Like talked with taviso on IRC I've noticed that kmail needs a gpg-agent running for decriptying mails or it will end with an error reported also from many people on the forums. the minimum requirement and instructions can be found here: http://kmail.kde.org/kmail-pgpmime-howto.html But gpg-agent is provided by gpgme-1.9.x that is very insecure (and hardmasked) so was proposed to split out gpg-agent from it. This is a reminder. when the gpg-agent ebuild it's ready and stable we can add it as kdepim RDEPEND.
From what I know, gpg-agent is not a hard dependency for decrypting emails and should not be in RDEPEND. Without it, kmail just pops up a message that suggests using it to avoid typing the password all the times. But I definitely agree that gnupg-1.9 should be SLOTTED or splitted to allow using it side by side with the old /usr/bin/gpg.
The problem is in the mail decryption, it won't work without it, while the encryption works. You'll get this error when you receive an encrypted mail: Encrypted message (decryption not possible) Reason: Crypto plug-in "openpgp" could not decrypt the data. Error: Bad passphrase Encrypted data not shown.
Ok, you are right. After doing some research, it seems that kde provides all the facilities to ask for the password without relying on gpg-agent, but those facilities are not used at their best at the moment. For instance, the function CryptPlugWrapper::decryptVerifyJob(), which would ask for the passphrase, is never called, instead kmail calls CryptPlug::decryptAndCheckMessage(), which calls directly gpgme without setting any callback function to ask for the passphrase, and thus fails. So gpg-agent being necessary could be considered a kde bug, and there's already one open: http://bugs.kde.org/show_bug.cgi?id=92619
Yes your analysis is right. I've taked a look at the code but it looks like all the "objecttreeparser" class is bases on the "old" CryptPlug instead of the "new" CryptPlugWrapper. (old and new are mine assumptions) Probably we should notify this on the bug report?
I've commented on the kde bug, let's see how it goes.
Created attachment 45032 [details] gpg-agent ebuild derived from current gpg-1.9.10.ebuild This ebuild installs gpg-agent as required for current kmail-1.7.1 (from kdepim-3.3.1) to decrypt messages. Following the other steps mentioned in the kmail+pgpmime howto (http://kmail.kde.org/kmail-pgpmime-howto.html) the user can achieve gpg-agent integration and gpgme will get the required passphrase.
Created attachment 46249 [details] gpg-agent-1.9.13.ebuild Seems like gpg-1.9 has an interesting configure option, --enable-agent-only which makes it compile only the agent, avoiding the high security risk implied by 1.9 version. The attached ebuild make use of it, and also bumps to the last version of gnupg-1.9. See bug #74630 for a bump of also gnupg itself with blocks between gpg-agent and gnupg-1.9, and also slotted support. This can simply take the place of newpg and make kmail work as it should.
Mike - hows this for a solution to the gpg-agent?
that's cool, i like that :)
gpg-agent-1.9.14.ebuild added. Hope it works for you.
*** Bug 70889 has been marked as a duplicate of this bug. ***
should block newpg builds (yes, I still have newpg installed :) -Jeremy
newpg isn't in the gentoo tree anymore so I can't block something that doesn't officially exist. I do plan on putting a disable-gpg-agent in the gnupg-1.9* so they don't block each other.
gnu-pg-1.9* has gpg-agent removed. Documentation enhancements to (http://www.gentoo.org/doc/en/gnupg-user.xml) welcome. Please :-)
