From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#67012: 29.1;
 epa-sign-file pinentry loopback mode does not work with S/MIME
Date: Wed, 15 Nov 2023 16:02:21 +0200
Message-ID: <83jzqjqfma.fsf@gnu.org>
References: <u4jhvqus0@gentoo.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="1786"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: 67012@debbugs.gnu.org
To: Ulrich Mueller <ulm@gentoo.org>, Michael Albinus <michael.albinus@gmx.de>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Nov 15 17:09:29 2023
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1r3ISG-0000E1-L1
	for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 15 Nov 2023 17:09:28 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1r3IQv-0002yK-Jl; Wed, 15 Nov 2023 11:08:05 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r3IQt-0002x9-Rn
 for bug-gnu-emacs@gnu.org; Wed, 15 Nov 2023 11:08:03 -0500
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r3IQt-000096-Is
 for bug-gnu-emacs@gnu.org; Wed, 15 Nov 2023 11:08:03 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1r3IQs-0001Vq-LA
 for bug-gnu-emacs@gnu.org; Wed, 15 Nov 2023 11:08:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Wed, 15 Nov 2023 16:08:02 +0000
Resent-Message-ID: <handler.67012.B67012.17000644565529@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67012
X-GNU-PR-Package: emacs
Original-Received: via spool by 67012-submit@debbugs.gnu.org id=B67012.17000644565529
 (code B ref 67012); Wed, 15 Nov 2023 16:08:02 +0000
Original-Received: (at 67012) by debbugs.gnu.org; 15 Nov 2023 16:07:36 +0000
Original-Received: from localhost ([127.0.0.1]:52992 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1r3IQR-0001Qv-96
 for submit@debbugs.gnu.org; Wed, 15 Nov 2023 11:07:35 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:58120)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1r3IQP-0001QS-Q6
 for 67012@debbugs.gnu.org; Wed, 15 Nov 2023 11:07:34 -0500
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1r3GTQ-0003uY-CF; Wed, 15 Nov 2023 09:02:32 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From:
 Date; bh=fJmoPqkHPaJNlyiRQTPE7dbSuq+KpVSlN96Ivf/V6G8=; b=IvO3z+5PX2UF40Ymxhql
 NzeesKSiOHVjE90Hc8toyYwWBElqkQ5EDKFBYRdDKiD8KbqurofpYSpNH3KjKSGdwMM2D46XVj0Qn
 gamPB2C5YswFtEGoKyuFrNmL03U0Ksk1goHxFucl554vNlpqQd4dbPs3MUhDAz5qq/Zu95YmMBUM4
 KCOKU1HbjU0EtGkIWdsxyTZ/k163ddslRSROGBS0rbV5ZgxeGQAmp25tGeLHC8+WaxfhxJL8VgvSQ
 /NgMkQ2jfjD8LQ1OP27QhZf1++JuKGyIh1RWeTrmjimRWTM78uFq/oMWrW0mB1S5rL3QMepEQF5nz
 zAslE2T9j8u0eg==;
In-Reply-To: <u4jhvqus0@gentoo.org> (message from Ulrich Mueller on Thu, 09
 Nov 2023 07:56:47 +0100)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:274366
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/274366>

> From: Ulrich Mueller <ulm@gentoo.org>
> Date: Thu, 09 Nov 2023 07:56:47 +0100
> 
> I was originally trying to sign e-mail messages with S/MIME using
> mml-secure-sign-smime followed by message-send, which fails when I
> customize epg-pinentry-mode as loopback.
> 
> The problem also occurs with epa-sign-file, which is easier to reproduce
> (because it doesn't need as much configuration). So I am reporting the
> bug for this command.
> 
> To reproduce, emacs -Q, then execute in the *scratch* buffer:
> 
>    (write-region "hello\n" nil "hello.txt")
>    (require 'epa)
> 
>    (let ((epg-pinentry-mode 'loopback)
>          (epa-protocol 'CMS))
>      (epa-sign-file
>       "hello.txt"
>       (epa-select-keys (epg-make-context epa-protocol) "Key:" nil t)
>       'normal))
> 
> This asks interactively to select a key. After doing so, it fails with
> the following error (shown in an "*Error* (EPA Info)" buffer):
> 
>    Error while signing with "/usr/bin/gpgsm":
> 
>    gpgsm: ignoring gpg-agent inquiry 'PASSPHRASE'
>    gpgsm: error creating signature: No passphrase given <GPG Agent>
> 
> Debugger *Backtrace* (key IDs x-ed out):
> 
>    Debugger entered--Lisp error: (epg-error "Sign failed" "")
>      signal(epg-error ("Sign failed" ""))
>      epa-sign-file("hello.txt" (#s(epg-key :owner-trust nil :sub-key-list (#s(epg-sub-key :validity nil :capability (encrypt sign) :secret-p nil :algorithm 1 :length 4096 :id "XXXXXXXXXXXXXXXX" :creation-time 20231107 :expiration-time 20251106 :fingerprint "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX")) :user-id-list (#s(epg-user-id :validity nil :string (("CN" . "Ulrich Müller") ("OU" . "Institut fuer Kernphysik") ("O" . "Johannes Gutenberg-Universitaet Mainz") ("L" . "Mainz") ("ST" . "Rheinland-Pfalz") ("C" . "DE")) :signature-list nil) #s(epg-user-id :validity nil :string "<ulm@uni-mainz.de>" :signature-list nil)))) normal)
>      (let ((epg-pinentry-mode 'loopback) (epa-protocol 'CMS)) (epa-sign-file "hello.txt" (epa-select-keys (epg-make-context epa-protocol) "Key:" nil t) 'normal))
>      (progn (let ((epg-pinentry-mode 'loopback) (epa-protocol 'CMS)) (epa-sign-file "hello.txt" (epa-select-keys (epg-make-context epa-protocol) "Key:" nil t) 'normal)))
>      eval((progn (let ((epg-pinentry-mode 'loopback) (epa-protocol 'CMS)) (epa-sign-file "hello.txt" (epa-select-keys (epg-make-context epa-protocol) "Key:" nil t) 'normal))) t)
>      elisp--eval-last-sexp(t)
>      eval-last-sexp(t)
>      eval-print-last-sexp(nil)
>      funcall-interactively(eval-print-last-sexp nil)
>      call-interactively(eval-print-last-sexp nil nil)
>      command-execute(eval-print-last-sexp)
> 
> When I change epg-pinentry-mode to ask or epa-protocol to OpenPGP in
> the let-binding, things work as expected. In other words, only the
> combination of S/MIME and pinentry loopback fails.
> 
>    |          | OpenPGP | CMS   |
>    |----------+---------+-------|
>    | ask      | works   | works |
>    | loopback | works   | fails |
> 
> I use pinentry-gnome3, in case this should matter:
> 
>    $ readlink /usr/bin/pinentry
>    pinentry-gnome3

Michael, could you please look into this?