Sign and encrypt mail with Thunderbird (enigmail)

Well, I had decided to give Thunderbird a go after I installed gutsy. I had never tried it actually, only to get my univ mails on a Windows box at work. This entry is to document an error I had, with the fix.

To create and manage gpg keys, please check here. So I’ll assume you already have a gpg key. Install enigmail, and restart your session (I think just restarting Tb will do).

sudo aptitude install enigmail

On Ubuntu, enigmail is in the main repositories:

isabella@yeti:~ $ apt-cache madison enigmail
  enigmail | 2:0.95.0-0ubuntu3 | gutsy/main Packages
  enigmail | 2:0.95.0-0ubuntu3 | gutsy/main Sources

When restarting Tb, a wizard will run, it’s all pretty straightforward. But I could not get to sign an email. Encryption would run fine, but then a similar error would come up, all related to the passphrase for my gpg key:

gpg can't connect to ~/.gnome2/seahorse-Mq1hUm/S.gpg-agent

Hmm… I did read tons of emails provided by a google search, forums posts and such. Then, I had a look at my ~/.gnupg/gpg.conf. Sure enough, commenting the lines:

# use-agent
# gpg-agent-info /home/isabella/.gnome2/seahorse-Mq1hUm/S.gpg-agent:4671:1

that you can find at the bottom of the file did the trick! All good now.

EDIT: Please read the comments below. Installing pinentry-gtk2 (Xfce desktop here) allows to comment only the last line (gpg-agent-info…) and use the agent.


6 thoughts on “Sign and encrypt mail with Thunderbird (enigmail)

  1. HymnToLife

    Why not use the agent ? It’s much nicer than having to type your passphrase over and over again.

    sudo apt-get install gnupg-agent

    The weird thing is that Enigmail is supposed to ignore the use-agent directive and fallback to the “standard” mode if the agent is not running…

  2. bapoumba

    :~ $ aptitude show gnupg-agent
    Package: gnupg-agent
    New: yes
    State: installed
    Automatically installed: yes
    Version: 2.0.4-1ubuntu3

    Yes, and this is the part that I really did not understand and that took me a long time to find a workaround… I’ll have to check Tb on my feisty box (where I use Evolution and had no problem with). It may be a gusty problem, but I had no time to investigate further. Thanks HTL :)

  3. HymnToLife

    That’s because, if the two lines you mentioned were uncommented, the second one forces Enigmail to use the path ~/.gnome2/seahorse-Mq1hUm/S.gpg-agent to connect to the gpg-agent, which is often not correct. If you comment out that line only, the path to the GPG agent socket will be autodetected using the GPG_AGENT_INFO environment variable, like this :

    firas@Ana ~ $ echo $GPG_AGENT_INFO

    as you can see, not at all like the path it tried to connect to before ^^

  4. bapoumba

    Yes, I did try that too:
    Send operation aborted
    Error – bad passphrase

    gpg command line output:
    /usr/bin/gpg –charset utf8 –batch –no-tty –status-fd 2 comment ‘Using GnuPG with Mozilla –‘ -t –clearnign -u –use-agent
    gpg: canceled by user
    gpg: skipped “0xA294BA16”: bad passphrase
    gpg: [stdin]: clearsign failed: bad passphrase

    I never get to enter my passphrase unless I comment both…

  5. HymnToLife

    You also need to install a pinentry package so it will display a dialog window where you can enter your passphrase. Since you’re usinK the evil Knome, I Kuess, pinentry-gtk2 will do the tricK for you ;)

Comments are closed.