El día Wednesday, December 23, 2015 a las 08:04:26AM +0100, Matthias Apitz escribió:
> > Hello, > > I'm using on my FreeBSD 11-CURRENT netbook gnupg-2.1.6 to encrypt my > files and will now use this as well together with mutt to sign mails or > encrypt them with public keys of the recipients; > > I search around to get a tutorial for the correct settings in .muttrc, > but the things seem to be outdated; for example the installed > /usr/local/share/examples/mutt/gpg.rc refers to some wrapper > http://70t.de/download/gpg-2comp.tar.gz which is based on GnuPG v1.x > and the tutorial http://codesorcery.net/old/mutt/mutt-gnupg-howto is > from 2001 :-( Hello, I got off-list some hints (thanks for them); after setting a bunch of pgp_* values in ~/.muttrc I run into some GnuPG 2.1.x related problems; it turned out, after bringing them up in the GnuPG mailing-list, that one pnly need one(!) single value in .muttrc; and this works very nicely; I'm attaching the hint from this mailing list; matthias > From: Werner Koch <w...@gnupg.org> To: Matthias Apitz <g...@unixarea.de> Cc: gnupg-us...@gnupg.org Subject: Re: signing mails with MUA mutt fails On Wed, 23 Dec 2015 18:54, g...@unixarea.de said: > To sign mails one configure in the MUA the command in the following > form: You should put set crypt_use_gpgme into your ~/.muttrc to use the modern (ie. from ~2003) version of Mutt's crypto layer. it works much better that the bunch of configured commands. > gpg2 --batch --output - --passphrase-fd 0 --armor --sign --detach-sign > --textmode -u %a %f --passphrase-fd 0 does not work with gpg2 (since 2.1) because the gpg-agent is responsible for the private keys and the passphrase to protect them. If you are using an xterm the GUI Pinentry pops up from the background (controlled by the existence of the DISPLAY envvar). If you are using a plain tty, either the curses pinentry or the dump tty only pinentry can be used. The curses pinentry is used part of the GUI pinentry and used if DISPLAY is not set. Take care to set the GPG_TTY envvar (man gpg-agent). If you really need it with 2.1 you may also use the loopback mode which allows to gpg2 for ask for a passphrase in a similar but not indentical way gpg1 and pgp did. Put allow-loopback-pinentry into ~/.gnupg/gpg-agent.conf and restart the agent. Add --pinentry-mode=loopback to the gpg command line. > running with --debug gives some kind of error in the communication with > the agent: > > $ killall gpg-agent > gpg: DBG: chan_7 -> AGENT_ID > gpg: DBG: chan_7 <- ERR 67109139 Unknown IPC command <GPG Agent> That error is expected: it is a test for the former GNOME gpg-agent replacement. > gpg: DBG: chan_7 <- ERR 83886340 Invalid IPC response <Pinentry> > gpg: signing failed: Invalid IPC response Something is wrong with your pinentry. To debug this you add --8<---------------cut here---------------start------------->8--- log-file /foo/bar/gpg-agent.log verbose debug-pinentry debug ipc --8<---------------cut here---------------end--------------->8--- into gpg-agent.conf ("debug ipc" Is the same as "debug 1024") Salam-Shalom, Werner -- Matthias Apitz, ✉ g...@unixarea.de, 🌐 http://www.unixarea.de/ ☎ +49-176-38902045
pgpx1hkyxKGDq.pgp
Description: PGP signature
