Opening GPG Mail causes signatures with card to fail
If I try to sign something with the key stored on my Yubikey, eveything works fine from either the command line, or Finder -> Services -> OpenPGP: Sign File.
If I then open up Mail with GPG Mail loaded, signatures fail both in GPG Mail and in the command line and in Finder with a card error.
What did you expect instead
For signing to keep working even after Mail is opened
Describe steps leading to the problem.
GPGTools asks me to unlock my card and everything works fine.
~$ gpg --clearsign testfile.txt gpg: using "<my key id>" as default secret key for signing
I then open Mail and view an encrypted email, GPGTools asks me to unlock my card again for some reason, and then I try creating another signature:
~$ gpg --clearsign testfile.txt gpg: signing failed: Card error gpg: plextest.txt: clear-sign failed: Card error
No other plugins
Comments are currently closed for this discussion. You can start a new one.
|?||Show this help|
|ESC||Blurs the current field|
|r||Focus the comment reply box|
|^ + ↩||Submit the comment|
You can use
Command ⌘ instead of
Control ^ on Mac
1 Posted by alexmalinovich on 21 May, 2018 10:56 PM
I should add that I've tried quitting and restarting Mail.app as well as killing and restarting gpg-agent and scdaemon with
gpgconf --kill gpg-agentfollowed by
Support Staff 2 Posted by Steve on 26 Jun, 2018 11:11 AM
welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite. Excuse the late reply - the last weeks were very busy with the release of GPG Suite 2018.2 and 2018.3.
Can you install GPG Suite 2018.3 from our website (it should have been offered to you in case you have the automatic update check enabled) and let us know if that brings you back to working state.
3 Posted by alexmalinovich on 26 Jun, 2018 07:55 PM
I've had 2018.3 installed since it came out but I still have the same problem. I also just did a complete reinstall of OSX from scratch last week due to an unrelated issue, so I have a completely "clean" setup that still has the same issue.
If I run
gpg --sign --encryptfrom the command line, everything works fine, and if I use Thunderbird I'm able to sign an encrypt emails with no problem. However, once I get the card error when trying it Mail, I have to completely unplug the card and put it back in before it works. (it effectively kills the card for all applications, not just Mail)
Version info from the About pane attached.
Support Staff 4 Posted by Luke Le on 07 Jul, 2018 01:44 PM
we have heard of a similar issue regarding YubiKeys. I'm wondering, is this related to timing, or are you able to reproduce the issue everytime? If the second is the case, could you outline the exact steps that lead to the problem? That would really help in debugging this problem. While we are able to reproduce it ourselves after a certain time, it makes it very hard to debug, since there's no specific period of time after which it happens.
5 Posted by alexmalinovich on 07 Jul, 2018 07:05 PM
Timing doesn't appear to have any effect for me. It happens right after plugging the Yubikey in or when it's been plugged in for hours. It happens right after I open Mail, or after it has been open for days (I often have mail sitting on a separate Space so I can just swipe over to it when needed and forget about it the rest of the time). If there are any particular test cases you want me to do I'm happy to try anything that would be helpful for you to track this down.
One other thing that I've noticed, and I'm not sure if it's related:
Every time the signing fails with that error, I'm unable to close the draft afterwards. After the failure, it says "Save this message as a draft?". Clicking Don't Save, Cancel, or Save makes no difference at all. The draft just stays on the screen with that dialog showing. The only way to get rid of it is to completely quit Mail.app and restart it.
Support Staff 6 Posted by Luke Le on 07 Jul, 2018 09:10 PM
Hmm... so just to confirm, the following steps would reproduce the issue on your computer:
7 Posted by alexmalinovich on 07 Jul, 2018 09:37 PM
Exactly. I can reproduce it 100% of the time across two computers. I can do a screen recording if that'd be helpful.
Support Staff 8 Posted by Luke Le on 08 Jul, 2018 07:15 AM
That would definitely be helpful. Thanks!
9 Posted by alexmalinovich on 09 Jul, 2018 09:45 PM
Here you go. I sped up a few parts so you don't have to watch me type in real time, but if it's too fast just let me know and I can upload the full-length version as well. This also shows the issue I mentioned earlier where the draft becomes impossible to get rid of after a failed signature.
Steve closed this discussion on 29 Apr, 2019 04:20 PM.