Bug#594114: kleopatra cannot handle secret key/cert for SMIME
Package: kleopatra
Version: 4:4.3.4-1
Severity: important
Hi,
I tried to use kmail with kleopatra to encrypt and sign email with
SMIME. For that I exported my working certifikates from Thunderbird
as *.p12 file.
This file Kleopatra imports whitout any error, including the CA-Cert.
But I cannot use it, because any usage (e.g. change Passphrase, signing
email in kmail) that requests the input of the passphrase with pinentry
fails - with the error: "wrong password" - whatever I put in during the
import.
I can import Certs of other users in kleopatra, and signed mails from
others are show correct as signed from <sender>.
encryption is possible too.
see the gnupg log below.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages kleopatra depends on:
ii dirmngr 1.0.3-1 server for managing certificate re
ii gnupg-agent 2.0.14-1 GNU privacy guard - password agent
ii gnupg2 2.0.14-1 GNU privacy guard - a free PGP rep
ii gpgsm 2.0.14-1 GNU privacy guard - S/MIME version
ii kdebase-runtime 4:4.3.4-2 runtime components from the offici
ii kdelibs5 4:4.3.4-1 core libraries for all KDE 4 appli
ii kdepimlibs5 4:4.3.4-1 core libraries for KDE PIM 4 appli
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.2-9 GCC support library
ii libgpg-error0 1.6-1 library for common error values an
ii libgpgme11 1.2.0-1.2 GPGME - GnuPG Made Easy
ii libkdepim4 4:4.3.4-1 KDE PIM library
ii libkleo4 4:4.3.4-1 certificate based crypto library f
ii libqt4-dbus 4:4.5.3-4 Qt 4 D-Bus module
ii libqt4-network 4:4.5.3-4 Qt 4 network module
ii libqtcore4 4:4.5.3-4 Qt 4 core module
ii libqtgui4 4:4.5.3-4 Qt 4 GUI module
ii libstdc++6 4.4.2-9 The GNU Standard C++ Library v3
ii pinentry-qt [pinentry-x11] 0.8.0-1 Qt-3-based PIN or pass-phrase entr
ii pinentry-qt4 [pinentry-x11] 0.8.0-1 Qt-4-based PIN or pass-phrase entr
kleopatra recommends no packages.
kleopatra suggests no packages.
-- no debconf information
gnupg-log for trying to change the passphrase for the secret key from kleopatra:
[2010-08-23T21:09:56] Protokoll geleert
5 - 2010-08-23 21:10:18 gpg-agent[3527]: Handhabungsroutine 0xa5a2f0 für fd 7 gestartet
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: -> OK Pleased to meet you
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: <- RESET
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: <- OPTION display=:0.0
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: <- OPTION allow-pinentry-notify
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: <- SETKEYDESC Bitte+geben+Sie+die+Passphrase+an,+um+den+geheimen+Schlüssel+des+X.509+Zertifikats:%0A%22/CN=XXXXXXXXXXXX/OU=XXXXXXXXXXX/O=XXXXXXXXXXXX/L=XXXXXXX/ST=XXXXXXX/C=XX/XXXXX=XX@XXXXXXXX%22%0AS/N+01,+ID+0xFFFFFFFFFF3B100C,%0Agültig+von+2009-02-11+bis+2019-02-09%0Azu+entsperren.%0A
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: <- PASSWD BA01AB8B88041F6B18D6DBE56B637F15D19DDCF2
5 - 2010-08-23 21:10:18 gpg-agent[3527]: starting a new PIN Entry
5 - 2010-08-23 21:10:18 gpg-agent[3527]: DBG: connection to PIN entry established
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: -> INQUIRE PINENTRY_LAUNCHED 10379
5 - 2010-08-23 21:10:18 gpg-agent[3527.7] DBG: <- END
5 - 2010-08-23 21:10:31 gpg-agent[3527]: failed to unprotect the secret key: Falsche Passphrase
5 - 2010-08-23 21:10:31 gpg-agent[3527]: command passwd failed: Falsche Passphrase
5 - 2010-08-23 21:10:31 gpg-agent[3527.7] DBG: -> ERR 67108875 Falsche Passphrase <GPG Agent>
5 - 2010-08-23 21:10:31 gpg-agent[3527.7] DBG: <- [EOF]
5 - 2010-08-23 21:10:31 gpg-agent[3527]: Handhabungsroutine 0xa5a2f0 für den fd 7 beendet
log for signing mail at kmail:
[2010-08-23T21:16:29] Protokoll geleert
[client at fd 4 connected]
4 - 2010-08-23 21:17:18 gpgsm[10489]: enabled debug flags: assuan
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> # Home: ~/.gnupg
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> # Config: /home/falk/.gnupg/gpgsm.conf
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> # AgentInfo: /tmp/gpg-pp7Dew/S.gpg-agent:3527:1
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> # DirmngrInfo: [not set]
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> OK GNU Privacy Guard's S/M server 2.0.14 ready
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: <- OPTION display=:0
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: <- OPTION enable-audit-log=1
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: <- OPTION list-mode=1
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: <- OPTION with-validation=1
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: <- OPTION with-ephemeral-keys=0
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: <- LISTKEYS 3152ECC84A6127176B621AE382ACDD54FF3B100C
5 - 2010-08-23 21:17:18 gpg-agent[3527]: Handhabungsroutine 0xa5a2f0 für fd 7 gestartet
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK Pleased to meet you
4 - 2010-08-23 21:17:18 gpgsm[10489]: DBG: connection to agent established
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- RESET
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- OPTION display=:0
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- OPTION allow-pinentry-notify
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- HAVEKEY BA01AB8B88041F6B18D6DBE56B637F15D19DDCF2
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- ISTRUSTED 5441DD6444B5CFD6BC9ED5F15FA8D520B4945F47
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- KEYINFO BA01AB8B88041F6B18D6DBE56B637F15D19DDCF2
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> S KEYINFO BA01AB8B88041F6B18D6DBE56B637F15D19DDCF2 D - -
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> D crs:f:4096:1:82ACDD54FF3B100C:20090211T215914:20190209T215914:01::1.2.840.113549.1.9.1=#6F70656E76706E4070726F6669636F6D2D61672E6465,CN=XX,OU=XXX,L=XXXX,ST=XXX,C=XX::esES::%0Afpr:::::::::3152ECC84A6127176B621AE382ACDD54FF3B100C:::5441DD6444B5CFD6BC9ED5F15FA8D520B4945F47:%0Auid:f::::::::1.2.840.113549.1.9.1=#66684070726F6669636F6D2D61672E6465,CN=xxxxxxxxxxxx,OU=xxxxxxxxxxx,O=Pxxxxxxxxxxx,L=xxxxxxx,ST=xxxxxxx,C=xx::%0Auid:f::::::::<xx@xxxxxxxxxxx.xx>::%0A
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: <- BYE
4 - 2010-08-23 21:17:18 gpgsm[10489.0] DBG: -> OK closing connection
[client at fd 4 disconnected]
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- [EOF]
5 - 2010-08-23 21:17:18 gpg-agent[3527]: Handhabungsroutine 0xa5a2f0 für den fd 7 beendet
[client at fd 4 connected]
4 - 2010-08-23 21:17:18 gpgsm[10491]: enabled debug flags: assuan
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> # Home: ~/.gnupg
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> # Config: /home/falk/.gnupg/gpgsm.conf
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> # AgentInfo: /tmp/gpg-pp7Dew/S.gpg-agent:3527:1
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> # DirmngrInfo: [not set]
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> OK GNU Privacy Guard's S/M server 2.0.14 ready
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: <- OPTION display=:0
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: <- OPTION enable-audit-log=1
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: <- OPTION list-mode=1
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: <- OPTION with-validation=1
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: <- OPTION with-ephemeral-keys=0
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: <- LISTKEYS 5441DD6444B5CFD6BC9ED5F15FA8D520B4945F47
5 - 2010-08-23 21:17:18 gpg-agent[3527]: Handhabungsroutine 0xa5a2f0 für fd 7 gestartet
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK Pleased to meet you
4 - 2010-08-23 21:17:18 gpgsm[10491]: DBG: connection to agent established
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- RESET
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- OPTION display=:0
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- OPTION allow-pinentry-notify
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- HAVEKEY 528D19842B4689979AEE7B7F0EA91C3046BF145A
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> ERR 67108881 Kein geheimer Schlüssel <GPG Agent>
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- ISTRUSTED 5441DD6444B5CFD6BC9ED5F15FA8D520B4945F47
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- ISTRUSTED 5441DD6444B5CFD6BC9ED5F15FA8D520B4945F47
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> D crt:u:4096:1:5FA8D520B4945F47:20090211T215611:20190209T215611:00D2292985BF9288C7::1.2.840.113549.1.9.1=#6F70656E76706E4070726F6669636F6D2D61672E6465,CN=xxxxxxxxx,OU=xxxxxxxxxxx,O=xxxxxxxxxxxx,L=xxxxxxx,ST=xxxxxxx,C=xx::cC::%0Afpr:::::::::5441DD6444B5CFD6BC9ED5F15FA8D520B4945F47:::5441DD6444B5CFD6BC9ED5F15FA8D520B4945F47:%0Auid:u::::::::1.2.840.113549.1.9.1=#6F70656E76706E4070726F6669636F6D2D61672E6465,CN=xxxxxxxxx,OU=xxxxxxxxxxx,O=xxxxxxxxxxxx,L=xxxxxxx,ST=xxxxxxx,C=xx::%0Auid:u::::::::<xxxxxxx@xxxxxxxxxxxxxx>::%0A
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: <- BYE
4 - 2010-08-23 21:17:18 gpgsm[10491.0] DBG: -> OK closing connection
[client at fd 4 disconnected]
5 - 2010-08-23 21:17:18 gpg-agent[3527.7] DBG: <- [EOF]
5 - 2010-08-23 21:17:18 gpg-agent[3527]: Handhabungsroutine 0xa5a2f0 für den fd 7 beendet
[client at fd 4 connected]
4 - 2010-08-23 21:17:18 gpgsm[10493]: enabled debug flags: assuan
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: -> # Home: ~/.gnupg
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: -> # Config: /home/falk/.gnupg/gpgsm.conf
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: -> # AgentInfo: /tmp/gpg-pp7Dew/S.gpg-agent:3527:1
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: -> # DirmngrInfo: [not set]
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: -> OK GNU Privacy Guard's S/M server 2.0.14 ready
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: <- OPTION display=:0
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: <- OPTION enable-audit-log=1
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: <- OPTION list-mode=1
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: -> OK
4 - 2010-08-23 21:17:18 gpgsm[10493.0] DBG: <- OPTION with-validation=1
Reply to: