Enigmail不是要pgp密码，而是说没有可用的密钥

Question

用雷鸟的神秘邮件解密电子邮件不再有效。这是因为我没有机会输入我的密码，一种要求我这样做的表格会弹出，现在不是了，我收到了这样的信息：

错误-没有找到匹配的私有/秘密密钥来解密消息；单击“详细信息”按钮以获得更多信息

但是，私钥是可用的，因为

gpg -d Desktop/mail.eml     

使表单出现。在填写密码后，我可以在终端中读取解密邮件。

当我今天创建新密钥时，出现了另一个提示，提示密码出现了问题。由于没有密码短语集，所以无法创建吊销证书。同样，这也不是真的。

我第一次注意到这个问题是在8月31日星期一。

我查了一会儿互联网，然后做了以下工作：

1. 确保gpg-agent的实例正在运行: gpg-agent -v返回gpg-agent: gpg-agent运行和可用内容. .gnupg/gpg-agent.conf:默认缓存-ttl 0 max--ttl 0
2. 转到dconf Editor desktop->gnome->crypto->cache并将gpg-cache-ttl设置为0
3. Thunderbird Enigmail->Clear Saved Passphrases给出了一个神秘邮件警报:您正在使用gpg代理来处理密码。因此，在Enigmail中清除密码是不可能的。Thunderbird Enigmail->Preferences->Basic Remember passphrase for 0 minutes of idle time
4. 让gpg-agent忘记我的密码: pkill -SIGHUP gpg-agent
5. Seahorse->GnuPG keys删除所有键并重新导入它们

这份清单对这个问题没有任何影响。我想知道，我怎么才能让Enigmail再问我的密码呢？

提前感谢！

布朗克

编辑

1. 删除/etc/xdg/autostart/gnome-keyring-gpg.desktop并没有做任何事情。
2. 删除seahorse并没有做任何事情。
3. 使用decrypt-file：无法解密文件: mail.eml.pgp不良密码

Answer 1

试试这个:在我的例子中，https://www.enigmail.net/support/gnupg2_issues.php，我需要安装一个普通版本的pinentry (pinentry-qt4包)。

“解决GnuPG 2.x和gpg-agent的问题

注GnuPG 2.x需要一个“代理”来处理密码。默认情况下，这是由gpg代理完成的，但是还有其他工具实现其功能的子集。这些指示只适用于gpg-代理。如果您使用gnome-keyring、海马代理或KDE钱包管理器等代理，那么这些说明就不适用了。最常见的问题

症状

最常见的问题是gpg-agent (GnuPG的一部分)无法启动pinentry (用于查询密码的工具)。Enigmail将显示如下消息：

when reading messages:
Error - no matching private/secret key found to decrypt message; click on 'Details' button for more information

when sending messages:
- Send operation aborted. Error - encryption command failed
- Send operation aborted. Key 0x....... not found or not valid. The (sub-)key might have expired

如何分析

Try sending a signed and unencrypted message to yourself.
Check the output in the Enimgail log: go to menu Enigmail > Debugging Options > View Log.
Search for the following text: parseErrorOutput: status message. You will probably find this message several times. Check what follows below.
If the message says something like "no pinentry", "problem with the agent", "Invalid IPC response" or "problem with gpg-agent", then there is something wrong with your gpg-agent and/or pinentry setup.

如何修复它

Execute the following script from a terminal to find out if a graphical version of pinentry is used:

pinentry <<EOT
SETDESC Hello World
CONFIRM
EOT

You should get a graphical window with a confirmation message "Hello World". If a "window" is opened within your terminal window then pinentry is text-based, which does not work with Enigmail. To fix this, ensure that a graphical version of pinentry is installed. On Linux/Unix systems, these would typically be pinentry-qt/pinentry-qt4 or pinentry-gtk/pinentry-gtk2, and on Mac OS X pinentry-mac. Rename the existing pinentry file to "pinentry-text" or similar, and create a symlink from pinentry-qt, pinentry-qt4, pinentry-gtk, pinentry-gtk2 or pinentry-mac to pinentry. Then restart your PC.

If the above does not help, check the contents of $HOME/.gnupg/gpg-agent.conf. Make sure that there is a configuration entry pinentry-program containing the full path to a graphical version of pinentry as above. E.g.:

pinentry-program /usr/local/bin/pinentry-gtk

Then save the file and restart your PC.

If you still can't access your key, then execute the following script from a terminal:

gpg-connect-agent <<EOT
GETINFO version
EOT

The output should be something like the text below, where 2.0.26 represents the agent version number. The version number should match your gpg version number:

D 2.0.26
OK

If you get an error message like "ERR 280 not implemented" then you don't use gpg-agent, but one of the alternatives like gnome-keyring. We recommend you switch to gpg-agent by disabling your current agent. See e.g. askubuntu for how to disable gnome-keyring or how to disable KDE wallet.

If you get a useful result from above, then execute the following script from a terminal:

gpg-connect-agent <<EOT
GET_CONFIRMATION Hello
EOT

Pinentry should now open as a graphical window (just like above), with the difference to the step above that this instance of pinentry was launched from gpg-agent. If this is successful, then GnuPG 2 should work correctly in Enigmail.

If gpg-agent still cannot launch pinentry from Enigmail, then you need to start debugging gpg-agent. Execute the following commands from a terminal:

killall gpg-agent
gpg-agent --debug-level expert --use-standard-socket --daemon /bin/sh

This will start gpg-agent from the command line, open a new shell and print the debug output to that shell. If the command succeeded, you will see somehting like:
gpg-agent[76979]: gpg-agent 2.0.26 started
Leave the terminal window untouched, start Thunderbird and try to use Enigmail. As you'll try to access gpg-agent, you will see the output in your terminal window. If gpg-agent cannot start pinentry successfully, you will see something like this:

gpg-agent[76993]: starting a new PIN Entry
gpg-agent[76993]: chan_19 <- ERR 67109133 can't exec `/usr/bin/pinentry': No such file or directory
gpg-agent[76993]: chan_19 -> BYE
gpg-agent[76993]: can't connect to the PIN entry module: IPC connect call failed
gpg-agent[76993]: command get_passphrase failed: No pinentry

Press Ctrl+D in the terminal to end the debugging session. The bold line should tell you the reason for the error (in the example above, pinentry cannot be found). Try to fix the error and repeat the test."

Answer 2

我也有同样的问题，但我发现杀死gpg特工是个解决办法。

(从我发现的源代码中，您可以通过在~/.extensions.enigmail.logDirectory下某个地方编辑"defaults/preferences/enigmail.js“文件，将"/tmp”属性设置为“/tmp”来启用enigmail日志记录。然后，日志文件"/tmp/enigdbug.txt“显示了enigmail正在运行的完整gpg命令，结尾为”-use-agent“。我从命令行运行了那个gpg命令，给它一个加密的电子邮件消息。它抱怨错误消息"gpg: problem the agent: No PINentry“。谷歌搜索这条错误信息，提出了杀死gpg代理的建议。与此同时，国安局欣喜若狂地说，PKI加密的用户体验简直是垃圾。)

Answer 3

有同样的关于定位的错误。最后，我发现gpg特工使用了错误的定位入口。通过编辑~/..gnupg/gpg-agent.conf并添加以下行来解决这个问题。

pinentry-program /usr/bin/pinentry-gtk-2

我所使用的系统的默认值是pinentry-x11(这是一个允许各种窗口管理器的公司范围的安装)，它不适用于gnome3。因此，必须确保gpg-代理对实际使用中的窗口管理器使用正确的定位入口。