Keyrings not found

[pkoevesdi]

I tried it on 3 different computers, 2 with windows 10 Pro, one with windows 7 pro. All of them with a fresh installation of gpg4win (without gpgol plugin) bfore installing OutlookPrivacyPlugin and unchanged keyring or gnupg installation directory. Kleopatra is working and showing the keys. But OutlookPrivacyPlugin keeps popping up the attached error message when trying to send an ancrypted message. I also tried to mess around with the GNUPGHOME environment variable, but without success. What has to got there in the normal case (without changed locations)?

[Meddington]

Did you try setting the environmental variable as mentioned in the error dialogue?

Cheers, Mike

On Oct 29, 2017, at 11:44 AM, pkoevesdi notifications@github.com wrote:

I tried it on 3 different computers, 2 with wondows 10 Pro, one with windows 7 pro. All of them with a fresh installation of gpg4win (without gpgol plugin) and unchenged keyring or gnupg installation directory. Kleopatra is working and showing the keys. But OutlookPrivacyPlugin keeps popping up the attached error message when trying to send an ancrypted message.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[pkoevesdi]

As I said: I also tried to mess around with the GNUPGHOME environment variable, but without success. I tried putting in the path "c:\Users...\AppData\Roaming\gnupg" and the path to the binary. The error message doesn't say much. What has to go there in the normal case (without changed locations)?

[pkoevesdi]

Andf must it be the lokal variable or a system variable?

[pkoevesdi]

And, anyway, isn't Gnupg / Kleopatra supposed to fail too, if the Gnupghome is set wrong? They don't fail, they work!

[Meddington]

Not sure, they may work off a registry key, or shared code. It’s never been a problem for me. I have a win10 box and no problems.

Opp doesn’t directly use gnupg, only the key ring files.

The correct value for gpg home is documented I’m sure. On Unix it’s ~/.gnupg.

You could also try gpgol, it works with modern outlook and uses gnupg directly.

Cheers, Mike

On Oct 29, 2017, at 1:17 PM, pkoevesdi notifications@github.com wrote:

And, anyway, isn't Gnupg / Kleopatra supposed to fail too, if the Gnupghome is set wrong? They don't fail, they work!

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[pkoevesdi]

The documented default location is "c:\Users...\AppData\Roaming\gnupg". This is the correct location on all the test systems, never changed. Tried to put it in GNUPGHOME, user wide and system wide, but it didn't help. So, since this happens on different test systems, I suppose it is a bug? gpgol, as a matter of fact, crashes on one of the test systems, the main one. :-( That's why I came back to Opp.

[Meddington]

Probably a bug. I’ve never seen it on default windows installs. I’m assuming these are company machines? Possibly there is an issue related to other installed software or the domain policies.

I’d try system environmental variable. Reboot. Also the opp settings may have or display the value. I’m away from work and don’t remember exactly.

Cheers, Mike

On Oct 29, 2017, at 5:42 PM, pkoevesdi notifications@github.com wrote:

The documented default location is "c:\Users...\AppData\Roaming\gnupg". This is the correct location on all the test systems, never changed. Tried to put it in GNUPGHOME, user wide and system wide, but it didn't help. So, since this happens on different test systems, I suppose it is a bug? gpgol, as a matter of fact, crashes on one of the test systems, the main one. :-( That's why I came back to Opp.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[pkoevesdi]

No, it are not company machines. It is one laptop of a colleague (the main machine where it's supposed to go), my own windows desktop computer, and another virtual machine inside Ubuntu on my other desktop. I tried both, system and user, and rebooted several times. I didn't find a clue inside opp, where it tries to find the keyring. Could You tell me a way (maybe a log) to tell, where my opp installation expects the keyring? I mean, not in general, but on the actual system.

[Meddington]

There is a setting to turn on debug log. We find it through a few things like registry key, default location, environment variable etc. you can see that in the code if you look.

Was gnu4win upgraded vs new install? Is there anew version in the last 6 months? Maybe try an older version if so.

Cheers, Mike

On Oct 29, 2017, at 6:01 PM, pkoevesdi notifications@github.com wrote:

No, it are not company machines. It is one laptop of a colleague (the main machine where it's supposed to go), my own windows desktop computer, and another virtual machine inside Ubuntu on my other desktop. I tried both, system and user, and rebooted several times. I didn't find a clue inside opp, where it tries to find the keyring. Could You tell me a way (maybe a log) to tell, where my opp installation expects the keyring? I mean, now in general, but on the actual system.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[pkoevesdi]

On all 3 machines gpg4win was a new install. I switched on the DEBUG option in opp. Where is the log supposed to go? c:\Users...\AppData\Roaming\OutlookPrivacyPlugin\ ? The log file there contains no more info than the error message. It doesn't tell where it actually looked for the keyrings. I'll try an older gpg4win version now.

[pkoevesdi]

Ok, the last version before gpg4win 3.0 was 2.3.4. With this version it works! So, maybe You find a way to make it work with 3.0.0 too?

A different question: Is there a way to make opp decrypt messages already in preview pane? At the moment I have to open the message with double click...

[Meddington]

Too bad. Check the code, should give you an idea. Maybe try an older win4gpg.

Otherwise I’m out of ideas atm.

On Oct 29, 2017, at 6:42 PM, pkoevesdi notifications@github.com wrote:

On all 3 machines gpg4win was a new install. I switched on the DEBUG option in opp. Where is the log supposed to go? c:\Users...\AppData\Roaming\OutlookPrivacyPlugin\ ? The log file there contains no more info than the error message. It doesn't tell where it actually looked for the keyrings.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[pkoevesdi]

As a matter of fact, I'm only a user, not able to check the code. :-(

[Meddington]

Awesome! Preview pain decryption is not an easy task with the plug interface I’m using. Gpgol does it through a bunch of c++ code.

Cheers, Mike

On Oct 29, 2017, at 6:58 PM, pkoevesdi notifications@github.com wrote:

Ok, the last version before gpg4win 3.0 was 2.3.4. With this version it works! So, maybe You find a way to make it work with 3.0.0 too?

A different question: Is there a way to make opp decrypt messages already in preview pane? At the moment I have to open the message with double click...

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[simonj-smith]

Just to confirm I had this same issue and after reverting back to GPG4win Version 2.3.4 everything is fine. Not sure what the change is between versions but would advise anyone experiencing the same issue to revert versions.

[Meddington]

I have updated the readme to indicate the recommended version of gpg4win.

On Tue, Dec 5, 2017 at 3:36 AM, simonj-smith notifications@github.com wrote:

Just to confirm I had this same issue and after reverting back to GPG4win Version 2.3.4 everything is fine. Not sure what the change is between versions but would advise anyone experiencing the same issue to revert versions.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/dejavusecurity/OutlookPrivacyPlugin/issues/173#issuecomment-349278637, or mute the thread https://github.com/notifications/unsubscribe-auth/AAm38d02INB4HkMv7bdVuqwIsohmfVzrks5s9SqjgaJpZM4QKSFt .

[dgray4656]

This issue appears to be related to a change in the way GnuPG stores keyring material starting with version 2.1 - the "secring.gpg" file no longer exists, and instead the secret keys are stored as individual items in a directory named "private-keys.v1.d" Also starting with version 2.1, the 'pubring.gpg' file gives way to a 'keybox' format that goes by the name 'pubring.kbx' - although there are scenarios under which 'pubring.gpg' will continue to be used with version 2.1 and later installations. (Details can be found at https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring and https://www.gnupg.org/faq/whats-new-in-2.1.html#keybox). These changes appear to have been implemented to facilitate gpg-agent access to private keys - but I'm not sure of the details.

The logic used by OPP to identify the location of the key files can be found in the source under \Deja.Crypto\BcPgp\CryptoContext.cs, under "public class CryptoContext" - you can see the legacy filenames used for public and private keys are present as string values. I assume those would need to be changed - but there may very well be other more significant changes required. It looks like OPP uses Bouncy Castle 1.7 which didn't appear to directly support the GNUPG v2.1+ key storage approach - but I'm not a programmer so I can't really discern if BouncyCastle is involved or not.

The CryptoContext class does show the different locations where OPP looks for the keyrings, and you may be able to export your private keys to a file named 'secring.gpg' and convert your public keys to the older pubring.gpg format to get it to work - but I haven't tried that myself. The long-term fix would be to update OPP to work with GnuPG v2.1+, but unfortunately I have nowhere near the skills to assist with that.

[mosada881]

Confirmed on what Dagray4656 has said. Rolling back to a pre 2.1 version solves the problem. This is obviously not a long-term solution. Would sincerely appreciate it if someone picked this backup and took care of the bug. May have to abandon this plugin if a workable solution isn't in the works. Again, thanks to all contributors who have taken the project this far.

[ManPython]

Similary case here. The log:

Application_ItemSend

System.ApplicationException: Error, failed to locate keyrings! Please specify location using GNUPGHOME environmental variable.
   w Deja.Crypto.BcPgp.CryptoContext..ctor()
   w OutlookPrivacyPlugin.OutlookPrivacyPlugin.GetKeysForEncryption()
   w OutlookPrivacyPlugin.FormKeySelection.buttonRefreshKey_Click(Object sender, EventArgs e)
   w OutlookPrivacyPlugin.OutlookPrivacyPlugin.Application_ItemSend(Object Item, Boolean& Cancel)`

[chrisoswald]

The problem persists (Win 10, 1903, Outlook 2016).

System.ApplicationException: Error, failed to locate keyrings! Please specify location using GNUPGHOME environmental variable. at Deja.Crypto.BcPgp.CryptoContext..ctor() at Deja.Crypto.BcPgp.CryptoContext..ctor(GetPasswordCallback passwordCallback, String cipher, String digest) at OutlookPrivacyPlugin.OutlookPrivacyPlugin.SignEmail(String data, String key, Boolean wrapLines) at OutlookPrivacyPlugin.OutlookPrivacyPlugin.Application_ItemSend(Object Item, Boolean& Cancel)

For now the plugin is unusable. Going back to a pre 2.1 version is not really an option.

[Meddington]

Unfortunately the OpenPGP library I was using (BoundyCastle) has not been updated in 6 years. I have not had time myself to make a custom patch for the library. Moving to another library (if one exists) would also take some time. The only alternative libraries for OpenPGP that I've found are commercial.

On Mon, Aug 12, 2019 at 10:25 AM chrisoswald notifications@github.com wrote:

The problem persists (Win 10, 1903, Outlook 2016).

System.ApplicationException: Error, failed to locate keyrings! Please specify location using GNUPGHOME environmental variable. at Deja.Crypto.BcPgp.CryptoContext..ctor() at Deja.Crypto.BcPgp.CryptoContext..ctor(GetPasswordCallback passwordCallback, String cipher, String digest) at OutlookPrivacyPlugin.OutlookPrivacyPlugin.SignEmail(String data, String key, Boolean wrapLines) at OutlookPrivacyPlugin.OutlookPrivacyPlugin.Application_ItemSend(Object Item, Boolean& Cancel)

For now the plugin is unusable. Going back to a pre 2.1 version is not really an option.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/dejavusecurity/OutlookPrivacyPlugin/issues/173?email_source=notifications&email_token=AAE3P4NVB4R7ANQT7EHJFHTQEGMHVA5CNFSM4EBJEFW2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4DHM5A#issuecomment-520517236, or mute the thread https://github.com/notifications/unsubscribe-auth/AAE3P4OAPQZBKVRW6R6HMBLQEGMHVANCNFSM4EBJEFWQ .