Thunderbird and Enigmail in combination with MacGPG2 2.0.27 does not find gpg

MacUser's Avatar

MacUser

23 Mar, 2015 02:32 PM

Hi,

I know you should not offer support for Enigmail. Since MacGPG2 beta6 I cannot open the Keyring, with beta5 there was no problem! Maybe you have a hint whats different. Thank you!

  1. Support Staff 1 Posted by Steve on 28 Mar, 2015 08:08 PM

    Steve's Avatar

    Hi MacUser,

    I tested this with 31.5.0 and Enigmail 1.8.1 and latest GPG Suite beta6. Sending encrypted and signed mails worked as did decrypting and verifying incoming mails.

    Please post your versions. But basically this indeed would be a bug you probably should report to enigmail: https://www.enigmail.net/support/index.php

    All the best,
    steve

  2. 2 Posted by Phil on 03 Apr, 2015 07:15 PM

    Phil's Avatar

    I have same problem. I installed GPG2 beta 6 in response to warning from Enigmail about having to upgrade from 1.4. Did so, but it still complains.

    Turns out, /usr/local/bin/gpg is still the 1.4 version. Found GPG2 under /usr/local/MacGPG2 but it didn't remove the old version. I assumed it would do so... do I need to uninstall version 1.4.7 somehow?

  3. 3 Posted by Ben on 04 Apr, 2015 08:25 AM

    Ben's Avatar

    No, you just need to update the enigmail preferences to point to /usr/local/MacGPG2/bin/gpg2 instead. GPG 2.x has always been able to be installed alongside 1.4.x.

  4. 4 Posted by Phil Watson on 04 Apr, 2015 04:06 PM

    Phil Watson's Avatar

    Tried that. It complained "Can't run GPG from there"


    Sent from my phone

  5. 5 Posted by Ben on 04 Apr, 2015 04:52 PM

    Ben's Avatar

    Then make a symbolic link to it in /usr/local and point to that, so:

        ln -s /usr/local/MacGPG2/bin/gpg2 /usr/local/bin/gpg2

    Then point Enigmail to /usr/local/bin/gpg2 instead. If that still
    doesn't work then replace the sym link with a bash script like this:

        #!/bin/bash

        exec /usr/local/MacGPG2/bin/gpg2 "$@"

    Then make it executable:

        chmod 755 /usr/local/bin/gpg2

    You might need to create the file somewhere else and copy it into
    /usr/local/bin with the sudo command. You will definitely need to use
    a text editor which adheres to POSIX file standards like Nano, Vim or
    Emacs.

    So the sym link will be easier, try that first.

  6. 6 Posted by Darren on 06 Apr, 2015 04:26 PM

    Darren's Avatar

    Ok,
    I was having the same problem, I tried this with the sym link and that seemed to work.

    I also assumed (just like Phil above) that the install would have removed 1.4. AND, this is a minor nit to keep my email secure.

    Thanks for all the hard work!

  7. 7 Posted by Ben on 06 Apr, 2015 06:47 PM

    Ben's Avatar

    Version 1.4.19 is still quite secure, just as secure as 2.0.27 in fact.
     It does not, however, utilise gpg-agent and pinentry at all so there's
    no native caching of passphrases. It has also been more easily utilised
    by servers for various purposes (most commonly package management or
    operating remailers). Since the binaries produced when compiling it do
    not clash with the names of any produced by 2.0 and above or their
    dependencies, there is no reason to require its removal and so many
    people operate both.

    My current configuration, for example, utilises both, albeit with a bit
    of customisation:

    * Customised source of GPG 1.4.19 compiled to /usr/local/bin and renamed
    gpg binary
    * Bash script of /usr/local/bin/gpg1 to call GPG 1.4.19 with an
    explicitly set alternative home directory at ~/.gnupg1
    * GPG Suite beta installed to /usr/local/MacGPG2 as normal for it <--
    largely unused, primarily retained for running training sessions
    * GPG 2.1.2 and dependencies in custom directory /usr/local/gnupg-2.1
    for testing alternative configurations <-- not live, has a tendency to break
    * GPG 1.4.19 installed from standard source via MacPorts in order to
    maintain library dependencies within /opt/local
    * GPG 2.1.2 and dependencies installed from source via MacPorts, binary
    at /opt/local/bin/gpg2
    * Bash script of /usr/local/bin/gpg to call GPG 2.1.2 with an explicitly
    set alternative home directory at ~/.gnupg2
    * Bash script of /usr/local/bin/gpg2 to call GPG 2.1.2 with an
    explicitly set alternative home directory at ~/.gnupg2 and also restart
    dirmngr so it can be launched with proxychains to direct all keyserver
    requests through a proxy server (this sends it all through Tor to
    prevent traffic analysis to determine whose keys I'm requesting)
    * A symbolic link of the default home directory location pointing to the
    current for 2.1: ln -s $HOME/.gnupg2 $HOME/.gnupg

    Additional things dependent on the above:

    * Thunderbird + Enigmail with Enigmail configured to call the shell
    script at /usr/local/bin/gpg (no need to reset dirmngr each time, just
    long as I tweak its launch status with each login)
    * The source of GPG 2.1.2 was modified in a manner similar-ish to 1.4.19
    prior to the final build.
    * Due to a problem with the way 2.1.2 performs network connections, the
    keyservers are presently limited to accessing ipv4.pool.sks-keyservers.net
    * $HOME/.gnupg2 was originally a copy of the first (and for a long time
    only) ~/.gnupg directory, they're kept separate to prevent unexpected
    conflicts from changes in file types with key storage.

    So let's see, that's two installations of the 1.4 series, one
    installation of 2.0, one (working) installation of 2.1, a sandbox for
    playing with things and none of it conflicts with the rest.

    Obviously that type of configuration goes way above and beyond the needs
    of many users, but it does illustrate how readily the different series
    can work together. It's unlikely to be a permanent scenario anyway. I
    expect it will only be another 5 to 10 years before everyone has
    migrated to 2.1 as it is the only series to reliably support ECC keys
    and that shift will start relatively soon. Hell, I'm only waiting until
    there's a non-NIST, non-Brainpool curve which provides encryption as
    well as signing. Though I am quite happy with my current RSA/RSA/ELG key.

  8. Support Staff 8 Posted by Steve on 25 Jun, 2015 11:12 AM

    Steve's Avatar

    We won't remove existing user installations for good reasons. Also as explained by Ben, gnupg 1 and 2.0 can peacefully co-exist.

    Thanks Ben for your input on this one!

    Is anybody still having issues with this or can I close this discussion?

    All the best,
    steve

  9. Steve closed this discussion on 05 Nov, 2015 10:45 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac