tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/645-gpgmail-on-lion-crash-reportGPGTools: Discussion 2017-09-14T12:11:04Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-01-26T01:02:15Z2012-01-26T01:02:15ZGPGMail on Lion crash report<div><p>You're crash may also be related to your config error issue.<br>
<a href=
"http://support.gpgtools.org/discussions/everything/737-cant-install-gpgtools-web">
http://support.gpgtools.org/discussions/everything/737-cant-install...</a></p>
<p>We'll fix that, once we've fixed your config error :)</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-01T18:30:06Z2012-02-01T18:30:06ZGPGMail on Lion crash report<div><p>Hi,</p>
<p>I was just curious why you closed the discussion. Don't you
experience the problem anymore?</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-01T18:43:06Z2012-02-01T18:43:06ZGPGMail on Lion crash report<div><p>I found out what the config error related to. I had a symbolic
link in my ~/.gnupg directory. My secring.gpg file was a symbolic
link to a file on a volume that wasn't mounted. When I mounted it,
I no longer got the error.</p>
<p>The symbolic link was an attempt to address the desire to keep
my secring somewhere safe. The gpg-agent is meant to solve this
problem, but I haven't been able to make gpg-agent work. After
wasting too much time on this problem, I've given up, and I keep my
secring on my hard drive. At least I can decrypt mail sent to
me.</p>
<p>Now I have a new problem. I'll open a new ticket for it.</p>
<p>Thanks.</p>
<p>-- Pete</p></div>siemsentag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-01T18:44:31Z2012-02-01T18:44:31ZGPGMail on Lion crash report<div><p>Ah ok, yeah we've seen the symlink issue before and will address
it in a future version.<br>
Sorry for that.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-01T18:50:08Z2012-02-01T18:50:08ZGPGMail on Lion crash report<div><p>I don't experience the crash, because I know that if I have a
line in my GPG.conf file that says "secret-keyring xxx", where
"xxx" is a symbolic link filesystem that isn't mounted, Mail will
generate a cryptic error dialog when it starts. If I click "OK",
Mail will work, but will eventually crash with a dump like the one
I sent in the discussion.</p>
<p>So I don't use a symbolic link. That is inconvenient/insecure,
but at least Mail doesn't crash.</p>
<p>BTW, does gpg-agent work? I see that it's started via launchd at
login time, and with some debugging I see that it receives messages
from Mail/GPGMail when I decrypt an encrypted email. But I can't
seem to make it do what it is supposed to do, so that I can remove
my securing.gpg from my system. I want to:</p>
<ol>
<li>log in</li>
<li>connect a USB drive containing securing.gpg</li>
<li>mount the USB drive and decrypt the file</li>
<li>load the key from the secring file into gpg-agent</li>
<li>dismount the USB drive</li>
<li>use Mail all day, without the damn USB drive</li>
</ol>
<p>Thanks,</p>
<p>-- Pete</p></div>siemsentag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-01T19:09:05Z2012-02-01T19:09:05ZGPGMail on Lion crash report<div><p>Hi Pete,</p>
<p>I don't think gpg-agent works the way you want it to.<br>
gpg-agent is not used to keep your secring in cache but rather the
passphrases so you don't have to enter it each time you decrypt or
sign a message.<br>
gpg-agent securely caches the passphrases and relays them to gpg
upon request. You can easily test this if you set the max cache
time to 0. You'll be asked for a passphrase anytime.</p>
<p>It would also be fairly insecure to have gpg-agent cache the
whole decrypted keyring, as a hacker could somehow access the
internal memory of gpg-agent which would contain the decrypted
version of the keyring instead of the encrypted version which is on
your usb thumb drive.</p>
<p>However storing the key on a thumb drive makes it more secure
due to the fact, that you should only connect the drive when you
actually want to decrypt/sign Mails.</p>
<p>What should definitely</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-02T00:11:20Z2012-02-02T00:11:20ZGPGMail on Lion crash report<div><p>(Perhaps your reply was cut off?)</p>
<p>Thank you so much! I begin to understand. I assumed gpg-agent
was like ssh-agent, which actually stores keys. I got my info from
<a href=
"http://www.debian-administration.org/articles/452">http://www.debian-administration.org/articles/452</a>,
but I obviously didn't read carefully enough. I still don't
understand why it's "ok" for ssh-agent to cache entire keys, but
its not "ok" for gpg-agent to do the same.</p>
<p>I agree that I should only connect the drive when I actually
want to decrypt/sign messages. My problem is that I often want to
read messages without having the USB drive inserted/mounted and the
encrypted dog on the USB drive mounted/decrypted. I can't figure
out how to configure Mail/GPGMali so that it knows the path to the
securing.gpg file on the USB drive, but it doesn't actually try to
use it until I've inserted and mounted/decrypted the encrypted dmg
that's on the USB drive. The schemes I've tried always require that
I have the drive available before I start Mail.</p></div>siemsentag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-02T00:38:55Z2012-02-02T00:38:55ZGPGMail on Lion crash report<div><p>In all honesty, I don't really think I can give you a well
educated answer for that, since I don't know too much about the
inner workings of SSH.</p>
<p>From what I just read, the ssh-agent stores the decrypted
version of your private key in its cache. This happens after you
add the private key using the ssh-add command. You're prompted to
enter the password, and after successfully doing so, the key is
cached.</p>
<p>Any consequent access of the key doesn't prompt you for the
password, since the ssh-agent already has the decrypted key.</p>
<p>And I think this is where gpg-agent differs. Instead of the
decrypted key, gpg-agent only stores the passphrase to provide the
same behaviour.<br>
I'm not sure whether that is more or less secure but it seems to be
the main difference between the two.</p>
<p>It's also true that you can in fact cache single keys with
gpg-agent. I just learned that by talking to a GPGTools Team
member.<br>
What I've found out after looking into that fact, this might be
because gpg-agent can act as a drop in replacement for
ssh-agent.<br>
You again use the command ssh-add to add your private keys and
gpg-agent will behave just like that.</p>
<p>But coming back to your main problem, unfortunately you'll be
not be able to solve your problem on your own by re-configuring
GPG.<br>
An upcoming version of GPGMail which I'm hard at work on will
however be smarter about your scenario.<br>
You'll not be shown an error message when you start Mail.app,
instead you'll see an indication in the preferences (or maybe the
Mail.app toolbar) that OpenPGP is not working properly, possibly by
a red bullet.<br>
Mail.app will function as supposed only any GPG operations are not
available.<br>
Once you connect your stick, the indicator bullet will change to
green and you'll be able to decrypt/verify/encrypt emails.<br>
We'll implement it as unintrusive as possible.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-02T00:56:43Z2012-02-02T00:56:43ZGPGMail on Lion crash report<div><p>Thanks very much for taking the time to clarify this. I think
I'll have to resort to what others do here. Never sign emails. When
I receive an encrypted mail, then</p>
<ol>
<li>stop Mail</li>
<li>insert USB</li>
<li>copy secring.gpg to ~/.gnupg/</li>
<li>restart Mail</li>
<li>decrypt and read the email</li>
<li>stop Mail</li>
<li>delete the secring.gpg file</li>
<li>restart Mail</li>
</ol>
<p>Or, as another user does, don't use GPGMail. When I receive an
encrypted mail, save it to a file and decrypt it with a gpg
command.</p>
<p>-- Pete</p></div>siemsentag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-02T01:21:57Z2012-02-02T01:21:57ZGPGMail on Lion crash report<div><p>That sounds like a serious pain in the ass workflow, but I can
understand your security concerns.<br>
Both solutions leave me unsatisfied and I'll look into the problem
tomorrow to see if we can find a quick solution for this</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-02T02:28:43Z2012-02-02T02:28:43ZGPGMail on Lion crash report<div><p>Hi Pete,</p>
<p>could you please try this version - 2.0a27:</p>
<p><a href=
"http://cl.ly/2d213e16260t0a3r072b">http://cl.ly/2d213e16260t0a3r072b</a></p>
<p>Simply put the GPGMail.mailbundle file into
~/Library/Mail/Bundles/<br>
and replace the old one.</p>
<p>You should then be able to use your old symlink setup.<br>
Please let me know how it goes.</p>
<p>Also, what I was wondering, what makes you think that having the
gpg-agent cache your secret keys be more secure than having your
usb drive connected to your mac?<br>
Or do you just not want to keep the usb drive connected all the
time?</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-02T16:23:50Z2012-02-02T16:23:50ZGPGMail on Lion crash report<div><p>Hmmm. It seems to work the same the previous version. I put the
new version in my ~/Library/Mail/Bundles. Then I edited my
~/.gnupg/gpg.conf file to uncomment the line that says</p>
<p>secret-keyring /Volumes/gnupg/secring.gpg</p>
<p>When I started Mail I got an error dialog that said</p>
<p>I clicked "OK" and Mail started up. I quit Mail, inserted the
USB, created the symlink, and restarted Mail. It came up without
error. I quit Mail and unmounted the USB, and started Mail. I got
the above error.</p>
<p>-- Pete</p></div>siemsentag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-02T18:29:20Z2012-02-02T18:29:20ZGPGMail on Lion crash report<div><p>At the moment you still see the error, but Mail will use your
secret key once available. So there should be no reason to un quit
Mail while pluggin/unplugging your key</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-03T17:39:55Z2012-02-03T17:39:55ZGPGMail on Lion crash report<div><p>Thanks! It works as you say. This is the behavior I'd like to
see! I'll just ignore the error when Mail starts.</p>
<p>Thanks again for all your help.</p>
<p>-- Pete.</p></div>siemsentag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-03T17:50:42Z2012-02-03T17:50:42ZGPGMail on Lion crash report<div><p>(to reply to a question you asked previously in this thread)</p>
<p>Yes, I don't want to keep the USB drive connected all the time,
but for a good reason. I have a desktop Mac and a laptop Mac. I use
the desktop most of the time, and the laptop when I go to meetings.
I attend some monthly meetings in which everyone present has a
laptop on wireless, and some people attend via teleconference
and/or videoconference. Everyone is on line. I'm the chairman of
some of these meetings. In them, it sometimes happens that my boss
suddenly says "Pete, please email us that
spreadsheet/PowerPoint/diagram". That means <em>right now</em> -
the meeting can't continue until I email the thing. In that
scenario, it's not reasonable for me to hunt around for a USB
drive. The attendees are all technically savvy, and I don't want to
have to explain that my mail client crashes if I don't have the USB
inserted. Inevitably, there would be some meeting for which I'd
forget to bring the USB drive. I can't just have the USB key
inserted in the laptop all the time - it will get banged around,
the laptop won't fit in a bag when there's a key hanging out, it
breaks the whole idea that the key is separate from the laptop,
etc.</p>
<p>If GPGMail requires that I have a USB key plugged in, I won't
use GPGMail. Thank you for giving me a version of GPGMail that I
can use.</p>
<p>-- Pete</p></div>siemsentag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-17T16:27:24Z2012-02-17T16:27:24ZGPGMail on Lion crash report<div><p>Luke,</p>
<p>I noticed a "feature" of the special release that you sent me.
If I start Mail without having my USB drive mounted, it gives the
GPG_CONFIG_ERROR_TITLE error as expected, and I click "OK" and Mail
works without crashing. That's great, but if I do
Mail->Preferences, Mail won't display the Preferences widow. If
I stop Mail, mount the USB, start Mail, and do
Mail->Preferences, it works. If I stop mail, unmount the USB,
start Mail, click "OK" on the error dialog, and mount the USB, Mail
won't display Preferences.</p>
<p>So I can only change my preferences if I had the USB drive
mounted when I started Mail.</p>
<p>Thanks,</p>
<p>-- Pete</p></div>siemsentag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-17T16:35:21Z2012-02-17T16:35:21ZGPGMail on Lion crash report<div><p>Hi Pete,</p>
<p>that's not good!<br>
We're having a GPGMail hackathon today which will address a lot of
outstanding issues.<br>
I'll add this one to it!</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/131378802012-02-19T12:13:40Z2012-02-19T12:13:40ZGPGMail on Lion crash report<div><p>Fixed yesterday :)</p>
<p><a href=
"http://gpgtools.lighthouseapp.com/projects/65764/tickets/380-crash-when-gnupg-is-symlink-to-unavailable-location">
http://gpgtools.lighthouseapp.com/projects/65764/tickets/380-crash-...</a></p>
<p><a href=
"http://gpgtools.lighthouseapp.com/projects/65764/tickets/392">http://gpgtools.lighthouseapp.com/projects/65764/tickets/392</a></p>
<p>Closing. Thanks for the report siemsen!</p></div>Steve