How do I get going again with GPGTools with a new computer and new OS X.
I've downloaded GPGTools onto a new Macbook, with Lion OS X. How do I get GPG Keychain Access to show my sec key? As is I can't find any keys: "Searching for key failed. Code = 0".
I know about the issues with the Apple Mail plug ins, but believe there is a preliminary version available. I may give that a try, but first I just want to get the basic operation going so I can encrypt documents.
C
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Luke Le on 05 Dec, 2011 09:10 AM
That is in fact interesting. What packages from GPGTools did you install?
Could you also please run the following commands in Terminal.app
gpg --gpgconf-test
gpg --version
and post the output here.
2 Posted by craig.mckune on 05 Dec, 2011 09:30 AM
Erm... I can't remember which packages. In about September I downloaded GPGTools Installer. In my apps folder I just see GPG Keychain Access, but I believe the installer included at least GPGMail and GPG Services. On my old mac (Snow Leopard) I was encrypting documents (using GPG Services I think) and encrypting emails using GPG Mail. Does that answer your question?
Output:
gpg (GnuPG/MacGPG2) 2.0.17
libgcrypt 1.4.6
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
private-user:~ privateuser$
Support Staff 3 Posted by Luke Le on 05 Dec, 2011 09:47 AM
Your .gnupg folder contains all your secret and public keys. If your Lion installation is a new installation, you should copy that folder over from your old Snow Leopard installation.
Also searching for keys sometimes fails because a lot of keyservers are really unreliant, but the error message sure should be more explanatory.
Could you try using GPGPreferences to change your default keyserver to pgp.uni-mainz.de
4 Posted by craig.mckune on 05 Dec, 2011 10:05 AM
Thanks. Is that keyserver more reliable?
I don't have a ... oh, that is a hidden folder? (.gnupgp)
Support Staff 5 Posted by Luke Le on 05 Dec, 2011 10:11 AM
It works very well for me. We also try to keep this list updated, so check it if something goes wrong.
If time allows we'll also add an automated check to GPG Keychain Access which will disable failing keyservers.
It's a hidden folder inside your home folder, exactly. If you have a backup of your old Snow Leopard installation, you have to copy it over, otherwise you'll lose your secret keys unless you did backup them separately.
Support Staff 6 Posted by Steve on 05 Dec, 2011 10:22 AM
Hey Craig,
if any key server is broken or dead or working exceptionally well please add/update it on the following wiki-page: https://github.com/GPGTools/GPGTools/wiki/Keyservers
Besides that, you might want to re-run the latest version of our installer. There have been quite a few fixes since september :)
Cheers and all the best,
steve
7 Posted by craig.mckune on 05 Dec, 2011 10:23 AM
Done. The folder had already been created on my new machine, so I just copied over the contents. Thank you.
I changed the key server.
And while I have your ear, is it simple enough to update to the preliminary version of GPG Tools that includes Mail plug-ins, or should I wait for the final version.
Thanks again
8 Posted by craig.mckune on 05 Dec, 2011 10:25 AM
Cool. I updated from the update reminder I received earlier. Will try out the version with the Mail plug-ins now, if I can find it.
Support Staff 9 Posted by Luke Le on 05 Dec, 2011 10:27 AM
Update to the latest version of GPGTools. Everything but GPGMail is stable and GPGMail is also working very well already for most people.
A stable version of GPGMail should be released by the end of december if everything goes according to plan.
So encrypting & decrypting works again as should?
10 Posted by craig.mckune on 05 Dec, 2011 10:29 AM
Right. I see that. Updating now.
Everything is decrypting and encrypting just fine, except for mail, but I'm sure I'll get that going with new ver
Thanks guys
Support Staff 11 Posted by Steve on 05 Dec, 2011 10:32 AM
Let us know, how the new version performs. And if you have further issues with GPG Keychain Access (GKA) pls also post the version number of that.
Support Staff 12 Posted by Luke Le on 05 Dec, 2011 10:33 AM
Beware, it will look very different to the old version you are used to.
It's a completely revamped UI, as non-intrusive as possible, because we had to completely rewrite the plugin from scratch for Lion.
Basically, mail with decrypt automatically and once you compose a new message, you'll only see a lock icon and a sign icon at the very right, next to the from box.
Let us know if it works or if you run into any other problems.
13 Posted by craig.mckune on 05 Dec, 2011 01:48 PM
Hi
Steve, you asked me for the versions of GKA. On my old machine it's 0.8.13 (0.8.13). On the new machine it's 1.0b5 (1.0b5).
Once I downloaded the new version of GPGTools, my encryption/decryption worked perfectly in email and for files. However when I logged out and logged in again, I opened my mail account and...
* When I try to decrypt an email that decrypted perfectly before I logged out, I get the message: "Unable to decrypt PGP message: There was a problem decrypting this message. Verify that you have a valid key in your GPG Keychain."
* When I try to decrypt a document (it also worked perfectly previously), I get: "Decryption failed. Bad passphrase."
?
C
Support Staff 14 Posted by Luke Le on 05 Dec, 2011 02:19 PM
Now that is interesting.
Could you run the following line in Terminal.app:
gpg --list-secret-keys
and check if your email addresses are listed correctly.
I couldn't think of a reason other than that you're .gnupg folder has a problem.
15 Posted by Craig McKune on 05 Dec, 2011 02:41 PM
I don't like being the guy with "interesting" problems :)
The output gives me the correct email address: [email blocked]<mailto:[email blocked]>.
What now?
Craig McKune
Investigator
amaBhungane:
M&G Centre for
Investigative Journalism
www.amabhungane.co.za<http://www.amabhungane.co.za/>
m: +27 84 837 0366
o: +27 21 425 9028
f: +27 21 425 9056
e: [email blocked]<mailto:[email blocked]>
Skype: craigpatrik
twitter: @CraigMcKune
PGP key on pgp.uni-mainz.de<http://pgp.uni-mainz.de/>
I'm on facebook and WhatsApp
Support Staff 16 Posted by Luke Le on 05 Dec, 2011 02:47 PM
Hehe, I'm sorry, someone has to.
No, in all seriousness, let's get this figured out once and for all.
Please try to decrypt a file on the command line.
gpg --decrypt path-to-file
It should ask you for a passphrase.
17 Posted by Craig McKune on 05 Dec, 2011 02:58 PM
Output:
-bash: syntax error near unexpected token `newline'
But hang, on, there is another problem that has pitched up since I logged out and logged in again. My gmail account - the account I use via Apple Mail for encryption - is not working.
Outgoing: "Cannot send message using the server smtp.gmail.com:[email blocked]. The connection to the server 'smtp.gmail.com' on port 465 timed out. ..."
And when I click on the exclamation mark in my inbox reads: "Alert: There may be a problem with the mail server network. Verify the settings for account "Gmail" or try again. The server returned the error: The connection to the server "imap.gmail.com" on port 993 timed out."
This may or may not be linked to my PGP problem? but surely this gmail problem won't affect my encrypting and decrypting files on my hard drive?
Support Staff 18 Posted by Luke Le on 05 Dec, 2011 03:03 PM
Could you post the complete line you tried to execute, there seems to be an error in it.
Also, the connection error might be related depending on your settings.
Please check in your Mail.app Settings -> Accounts -> Your GMail Account -> Advanced that "all emails with their attachments" is selected under the "keeping copies of mails" option (sorry, my Mail.app is german so I don't know exactly what it reads in english).
If your setting reads something like "all e-mails without attachments" or similar, that might be related to the problem you're seeing, because in that case attachments are not stored on your harddrive.
19 Posted by Craig McKune on 05 Dec, 2011 03:12 PM
Last login: Mon Dec 5 16:20:19 on ttys000
private-user:~ privateuser$ gpg --decrypt <path-to-file>
-bash: syntax error near unexpected token `newline'
private-user:~ privateuser$ gpg --decrypt <path-to-file>
-bash: syntax error near unexpected token `newline'
private-user:~ privateuser$
The mail settings were already as you suggested with "All messages and their attachments" is selected.
Support Staff 20 Posted by Luke Le on 05 Dec, 2011 03:14 PM
sorry you have to omit the "<" and ">", then it should work.
21 Posted by Craig McKune on 05 Dec, 2011 03:24 PM
private-user:~ privateuser$ gpg --decrypt path-to-file
gpg: can't open `path-to-file': No such file or directory
gpg: decrypt_message failed: No such file or directory
private-user:~ privateuser$
Support Staff 22 Posted by Luke Le on 05 Dec, 2011 03:26 PM
you have to replace path-to-file with the actual path to the file, document you want to decrypt
23 Posted by Craig McKune on 05 Dec, 2011 03:30 PM
right. how do I format the path to file? can you give me an example - sorry.
Support Staff 24 Posted by Luke Le on 05 Dec, 2011 03:35 PM
Sure thing.
So, if you're file is for example in your Documents folder it would be something a long the line of
~/Documents/filename
The "~"-sign is for your home folder. Hope that helps
25 Posted by Craig McKune on 05 Dec, 2011 03:49 PM
I have to go to a meeting and go home after. I'll get working on this again in about 2.5hrs. Thanks for everything so far.
Support Staff 26 Posted by Luke Le on 05 Dec, 2011 03:52 PM
Great, so talk to you later!
27 Posted by craig.mckune on 05 Dec, 2011 06:06 PM
Using my internet connection at home, the gmail server problem is eliminated. The encrypt/decrypt problem remains.
I have entered that line with file path into terminal. If I paste the full outcome here on a public forum, will that expose my secret key?
Here is the edited ver. Tell me if you need more info:
private-user:~ privateuser$ gpg --decrypt ~/XXXFILEPATHXXX
You need a passphrase to unlock the secret key for
user: "Craig McKune <[email blocked]>"
XXXX-bit XXX key, ID XXXXXXXX, created XXXX-XX-XX (main key ID XXXXXXXX)
gpg: problem with the agent: End of file
gpg: encrypted with XXXX-bit RSA key, ID XXXXXXXX, created XXXX-XX-XX
"Craig McKune <[email blocked]>"
gpg: public key decryption failed: Operation cancelled
gpg: encrypted with XXXX-bit RSA key, ID XXXXXXXX, created XXXX-XX-XX
"RECIPIENT1 NAME SURNAME <RECIPIENT EMAIL ADDRESS>"
gpg: encrypted with XXX-bit XXX key, ID XXXXXXXX, created XXXX-XX-XX
"RECIPIENT2 NAME SURNAME <RECIPIENT EMAIL ADDRESS>"
gpg: decryption failed: No secret key
private-user:~ privateuser$
This was for a file that I was trying to decrypt in my finder. But of course there is also the problem with decrypting emails.
Support Staff 28 Posted by Luke Le on 05 Dec, 2011 06:47 PM
This tells me that you're gpg keyring doesn't contain your secret key.
Could you simply try to copy the .gnupg folder from your backup over again.
Also, check to see that it doesn't create an alias, which might have happened.
29 Posted by craig.mckune on 05 Dec, 2011 07:14 PM
Nah I think I messed it up.
I deleted everything in .gnupg and pasted in the contents of the same folder from the old machine, rather than just dragging them in and replacing.
One file wouldn't transfer. "S.gpg-agent" I get the message: "The operation can’t be completed because an item with the name “S.gpg-agent” already exists." But when I use spotlight I can only find the file on my USB that I'm trying to transfer.
Encryption still doesn't work. Perhaps I should reinstall GPG Tools.
30 Posted by craig.mckune on 05 Dec, 2011 07:18 PM
Kay wait. Think I've got it. I deleted .gnupg. Created it again and dragged everything in. let me do some testing