Re: Gnus + GPG integration broken after revision 102412.

[Ashish SHUKLA]

Daniel Dehennin writes:
> address@hidden (Ashish SHUKLA) writes:

>> Daiki Ueno writes:
>>> address@hidden (Ashish SHUKLA) writes:
>> 
>>>> I'm having problem sending GPG signed mails in Emacs bzr revision 1024640.
>>>> 
>>>> Debugger entered--Lisp error: (error "Sign failed: ((exit))")
>>>> signal(error ("Sign failed: ((exit))"))
>> 
>>> Could you try again with (setq epg-debug t) and provide the contents of
>>> buffer " *epg-debug*" (note that the first letter is a white space)?
>> #v+
>> /usr/local/bin/gpg2 --no-tty --status-fd 1 --yes --use-agent --command-fd 0 
>> --armor --textmode --output /tmp/epg-output62957uOj --detach-sign -u 
>> 1F2F8410762E5E74
>> Warning: using insecure memory!
>> gpg: skipped "1F2F8410762E5E74": Unusable secret key
>> [GNUPG:] INV_SGNR 9 1F2F8410762E5E74
>> gpg: signing failed: Unusable secret key
>> #v-
>> The above mentioned key id belongs to my GPG key which I revoked, but it's
>> still present in my system to decrypt old content encrypted with it. Any 
>> ideas
>> how I can switch to other GPG user ID (the one which is used to sign this
>> email) ?
>> 
>>>> I've tracked it down to change in lisp/gnus/mml2015.el in
>>>> r102412[1]. To be able to send GPG signed emails, I've to defun the
>>>> "mml2015-epg-sign" function From revision 102411 of
>>>> lisp/gnus/mml2015.el.
>> 
>>> Cc'ed Daniel, who is the author of that change.

> Maybe you signed your email based on the default-key option in gpg.conf,
> my change use the sender address in addition to mml2015-signers.

"default-key" option in gpg.conf is present and points to the correct key, but
it is not working.

> If you have more than one key for an e-mail address you may (setq
> mm-sign-option 'guided) to choose which key to use.

I've more than one keys, and in one of the keys, the UIDs are more than 10,
which means the only 10 UIDs appear in the output of "gpg2
--list-secret-keys", to retrieve list of all UIDs, you've to explicitly query
"gpg2 --list-secret-keys $KEYID".

It would be nice to have a customizable variable (something like
"pgg-default-user-id") which stores the default key id used for signing the
messages. And, users with multiple keys should be able to override the key
used for signing an email in the message buffer as well.

> Another option may be to remove that email address from the key, it will
> not be picked up for signing but still usable to decrypt?

This could be done, but this looks like an ugly work around. :(

Thanks
-- 
Ashish SHUKLA

“I am free, no matter what rules surround me. If I find them
tolerable, I tolerate them; if I find them too obnoxious, I break
them. I am free because I know that I alone am morally responsible for
everything I do.” (Robert A. Heinlein, "The Moon Is a Harsh Mistress",
1966)

pgpBMCjgmNwWI.pgp
Description: PGP signature