Opening GPG Mail causes signatures with card to fail

alexmalinovich's Avatar

alexmalinovich

21 May, 2018 10:52 PM

https://cl.ly/1C1e1R2A3D18

If I try to sign something with the key stored on my Yubikey, eveything works fine from either the command line, or Finder -> Services -> OpenPGP: Sign File.

If I then open up Mail with GPG Mail loaded, signatures fail both in GPG Mail and in the command line and in Finder with a card error.

What did you expect instead

For signing to keep working even after Mail is opened

Describe steps leading to the problem.

Insert card:

~$ gpg --clearsign testfile.txt
gpg: using "<my key id>" as default secret key for signing
GPGTools asks me to unlock my card and everything works fine.

I then open Mail and view an encrypted email, GPGTools asks me to unlock my card again for some reason, and then I try creating another signature:

~$ gpg --clearsign testfile.txt
gpg: signing failed: Card error
gpg: plextest.txt: clear-sign failed: Card error

No other plugins

  1. 1 Posted by alexmalinovich on 21 May, 2018 10:56 PM

    alexmalinovich's Avatar

    I should add that I've tried quitting and restarting Mail.app as well as killing and restarting gpg-agent and scdaemon with gpgconf --kill gpg-agent followed by gpg --card-status.

  2. Support Staff 2 Posted by Steve on 26 Jun, 2018 11:11 AM

    Steve's Avatar

    Hi Alex,

    welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite. Excuse the late reply - the last weeks were very busy with the release of GPG Suite 2018.2 and 2018.3.

    Can you install GPG Suite 2018.3 from our website (it should have been offered to you in case you have the automatic update check enabled) and let us know if that brings you back to working state.

    Best,
    steve

  3. 3 Posted by alexmalinovich on 26 Jun, 2018 07:55 PM

    alexmalinovich's Avatar

    I've had 2018.3 installed since it came out but I still have the same problem. I also just did a complete reinstall of OSX from scratch last week due to an unrelated issue, so I have a completely "clean" setup that still has the same issue.

    If I run gpg --sign --encrypt from the command line, everything works fine, and if I use Thunderbird I'm able to sign an encrypt emails with no problem. However, once I get the card error when trying it Mail, I have to completely unplug the card and put it back in before it works. (it effectively kills the card for all applications, not just Mail)

    Version info from the About pane attached.

  4. Support Staff 4 Posted by Luke Le on 07 Jul, 2018 01:44 PM

    Luke Le's Avatar

    Hi Alex,

    we have heard of a similar issue regarding YubiKeys. I'm wondering, is this related to timing, or are you able to reproduce the issue everytime? If the second is the case, could you outline the exact steps that lead to the problem? That would really help in debugging this problem. While we are able to reproduce it ourselves after a certain time, it makes it very hard to debug, since there's no specific period of time after which it happens.

  5. 5 Posted by alexmalinovich on 07 Jul, 2018 07:05 PM

    alexmalinovich's Avatar

    Timing doesn't appear to have any effect for me. It happens right after plugging the Yubikey in or when it's been plugged in for hours. It happens right after I open Mail, or after it has been open for days (I often have mail sitting on a separate Space so I can just swipe over to it when needed and forget about it the rest of the time). If there are any particular test cases you want me to do I'm happy to try anything that would be helpful for you to track this down.

    One other thing that I've noticed, and I'm not sure if it's related:

    Every time the signing fails with that error, I'm unable to close the draft afterwards. After the failure, it says "Save this message as a draft?". Clicking Don't Save, Cancel, or Save makes no difference at all. The draft just stays on the screen with that dialog showing. The only way to get rid of it is to completely quit Mail.app and restart it.

  6. Support Staff 6 Posted by Luke Le on 07 Jul, 2018 09:10 PM

    Luke Le's Avatar

    Hmm... so just to confirm, the following steps would reproduce the issue on your computer:

    1. Unplug Yubikey
    2. Kill any gpg processes (gpg-agent, scdaemon, gpg, dirmngr)
    3. Plugin yubikey
    4. Perform sign via terminal -> successful
    5. Open Mail
    6. Decrypt Message with Key on Yubikey
    7. Re-attempt to sign -> card error
  7. 7 Posted by alexmalinovich on 07 Jul, 2018 09:37 PM

    alexmalinovich's Avatar

    Exactly. I can reproduce it 100% of the time across two computers. I can do a screen recording if that'd be helpful.

  8. Support Staff 8 Posted by Luke Le on 08 Jul, 2018 07:15 AM

    Luke Le's Avatar

    That would definitely be helpful. Thanks!

  9. 9 Posted by alexmalinovich on 09 Jul, 2018 09:45 PM

    alexmalinovich's Avatar

    Here you go. I sped up a few parts so you don't have to watch me type in real time, but if it's too fast just let me know and I can upload the full-length version as well. This also shows the issue I mentioned earlier where the draft becomes impossible to get rid of after a failed signature.

  10. Steve closed this discussion on 29 Apr, 2019 04:20 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac