[kmail2] [Bug 318116] New: Interface with gpgsm hangs after any S/MIME operation, requires killing gpgsm

Matt Whitlock kde at mattwhitlock.name
Wed Apr 10 05:50:03 BST 2013 

https://bugs.kde.org/show_bug.cgi?id=318116

            Bug ID: 318116
           Summary: Interface with gpgsm hangs after any S/MIME operation,
                    requires killing gpgsm
    Classification: Unclassified
           Product: kmail2
           Version: 4.10.2
          Platform: Gentoo Packages
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: crypto
          Assignee: kdepim-bugs at kde.org
          Reporter: kde at mattwhitlock.name

When performing any S/MIME operation (encrypting, decrypting, signing,
verifying), KMail's background task hangs indefinitely, until the spawned gpgsm
process is killed. Once the gpgsm is killed, KMail resumes normal behavior (and
even sees the correct result of the gpgsm operation).

Reproducible: Always

Steps to Reproduce:
1. Try to view a signed and/or encrypted S/MIME message.
2. KMail never gets past "Please wait while the signature is being verified" or
"Please wait while the message is being decrypted".
3. killall gpgsm
4. KMail completes verification or decryption.
Actual Results:  
KMail's S/MIME operations hang until the spawned gpgsm process is killed.

Expected Results:  
KMail should be able to perform S/MIME operations without the gpgsm process
needing to be manually killed.

Here is the GnuPG log resulting from opening an encrypted email (with several
recipients) in KMail:

[client at fd 5 connected]
  5 - 2013-04-10 00:32:37 gpgsm[8120]: enabled debug flags: assuan
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> # Home: ~/.gnupg
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> # Config:
/home/mattw/.gnupg/gpgsm.conf
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> # AgentInfo:
/tmp/gpg-SIR2s2/S.gpg-agent:5289:1
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> # DirmngrInfo: [not set]
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> OK GNU Privacy Guard's S/M
server 2.0.19 ready
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 <- OPTION display=:0
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 <- OPTION enable-audit-log=1
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 <- # descriptor 26 is in flight
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 <- INPUT FD
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 <- # descriptor 28 is in flight
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 <- OUTPUT FD
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 <- DECRYPT
  5 - 2013-04-10 00:32:37 gpgsm[8120]: DBG: recp 0 - issuer: #####REDACTED#####
  5 - 2013-04-10 00:32:37 gpgsm[8120]: DBG: recp 0 - serial: 52
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> S ENC_TO 69F4C6A64E8F54FB 0 0
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK Pleased to meet you,
process 8120
  5 - 2013-04-10 00:32:37 gpgsm[8120]: DBG: connection to agent established
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> RESET
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> OPTION display=:0
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> OPTION
putenv=GTK_IM_MODULE=xim
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> OPTION allow-pinentry-notify
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> RESET
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> SETKEY
2B3FCDED2104E11ACB32DDD23E0252D92E255266
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> SETKEYDESC
Please+enter+the+passphrase+to+unlock+the+secret+key+for+the+X.509+certificate:#####REDACTED#####
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> PKDECRYPT
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- INQUIRE CIPHERTEXT
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> [ 44 20 28 37 3a 65 6e 63 2d
76 61 6c 28 33 3a 72 ...(273 byte(s) skipped) ]
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> END
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- ERR 67108881 No secret key
<GPG Agent>
  5 - 2013-04-10 00:32:37 gpgsm[8120]: error decrypting session key: No secret
key
  5 - 2013-04-10 00:32:37 gpgsm[8120]: decrypting session key failed: No secret
key
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> S NO_SECKEY 69F4C6A64E8F54FB
  5 - 2013-04-10 00:32:37 gpgsm[8120]: DBG: recp 1 - issuer: #####REDACTED#####
  5 - 2013-04-10 00:32:37 gpgsm[8120]: DBG: recp 1 - serial: 53
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> S ENC_TO FFFFFFFFEF76C775 0 0
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> RESET
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> SETKEY
89945F0CB0E8CCD558C78D935B6F735E88B40641
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> SETKEYDESC
Please+enter+the+passphrase+to+unlock+the+secret+key+for+the+X.509+certificate:#####REDACTED#####
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> PKDECRYPT
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- INQUIRE CIPHERTEXT
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> [ 44 20 28 37 3a 65 6e 63 2d
76 61 6c 28 33 3a 72 ...(273 byte(s) skipped) ]
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> END
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- ERR 67108881 No secret key
<GPG Agent>
  5 - 2013-04-10 00:32:37 gpgsm[8120]: error decrypting session key: No secret
key
  5 - 2013-04-10 00:32:37 gpgsm[8120]: decrypting session key failed: No secret
key
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> S NO_SECKEY FFFFFFFFEF76C775
  5 - 2013-04-10 00:32:37 gpgsm[8120]: DBG: recp 2 - issuer: #####REDACTED#####
  5 - 2013-04-10 00:32:37 gpgsm[8120]: DBG: recp 2 - serial: 55
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> S ENC_TO 39D7924FFFFFFFFF 0 0
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> RESET
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> SETKEY
E498D68EC75CA8AD94E024BA78BC6C1D07C610C7
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> SETKEYDESC
Please+enter+the+passphrase+to+unlock+the+secret+key+for+the+X.509+certificate:#####REDACTED#####
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> PKDECRYPT
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- INQUIRE CIPHERTEXT
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> [ 44 20 28 37 3a 65 6e 63 2d
76 61 6c 28 33 3a 72 ...(279 byte(s) skipped) ]
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> END
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- ERR 67108881 No secret key
<GPG Agent>
  5 - 2013-04-10 00:32:37 gpgsm[8120]: error decrypting session key: No secret
key
  5 - 2013-04-10 00:32:37 gpgsm[8120]: decrypting session key failed: No secret
key
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> S NO_SECKEY 39D7924FFFFFFFFF
  5 - 2013-04-10 00:32:37 gpgsm[8120]: DBG: recp 3 - issuer: #####REDACTED#####
  5 - 2013-04-10 00:32:37 gpgsm[8120]: DBG: recp 3 - serial: 5B
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_26 -> S ENC_TO FFFFFFFFDA2FCFC4 0 0
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> RESET
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> SETKEY
015C1A86EEB02C504E8E6765F42F7522E9A41C33
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> SETKEYDESC
Please+enter+the+passphrase+to+unlock+the+secret+key+for+the+X.509+certificate:#####REDACTED#####
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> PKDECRYPT
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- INQUIRE CIPHERTEXT
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> [ 44 20 28 37 3a 65 6e 63 2d
76 61 6c 28 33 3a 72 ...(273 byte(s) skipped) ]
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> END
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 <- INQUIRE PINENTRY_LAUNCHED
8121
  5 - 2013-04-10 00:32:37 gpgsm[8120]: chan_11 -> END
  5 - 2013-04-10 00:32:42 gpgsm[8120]: chan_11 <- [ 44 20 28 35 3a 76 61 6c 75
65 32 35 35 3a 02 bd ...(259 byte(s) skipped) ]
  5 - 2013-04-10 00:32:42 gpgsm[8120]: chan_11 <- OK
  5 - 2013-04-10 00:32:42 gpgsm[8120]: chan_26 -> S DECRYPTION_OKAY
  5 - 2013-04-10 00:32:42 gpgsm[8120]: chan_26 -> OK
  5 - 2013-04-10 00:32:42 gpgsm[8120]: chan_26 <- # descriptor 27 is in flight
  5 - 2013-04-10 00:32:42 gpgsm[8120]: chan_26 <- OUTPUT FD
  5 - 2013-04-10 00:32:42 gpgsm[8120]: chan_26 -> OK
  5 - 2013-04-10 00:32:42 gpgsm[8120]: chan_26 <- GETAUDITLOG --html
  5 - 2013-04-10 00:32:42 gpgsm[8120]: chan_26 -> OK
(( I had to kill the gpgsm process at this point to get KMail to display the
decrypted message. ))
[client at fd 5 disconnected]


Here is the GnuPG log resulting from opening a signed email in KMail:

[client at fd 5 connected]
  5 - 2013-04-10 00:33:12 gpgsm[8188]: enabled debug flags: assuan
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> # Home: ~/.gnupg
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> # Config:
/home/mattw/.gnupg/gpgsm.conf
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> # AgentInfo:
/tmp/gpg-SIR2s2/S.gpg-agent:5289:1
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> # DirmngrInfo: [not set]
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> OK GNU Privacy Guard's S/M
server 2.0.19 ready
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 <- OPTION display=:0
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> OK
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 <- OPTION enable-audit-log=1
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> OK
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 <- # descriptor 24 is in flight
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 <- INPUT FD
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> OK
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 <- # descriptor 24 is in flight
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 <- MESSAGE FD
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> OK
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 <- VERIFY
  5 - 2013-04-10 00:33:12 gpgsm[8188]: detached signature
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> S NEWSIG
  5 - 2013-04-10 00:33:12 gpgsm[8188]: Signature made 2013-04-09 15:39:38 using
certificate ID 0x7180637D
  5 - 2013-04-10 00:33:12 gpgsm[8188]: certificate is good
  5 - 2013-04-10 00:33:12 gpgsm[8188]: root certificate is good
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_10 <- OK Pleased to meet you,
process 8188
  5 - 2013-04-10 00:33:12 gpgsm[8188]: DBG: connection to agent established
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_10 -> RESET
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_10 <- OK
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_10 -> OPTION display=:0
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_10 <- OK
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_10 -> OPTION
putenv=GTK_IM_MODULE=xim
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_10 <- OK
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_10 -> OPTION allow-pinentry-notify
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_10 <- OK
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_10 -> ISTRUSTED
957E9EB15ABBC3F2837A081CDB788DD12128C753
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_10 <- OK
  5 - 2013-04-10 00:33:12 gpgsm[8188]: CRLs not checked due to
--disable-crl-checks option
  5 - 2013-04-10 00:33:12 gpgsm[8188]: validation model used: shell
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> S GOODSIG
06E6A5B44044C53F0C8C72086DEDCD4B7180637D #####REDACTED#####
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> S VALIDSIG
06E6A5B44044C53F0C8C72086DEDCD4B7180637D 2013-04-09 20130409T153938
20131221T184552 0 0 1 2 00
  5 - 2013-04-10 00:33:12 gpgsm[8188]: Good signature from #####REDACTED#####
  5 - 2013-04-10 00:33:12 gpgsm[8188]:                 aka #####REDACTED#####
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> S TRUST_FULLY 0 shell
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> OK
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 <- # descriptor 25 is in flight
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 <- OUTPUT FD
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> OK
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 <- GETAUDITLOG --html
  5 - 2013-04-10 00:33:12 gpgsm[8188]: chan_24 -> OK
(( I had to kill the gpgsm process at this point to get KMail to show that the
signature is valid. ))
[client at fd 5 disconnected]

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list