of that might be wrong.)
Aha, I see, you've it the opposite, you do use the agent, but you do not want to use it. As I wrote to the evolution-list: I think this is led by gpg itself, if you let it use its own 'agent' then it'll possibly offer you gnome-shell's prompt, instead of that evolution's. Check ~/.gnupg/gpg.conf for use-agent when you uncomment it, the next prompt should use it (supposing you've the agent installed, while I do not know what extra package it requires, if any). But as I noticed only now, the email was initiated by Michael, not by Mark.
Yeah, Mark you should also try commenting out that line!
Created attachment 237527 [details] GPG Configuration File
MY GPG configuration file doesn't contain the line "use-agent"
Hmm, in that case, does the UI way of doing so, see comment #4, work for you?
I get the prompt after applying Comment #4, and the agent correctly asks for my pass phrase each time now. Thanks! Is there a way to have gnome-keyring run and still have evolution handle its own passwords?
Is there a way to make evolution always use its own method for handling PGP keys? Disabling gnome-keyring may cause problems with automatically logging on wifi networks
It's mostly a GPG internal thing, as I understood it, with the use-agent option. Why you do not have it in your preferences I do not know, maybe the GPG folks moved it elsewhere. Try this: $ gpg -a --sign /path/to/file if you get a UI prompt, the same as in evolution, then it does gpg itself, its 'agent', otherwise you might get a password prompt inside the terminal, which may suggest you've the agent off (unlikely, based on your description). That said, the only option I was aware of was the use-agent. If it's moved to other file or completely other place for configuration I do not know. You might try to ask GPG folks, or someone better knowledgeable.
Mark: have you tried comment 12?
Andre : Yes that is the current solution I applied.
I guess this got obsolete meanwhile. As least it doesn't seem to be in evolution's hands.