(SOLVED) GPG with Thunderbird with KDE

Hardware Librem (Other)
,
1

SOLVED:

Ok, so here’s what I have. I’m not a fan of GNOME. Just not the interface for me. So I moved to KDE. After realizing that Thunderbird was not ever asking me for my Librem Key PIN I started looking at the components of GnuPG that are responsible for bringing up the PIN gui. I had set up the gpg-agent.conf file correctly but discovered that the default PureOS setup actually does a symlink in /usr/bin/pinentry and /usr/bin/pinentry-x11. It points to /etc/alternatives/pinentry and /etc/alternatives/pinentry-x11 which are also symlinked back to /usr/bin/pinentry-gnome3.

This was the issue. KDE needs to use pinentry-qt and because these are symlinked to pinentry-gnome3, my gpg-agent.conf file was never being read (or followed). So I changed the symlink in /etc/alternatives/pinentry / pinentry-x11 to /usr/bin/pinentry-qt and everything with Thunderbird is working now.

I hope this can help someone else who may be experiencing the same issue if they move to KDE.

** Original Post **

Has anyone gotten GPG from the Librem Key to work with thunderbird? I’ve got it set up with my GPG from the librem key but when I go to send the email it fails. If I go back and choose not to sign the email (just encrypt) the email will send but I’m not able to decrypt it. I’ve imported my public key into the PGP key manager within Thunderbird.

As a test I imported my private key from my backup drive and using that seems to work just fine so the problem is isolated to the Librem Key. I’m not sure where I went wrong so if anyone can point me to the right direction.

ADDITIONAL INFO: To be sure the librem key was working I decided to do file encryption/decryption just to see if that worked. I ran:
echo “test” | gpg --encrypt -r (my email address) > out.pgp

then

gpg --decrypt -v out.pgp

both commands worked. So I believe this is a problem getting Thunderbird to read from the Librem Key.

ERROR LOG FROM THUNDERBIRD:
mimeEncrypt.js: caught exception: Error
Message: ‘failure in finishCryptoEncapsulation, exitCode: -1’
File: chrome://openpgp/content/modules/mimeEncrypt.jsm
Line: 580
Stack: finishCryptoEncapsulation@chrome://openpgp/content/modules/mimeEncrypt.jsm:580:15
createMessageFile@resource:///modules/MimeMessage.jsm:86:27

OBSERVATION:

When Thunderbird accesses my key (the red light is on) it never asks me for a PIN. I would expect it to during signing.

2

just as a note, we have this guide for this: https://tracker.pureos.net/w/pureos/tips/configure_thunderbird_to_work_with_librem_key_and_other_gpg_smartcards/

3

That guide only works if your using the default Gnome with PureOS. If you switch to KDE as I have, your guide is useless until you follow my resolution steps first. Please be sure to read my entire post before responding.

The guide should actually be updated to include the additional steps required for KDE users. That would be ideal.

4

Charming…

The title of the post is GPG with Thunderbird, not GPG with thunderbird and KDE. You want to exclude guides for other shells make the title more specific.

We do not officially support KDE, we do have an image with KDE but that is basically experimental. But users can check this post.

5

At the time I made the post I didn’t know that KDE was part of the issue. I also did not realize that including KDE as part of the title was a requirement. In the future I’ll try to be more specific on the title.

Just so I’m on the same page, in the future I shouldn’t post on the forums for any support if it relates to KDE. Only GNOME is permitted to get support in the forums. Am I understanding this correctly?

6

I did not said that. :smiley:

Since PureOS does not have an official KDE image and we do not provide official support for KDE, we do not feel we have the obligation to add and maintain KDE specific documentation in the PureOS documentation page.

But this forum is different, this is a community Forum, users are more than free post tutorials and their solutions to issues here, even KDE on their devices.

1 Like
7

Ok. I misunderstood. You were referring to my reply regarding the documentation, and adding KDE specific info. I understand the need to limit support to only what PureOS specifically supports. I think thats why I felt the need to figure out the problem on the forums, so others who may choose KDE in the future can find a way to get it all working.

I did try to edit the title just now so I could add KDE to it but it doesn’t seem to let me edit it anymore. Is that because it’s been a few days since I posted this?

8

Yes, there is a time limit after which a user cannot edit the posts. But I made the post into a wiki, so you should be able to edit it now.

9

I can edit everything but the title. Its grayed out. :frowning:

10

I edited the title, is it ok now?

11

Looks perfect! Thanks.