Ubuntu
kdepim package

importing .p12 certificate fails with "decryption failed" dialog

Bug #71791 reported by Lucy Llewellyn
16
Affects Status Importance Assigned to Milestone
kdepim (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: kleopatra

using file->import certificate and selecting my .p12 certificate file, kleopatra responds with:
An error occurred while trying to import the certificate mycert.p12: Decryption Failed

Using the kwatchgnupg tool launched from the kleopatra menus, I captured this log:

[2006-11-14T16:46:30] Log cleared
[client at fd 4 connected]
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: -> Home: ~/.gnupg
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: -> Config: /home/daniel/.gnupg/gpgsm.conf
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: -> AgentInfo: [not set]
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: -> DirmngrInfo: [not set]
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: -> GNU Privacy Guard's S/M server 1.9.21 ready
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: <- OPTION display=:0.0
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: -> OK
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: <- OPTION lc-ctype=en_GB.UTF-8
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: -> OK
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: <- OPTION lc-messages=en_GB.UTF-8
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: -> OK
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: <- INPUT FD=14
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: -> OK
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: <- IMPORT
  4 - 2006-11-14 16:46:35 gpgsm[21741]: gpg-protect-tool: gpg-agent is not available in this session
  4 - 2006-11-14 16:46:35 gpgsm[21741]: gpg-protect-tool: error while asking for the passphrase: Invalid digest algorithm
  4 - 2006-11-14 16:46:35 gpgsm[21741]: error running `/usr/lib//gpg-protect-tool': exit status 2
  4 - 2006-11-14 16:46:35 gpgsm[21741]: total number processed: 0
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: -> S IMPORT_RES 0 0 0 0 0 0 0 0 0 0 0 0 0 0
  4 - 2006-11-14 16:46:35 gpgsm[21741.0x54f2e0] DBG: -> ERR 50331800 Decryption failed

Revision history for this message
CA G Rajesh (ca.grajesh) wrote :

Very true. This is only problem that stops me from using kmail in full scale. I have to resort to evolution or thunderbird. Someone please fix it or find some work around.

Revision history for this message
SilentPh03nix (silentph03nix) wrote :

I have this same problem importing my Thawte freemail cert. Also, kmail, doesn't seem to check the status of certs that other people sign their email with even if I have their public cert imported into kleopatra. I am running up to date ubuntu dapper 6.06.1 LTS with the latest KDE 3.5.5 packages.

Revision history for this message
Rich Johnson (nixternal) wrote :

Confirming due to responses.

Changed in kdepim:
importance: Undecided → Medium
status: Unconfirmed → Confirmed
Revision history for this message
Tomas Thiemel (thiemel) wrote :

Hi,
on this site:
http://mepislovers.org/forums/archive/index.php/t-4359.html
I have found "HOW-TO" bypass this "bug"

Here is just code you need to execute (certbundle.p12 is YOUR certificate):

$ openssl pkcs12 -in certbundle.p12 -out certbundle.pem -nodes
$ openssl pkcs12 -in certbundle.pem -export -out certkey.p12 -nocerts -nodes
$ export $(gpg-agent --daemon)
$ gpgsm --call-protect-tool --p12-import --store certkey.p12

Revision history for this message
Tomas Thiemel (thiemel) wrote :

UPDATE:
Even, if you can import your private certificate into kleopatra, YOU CAN'T USE IT for mail signing IN KMAIL...

You there is only one "right soltion" - use Kgpg and gpg keys for mail signing...

Revision history for this message
dukat (dukat) wrote :

Still the same bug under Feisty 7.04 with the KDE 3.5.7 update ...

Revision history for this message
Florian Reinhard (freinhard) wrote :

Importing seems to be fixed in Gutsy 7.10 and KDE 3.5.8 but i still can't sign my messages with the key iported via kleopatra. I'm getting something like "Signing failed: general error" (Signierung fehlgeschlagen: Allgemeiner Fehler).

Revision history for this message
Tomas Thiemel (thiemel) wrote :

Hi, after hard days and nights I finally found the problem - you can check it at http://gentoo-wiki.com/index.php?title=HOWTO_KMail_gpg-agent_kde#Setting_up_gpg-agent_with_KDE

So solution:
1) you must create (executable) file "~/.kde/env/gpg-agent.sh"
***
#!/bin/bash
eval `gpg-agent --daemon`
***

2) you must create (executable) file (and target folder) "~/.kde/shutdown/gpg-agent.sh"
***
#!/bin/sh
# the second field of the GPG_AGENT_INFO variable is the
# process ID of the gpg-agent active in the current session
# so we'll just kill that, rather than all of them :)
[[ -n ${GPG_AGENT_INFO} ]] && kill `echo ${GPG_AGENT_INFO} | cut -d ':' -f 2`
***

3) Restart your KDE session

4) WOW! It works!

PS: you must create these start&stop scripts for every user, who wants to use X.509 signatures in Kmail...

Revision history for this message
Harald Sitter (apachelogger) wrote :

Installing pinentry takes care of this nowadays.

Changed in kdepim:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.