s/mime with crypt_use_gpgme and gpgsm not working?

Michael Tatge tatgeml at gmail.com
Wed Mar 21 11:45:41 UTC 2018 

Hi,

i'm trying to run mutt with s/mime and
$crypt_use_gpgme set, but i keep running into errors when it comes to
decryption. Signing / verifying works ok.

TL;DR i cannot decrypt messages that are encrypted for me.

[-- Begin signature information --]
Good signature from:
1.2.840.113549.1.9.1=#6D69636861656C2E7461746765406D63666573732D69742E636F6D
                aka: <michael.tatge at XXX>
            created: Wed Mar 21 12:22:08 2018
[-- End signature information --]

[-- The following data is signed --]

BUT:
[-- The following data is S/MIME encrypted --]

[-- Error: decryption failed: Invalid value passed to IPC --]


[-- End of S/MIME encrypted data --]

Sending s/mime encypted messages seems ok too.

Maybe i'm doing something wrong.

Mutt 1.9.4 (2018-02-28)   (debian package from testing)
gpgsm (GnuPG) 2.2.5
libgcrypt 1.8.1
libksba 1.3.5-unknown

gpg:OpenPGP:/usr/bin/gpg
gpg-agent:Private Keys:/usr/bin/gpg-agent
scdaemon:Smartcards:/usr/lib/gnupg/scdaemon
gpgsm:S/MIME:/usr/bin/gpgsm
dirmngr:Network:/usr/bin/dirmngr
pinentry:Passphrase Entry:/usr/bin/pinentry

gpg-agent.conf:
default-cache-ttl 600
pinentry-program /usr/bin/pinentry-curses

gpgsm.conf:
default-key C1:B3:80:90:E5:8F:FE:53:8C:44:2B:70:7E:79:CD:E2:72:55:59:85
auto-issuer-key-retrieve
include-certs -1  # this will include all certificates in the chain up to the root

gpgsm --list-keys
is listing all certs including the whole ca chain

gpgsm --list-secret-keys is listing my secret key


running gpgsm manually seems to be working ok

$ echo "some text" | gpgsm --sign --armor | gpgsm --verify
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: DBG: adding certificates at level -1
gpgsm: signature created
gpgsm: Signature made 2018-03-21 11:09:21 using certificate ID
0x72555985
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Good signature from "/EMail=michael.tatge at XXX"
gpgsm:                 aka "michael.tatge at XXX"

$ echo "some text" | gpgsm --encrypt --recipient michael.tatge at XXX --armor | gpgsm --decrypt
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: encrypted data created
gpgsm: DBG: recp 0 - issuer: 'CN=COMODO RSA Client Authentication and
Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater
Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 069B11DBBF7D5819F2ED167B024F009F
some text

relevant muttrc:
unset smime_is_default
set crypt_autosmime
set crypt_use_gpgme

I'm NOT sourcing gpg.rc or smime.rc.
If I source both and unset crypt_use_gpgme
Everything is fine tough, but it uses smime_keys then.

Thanks,

Michael
-- 
PGP-Key-ID:     0xDE3C3D3BEEE7D043
Jabber:         init0 at jabber.de

More information about the Mutt-dev mailing list