Enigmail Forum

[sonofbelial]

Hi, I've searched the forum for a solution to my problem and I still can't seem to sort it out. It's almost definitely an Enigmail issue because I had the same problems with Thunderbird. I'm using Seamonkey on Lubuntu 11.10.

Basically, any time I try to decrypt an email from Enigmail (Seamonkey 2.4.1/Enigmail 1.3.3/GnuPG 1.4.11) I get the following error:

Code: Select all

Error - secret key needed to decrypt message; click on 'Details' button for more information

So I do this and get:

Code: Select all

OpenPGP Security Info

Error - secret key needed to decrypt message

gpg command line and output:
/usr/bin/gpg
gpg: failed to create temporary file `/home/alastair/.gnupg/.#lk0x81ebb50.localhost.4251': Permission denied
gpg: keyblock resource `/home/alastair/.gnupg/secring.gpg': general error
gpg: failed to create temporary file `/home/alastair/.gnupg/.#lk0x81eca60.localhost.4251': Permission denied
gpg: keyblock resource `/home/alastair/.gnupg/pubring.gpg': general error
gpg: encrypted with RSA key, ID 2260F69E
gpg: encrypted with RSA key, ID B25CD7DF
gpg: decryption failed: secret key not available

Incidentally the output of

Code: Select all

ls -dl ~/.gnupg/*

is:

Code: Select all

# ls -dl ~/.gnupg/*
-rw------- 1 root root   9398 2012-03-06 05:18 /home/alastair/.gnupg/gpg.conf
-rw------- 1 root root 470993 2012-03-06 19:59 /home/alastair/.gnupg/pubring.gpg
-rw------- 1 root root 470993 2012-03-06 19:20 /home/alastair/.gnupg/pubring.gpg~
-rw------- 1 root root  10079 2012-03-06 19:00 /home/alastair/.gnupg/secring.gpg
-rw------- 1 root root   1760 2012-03-06 19:59 /home/alastair/.gnupg/trustdb.gpg


Also:

Code: Select all

# ls -dl ~/.gnupg/
drw------- 2 root root 4096 2012-03-06 19:59 /home/alastair/.gnupg/

Enigmail debug tells me that things are working properly... Can anyone help?

Oh, I'm running a torified system using Tor and Polipo. I'm not sure if that is significant - I doubt it.

Anyway, I'd really appreciate some help, it's a big problem for me!

Logfile says:

Code: Select all

enigmail> /usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 --keyserver-options auto-key-retrieve --keyserver hkp://keyserver.ubuntu.com:80 --decrypt --use-agent gpg: failed to create temporary file `/home/alastair/.gnupg/.#lk0x9ddfb50.localhost.5332': Permission denied gpg: keyblock resource `/home/alastair/.gnupg/secring.gpg': general error gpg: failed to create temporary file `/home/alastair/.gnupg/.#lk0x9de0a60.localhost.5332': Permission denied gpg: keyblock resource `/home/alastair/.gnupg/pubring.gpg': general error gpg: encrypted with RSA key, ID 2260F69E gpg: encrypted with RSA key, ID B25CD7DF gpg: decryption failed: secret key not available

I tried uninstalling, reinstalling and then removing gnupg-agent which made no difference either.

P.S. Yes, secret keys are loaded!!

[sonofbelial]

I've already tried:

Code: Select all

# chown alastair:alastair ~/.gnupg
# chown alastair:alastair ~/.gnupg/*
# chmod 700 ~/.gnupg/*

None of those have worked.

[patrick]

I'm not familiar with your setup, but it looks like GnuPG, when executed from Thunderbird, does not have the permissions required. This is not necessarily only the permissions like "rwx", but probably also other permissions defined by a policy management system. I.e. I assume that GnuPG inherits special restrictions defined by a policy.

[sonofbelial]

Yes that's basically the problem - I fixed it though with a little help from one of the IT gurus at work. I ran the following:

Code: Select all

sudo chmod -R 700 ~/
sudo chown -R alastair:alastair ~/

This fixed the issue although now any command I run from gpg spits out the following complaint before executing:

Code: Select all

gpg: WARNING: unsafe ownership on configuration file `/home/alastair/.gnupg/gpg.conf'

However given that everything else seems to work and my system is pretty darned secure as it is I'm not overly worried.

Many thanks!