Problem setting up Enigmail with SplitGPG (Thunderbird 60.2.1 + Enigmail 2.0.8 + Fedora 28)

40 views
Skip to first unread message

one7...@gmail.com

unread,
Oct 21, 2018, 3:55:42 PM10/21/18
to qubes-users
Hello,

I am running Qubes 4 with (mainly) fedora 28 minimal based AppVMs.
I am using a dedicated Email AppVM and while SplitGPG has been setup correctly, I am unable to get it running with Enigmail.

Problem:
As soon as I try to override the path in Enigmail via:
- Preferences: Basic
- Files and Directories
- [x] Override with "/usr/bin/gpg-client-wrapper

I get the following message:
"(!) GnuPG cannpt be executed with the path provided. Enigmail is therefore deactivated until you change the path to GnuPG again or until you restart the application"

SplitGPG is setup correctly as I can see my keys which are located in my Vault-AppVM, as soon as I run qubes-gpg-client from the Email-AppVM I get the Dialog asking for access to my vault-AppVM.
And if I click yes I can also see my keys.

So how to get SpliGPG working with Enigmail?

My setup:
- Qubes 4.0 (all updates installed)
- Email-App-VM based on fedora-28-minimal
- Thunderbird 60.2.1
- Enigmail 2.0.8

I have also renamed /usr/bin/gpg and /usr/bin/gpg2 and used ln -s to link them to qubes-gpg-client but even this didn't work.

- one7two99

awokd

unread,
Oct 24, 2018, 1:52:52 AM10/24/18
to qubes...@googlegroups.com


one7...@gmail.com:
Have you checked https://www.qubes-os.org/doc/split-gpg/? I think
there's been an unfortunate incident with the formatting (looks like a
stray "`"), but the answer might be somewhere in there!

799

unread,
Oct 25, 2018, 4:04:10 PM10/25/18
to awokd, qubes...@googlegroups.com
Hello awokd,

'awokd' via qubes-users <qubes...@googlegroups.com> schrieb am Mi., 24. Okt. 2018, 07:52:
[...]

Have you checked https://www.qubes-os.org/doc/split-gpg/? I think
there's been an unfortunate incident with the formatting (looks like a
stray "`"), but the answer might be somewhere in there!

I have read the documentation several times (of course ;-) but after hearing trouble I tried also some stuff which was mentioned in the Qubes 3.2 part:

I have setup /rw/config/gpg-split-domain to include the Vault AppVM as described in the Qubes 3.2 documentation.
It seems that Enigmail needs this setting.

With this encrypting to mails was possible but I had issues signing emails (which involves to use the private key).
The reason was likely that I had still passphrases enabled  to use my private keys. I have therefor removed the passphrases and additionally moved from using GPG 1.x to GPG 2.x.
This made GnuPG working.

As I had to run some addiotional steps, I which are not fullz covered in the Qubes SpliGPG Documentation I will add them to the GitHub Repo.

- O.


mossy

unread,
Nov 30, 2018, 2:30:08 PM11/30/18
to 799, awokd, qubes-users
799:
> I have setup /rw/config/gpg-split-domain to include the Vault AppVM as
> described in the Qubes 3.2 documentation.
> It seems that Enigmail needs this setting.

hey thanks to both of you for troubleshooting this, indeed this is
required and fixed my enigmail split-gpg woes under whonix-ws-14.

go, qubes community!

-m0ssy
Reply all
Reply to author
Forward
0 new messages