As stated in a gentoo-user list email, pinentry-gtk-2 is missing since some months[*]. The binary was located under /usr/bin/pinentry-gtk-2. This causes claws-mail to be unable to decrypt gpg-encrypted emails. A look into the claws-mail logs when clicking on an encrypted emails shows this: messageview.c:1400:decrypting message part sgpgme.c:469:data 0x7ffc6431b2f0 (11068 7632) prefs_gpg.c:671:Can't disable gpg agent (no GPG_AGENT_INFO) sgpgme.c:509:can't decrypt (No pinentry) pgpmime.c:343:plain is null! This results in being unable to read the encrypted email in claws-mail. A workaround for me was to create a symlink from pinentry-gnome3 to pinentry-gtk-2 via "ln -s /usr/bin/pinentry-gnome3 /usr/bin/pinentry-gtk-2" After doing that, when clicking on an encrypted email in claws-mail, a popup opened where I could enter my gpg-key password and I could read the decrypted email. [*] https://www.mail-archive.com/gentoo-user@lists.gentoo.org/msg184481.html Reproducible: Always Steps to Reproduce: 1. Install app-crypt/gnupg, mail-client/claws-mail (+pgp), app-crypt/pinentry (+gtk) and app-crypt/gcr (+gtk) 2. Open claws-mail, configure it correctly to decrypt emails via gpg 3. Click on an encrypted email Actual Results: A warning shows up in the mail window above the email text, saying "Couldn't decrypt: No pinentry" Expected Results: A popup should open up asking me to enter my gpg-key password. Doing a "ln -s /usr/bin/pinentry-gnome3 /usr/bin/pinentry-gtk-2" as root, a popup shows up when clicking on an encrypted email where I can enter my gpg-key password.
Can we have emerge --info mail-client/claws-mail for completeness?
Created attachment 692940 [details] Output of my local "emerge --info mail-client/claws-mail" command
claws-mail itself does not specify which tool to use, it leaves it to gpgme/gpg. If the issue still happens for you, can you run "eselect pinentry" to use another one? (pinentry-gnome3 probably in your case)
I did not know that there exists a pinentry module for eselect. But unfortunately it seems as if claws-mail does only look for /usr/bin/pinentry-gtk-2. For example, when I remove the symbolic link /usr/bin/pinentry-gtk-2 -> /usr/bin/pinentry-gnome3 again and then I do the following: $ # eselect pinentry list Available pinentry binary implementations: [1] pinentry-gnome3 * [2] pinentry-qt5 [3] pinentry-curses [4] pinentry-tty $ # eselect pinentry set 2 I still get: prefs_gpg.c:671:Can't disable gpg agent (no GPG_AGENT_INFO) sgpgme.c:696:can't decrypt (Kein Pinentry) pgpmime.c:251:plain is null! Instead, when manually setting the symbolic link through ln -s /usr/bin/pinentry-qt5 /usr/bin/pinentry-gtk-2 claws-mail shows the qt-password box immediately when clicking on the encrypted email.
Thanks for the quick test! This is interesting, as seen here: https://git.claws-mail.org/?p=claws.git;a=blob;f=src/plugins/pgpcore/sgpgme.c;h=4b3a978e28b1d6902f77bb196df2cd682fde2dfd;hb=HEAD#l696 This is reported by gpgme (wrapper around GPG), do other gpg commands work fine locally? Like "gpg --decrypt" (you can run it on full mail saved to file from claws-mail) Also, if you use eselect to set another pinentry (like QT), is it respected when running "gpg --decrypt"? If you use gpg-agent, it may override the system pinentry: https://superuser.com/questions/520980/how-to-force-gpg-to-use-console-mode-pinentry-to-prompt-for-passwords
Okay, found the issue. I had configured uwe @ /tmp - [] $ cat ~/.gnupg/gpg-agent.conf default-cache-ttl 300 max-cache-ttl 999999 allow-loopback-pinentry pinentry-program /usr/bin/pinentry-gtk-2 and obviously the last line here was the problem. I don't know since when I have this setting, but now, when looking into the GnuPG HowTo (https://wiki.gentoo.org/wiki/GnuPG#Configuring_gpg-agent_and_pinentry) it says we have to use pinentry-program /usr/bin/pinentry instead, which makes sense. Indeed, with this setting I don't have an issue anymore and the selection of pinentry through eselect is reflected by claws-mail when clicking on the encrypted email (and also executing "gpg --decrypt"). Thanks for pointing me to the correct direction :) Closing this bug.
Glad that I could help! (and learned a few internals on GPG internals)