Gpg works fine for encrypting mail with evolution, however, when I attempt to sign mail, I get the following error. I have checked the link is to gpg2 and my gpg.conf contains an angent. The error is (9854FE05 is the correct key id): Because "gpg: no running gpg-agent - starting one gpg: writing to `-' gpg: DSA key 9854FE05 requires a 256 bit or larger hash gpg: signing failed: General error ", you may need to select different mail options. Reproducible: Always Steps to Reproduce: 1. Run evloution and configure gpg etc 2. Choose to sign mail 3. Try to send, enter password if keyring has one 4. error appears Actual Results: Error and mail not sent: Because "gpg: no running gpg-agent - starting one gpg: writing to `-' gpg: DSA key 9854FE05 requires a 256 bit or larger hash gpg: signing failed: General error ", you may need to select different mail options. Expected Results: Not to see the error. Mail to be signed.
(In reply to comment #0) > Gpg works fine for encrypting mail with evolution, however, when I attempt to > sign mail, I get the following error. I have checked the link is to gpg2 and my > gpg.conf contains an angent. > > The error is (9854FE05 is the correct key id): > > Because "gpg: no running gpg-agent - starting one > gpg: writing to `-' > gpg: DSA key 9854FE05 requires a 256 bit or larger hash > gpg: signing failed: General error > ", you may need to select different mail options. > > Reproducible: Always Hi. I ran into the same problem and the workaround was put into this forum, please take a look: http://forum.sabayon.org/viewtopic.php?f=59&t=21563#p121478 The workaround consists in to create a ~/.gnupg/gpg-agent.conf file, which is apparently missing. Marcio.
Thanks, but I have tried that already. Encrypting works, signing doesn't. I had seen that bug, that is why I mentioned that I had created the ~/.gnupg/gpg-agent.conf file.
When I add "use-agent" to the gpg.conf (and I have an gpg-agent.conf) I can no longer decrypt mail. (In reply to comment #2) > Thanks, but I have tried that already. Encrypting works, signing doesn't. > > I had seen that bug, that is why I mentioned that I had created the > ~/.gnupg/gpg-agent.conf file. >
Ignore the decrypting part. That still works. But when I add the use-agent to the gpg.conf nothing happens - no agent is run. (In reply to comment #3) > When I add "use-agent" to the gpg.conf (and I have an gpg-agent.conf) I can no > longer decrypt mail. > > (In reply to comment #2) > > Thanks, but I have tried that already. Encrypting works, signing doesn't. > > > > I had seen that bug, that is why I mentioned that I had created the > > ~/.gnupg/gpg-agent.conf file. > > >
It looks to me like the gpg-agent errors are a red herring. The error seems to be the message about the hash. It might be bug 324785 but your key isn't publicly available so I couldn't check.
Thanks - yeah I have even started the agent in the .xinit and I get prompted for the keyring password (with or without the agent) - BUT the same configuration used to work with thunderbird. The key is publically available, and yes the hash is 256 bits, as displayed. If that is the case then it is prob a duplicate. Thanks again. (In reply to comment #5) > It looks to me like the gpg-agent errors are a red herring. The error seems to > be the message about the hash. It might be bug 324785 but your key isn't > publicly available so I couldn't check. >
gpg> showpref [ultimate] (1). chxanders <chxanders@gmail.com> Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA256, SHA1, SHA384, SHA512, SHA224 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify I will try changing to the SHA1 and let you know if it worked.
Reporter -- any update on whether your change worked?
evolution did not get any changes for supporting stronger hash yet afaik. *** This bug has been marked as a duplicate of bug 324785 ***
hey it was bank holiday monday. seems to be related to the hash size, ie. not being sha1, which is the default, i am led to believe, for the 1024 DSA and RSA keys. anyhow, this doesn't seem to be an issue for weak > Reporter -- any update on whether your change worked? >