jaymzh / pius

PGP Individual User Signer
Other
97 stars 25 forks source link

Sending with gmail: 5.7.0 Must issue a STARTTLS command first. gsmtp #70

Closed aristocrates closed 6 years ago

aristocrates commented 6 years ago

Summary

Pius fails to authenticate through gmail's smtp server

Description

GPG password prompt appears, and there doesn't appear to be any error with signing the keys, but there is never a prompt for a gmail password, no emails are sent, and an error message is displayed:

There was a problem talking to the mail server (smtp.gmail.com): (530, '5.7.0 Must issue a STARTTLS command first. z80sm4271335ywz.49 - gsmtp', '<my email address>')

Stacktrace

Command: pius -d -A -H smtp.gmail.com -P 587 -m <my email address@gmail> -s <my signing key ID> -r /path/to/the/pubring.kbx

Output:

pius -d -A -H smtp.gmail.com -P 587 -m <my email address> -s <my signing key ID> -r /path/to/the/pubring.kbx

Welcome to PIUS, the PGP Individual UID Signer.

Setting debug
DEBUG: Running: /usr/bin/gpg2 --version
DEBUG: extracting all keyids from keyring
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb --no-default-keyring --keyring /the/path/to/the/pubring.kbx --no-options --with-colons --keyid-format long --fingerprint --fixed-list-mode
DEBUG: Got id <all the ids> for <all the names> <[all the emails]>

DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --no-default-keyring --keyring /the/path/to/the/pubring.kbx --fingerprint <key id>
<[the key fingerprint and info]>

Have you verified this user/key, and if so, what level do you want to sign at?
  0-3, Show again, Next, Help, or Quit? [0|1|2|3|s|n|h|q] (default: n) 3

Signing all UIDs on key <key id>
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --command-fd 0 --status-fd 1 --no-default-keyring --keyring /the/path/to/the/pubring.kbx --no-options --with-colons --edit-key <key id>
DEBUG: Got a line [GNUPG:] <a few lines and output removed for now because it didn't seem relevant and had some personally identifying details>

DEBUG: Got UID <a few more lines and output removed for now because it didn't seem relevant and had some personally identifying details>

DEBUG: got to command prompt
DEBUG: quitting
DEBUG: waiting
  There are 2 UIDs on this key to sign
DEBUG: exporting <my signing key ID>
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --no-default-keyring --keyring /the/path/to/the/pubring.kbx --armor --output /tmp/pius_tmp/<my signing key ID>.asc --export <my signing key ID>
DEBUG: exporting <their key ID>
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --no-default-keyring --keyring /the/path/to/the/pubring.kbx --armor --output /tmp/pius_tmp/<their key ID>.asc --export <their key ID>
  UID 1 (<their email>): DEBUG: importing <my signing key ID>
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --no-default-keyring --keyring /tmp/pius_tmp/pius_keyring.gpg --import-options import-minimal,keep-ownertrust --import /tmp/pius_tmp/<my signing key ID>.asc
DEBUG: importing <their key ID>
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --no-default-keyring --keyring /tmp/pius_tmp/pius_keyring.gpg --import-options import-minimal --import /tmp/pius_tmp/<their key ID>.asc
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --command-fd 0 --status-fd 1 --no-default-keyring --keyring /tmp/pius_tmp/pius_keyring.gpg -u <my signing key ID> --use-agent --default-cert-level 3 --no-ask-cert-level --edit-key <their key ID>
DEBUG: Waiting for prompt
DEBUG: Waiting for line [GNUPG:] GET_LINE keyedit.prompt
DEBUG: got line [GNUPG:] KEY_CONSIDERED <their key ID> 0
DEBUG: Waiting for line [GNUPG:] GET_LINE keyedit.prompt
DEBUG: got line [GNUPG:] GET_LINE keyedit.prompt
DEBUG: Selecting UID 1
DEBUG: Waiting for ack
DEBUG: Waiting for line [GNUPG:] GOT_IT
DEBUG: got line [GNUPG:] GOT_IT
DEBUG: Running sign subcommand
DEBUG: Waiting for line [GNUPG:] GET_LINE keyedit.prompt
DEBUG: got line [GNUPG:] GET_LINE keyedit.prompt
DEBUG: Sending sign command
DEBUG: Waiting for line [GNUPG:] GOT_IT
DEBUG: got line [GNUPG:] GOT_IT
DEBUG: Waiting for response
DEBUG: Got [GNUPG:] KEY_CONSIDERED <my signing key ID> 0

DEBUG: Got KEY_CONSIDERED
DEBUG: Waiting for response
DEBUG: Got [GNUPG:] GET_BOOL sign_uid.okay

DEBUG: Confirming signing
DEBUG: Waiting for line [GNUPG:] GOT_IT
DEBUG: got line [GNUPG:] GOT_IT
DEBUG: Got [GNUPG:] PINENTRY_LAUNCHED 31635 gnome3 1.0.0 ? ? ?

DEBUG: Got [GNUPG:] GET_LINE keyedit.prompt

DEBUG: Saving key
signedDEBUG: exporting <their key ID>
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --no-default-keyring --keyring /tmp/pius_tmp/pius_keyring.gpg --armor --output /tmp/pius_out/<their key ID>__<their email>__<my signing key ID>.asc --export <their key ID>
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --command-fd 0 --status-fd 1 --use-agent --no-default-keyring --keyring /tmp/pius_tmp/pius_keyring.gpg --no-options --always-trust -u <my signing key ID> -aes -r <their key ID> -r <my signing key ID> --output /tmp/pius_tmp/pius_tmp.asc /tmp/pius_tmp/pius_tmp
DEBUG: Waiting for response
DEBUG: Got [GNUPG:] KEY_CONSIDERED <my signing key ID> 2
DEBUG: Got KEY_CONSIDERED
DEBUG: Waiting for response
DEBUG: Got [GNUPG:] KEY_CONSIDERED <my signing key ID> 0
DEBUG: Got KEY_CONSIDERED
DEBUG: Waiting for response
DEBUG: Got [GNUPG:] KEY_CONSIDERED <their key ID> 0
DEBUG: Got KEY_CONSIDERED
DEBUG: Waiting for response
DEBUG: Got [GNUPG:] BEGIN_SIGNING H8
DEBUG: Got skippable stuff
DEBUG: Waiting for response
DEBUG: Got [GNUPG:] SIG_CREATED S 1 8 00 1521328219 <my signing key ID>
DEBUG: Got skippable stuff
DEBUG: Waiting for response
DEBUG: Got [GNUPG:] BEGIN_ENCRYPTION 2 9
DEBUG: Got GPG_ENC_BEG
DEBUG: Waiting for response
DEBUG: Got [GNUPG:] END_ENCRYPTION
DEBUG: Got GPG_ENC_END
DEBUG: send_mail called with to (<their email address>), subject (Your signed PGP key)

There was a problem talking to the mail server (smtp.gmail.com): (530, '5.7.0 Must issue a STARTTLS command first. z80sm4271335ywz.49 - gsmtp', '<my email address>')

<more of the same with the other UID and then quitting>

Dying at user request
jaymzh commented 6 years ago

You need to pass in -u in order to tell PIUS you want to authenticate. Currently it's not attempting to authenticate which means it doesn't attempt to switch to TLS either.

aristocrates commented 6 years ago

That worked