LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   mutt and password file decrypt (https://www.linuxquestions.org/questions/linux-software-2/mutt-and-password-file-decrypt-4175600561/)

FedoraPete 02-25-2017 04:03 AM
mutt and password file decrypt
 
I'm using mutt, and read up on GPG encryption to store my passwords securely in a separate password file, rather than plain text in the .muttrc file.

Here's what I followed to create my key (public/secret)
https://fedoramagazine.org/gpg-key-management-part-1/

And here's what I followed to secure mutt passwords
http://xmodulo.com/mutt-email-client...passwords.html

When I run mutt, it fails to decrypt the gpg key. Here is the error that is displayed when mutt exits (changed ID to random number):
gpg: encrypted with RSA key, ID 238947239874249
gpg: decryption failed: No secret key


I have verified both GPG public secret keys exist with the following:
gpg2 --list-public-keys
gpg2 --list-secret-keys


I created GPG key using gpg2 and terminal.
FWIW, I noticed seahorse doesn't see the key, but gpg2 terminal does.

New findings
Looking further into this... the problem is definitely privilege related.
When I decrypted the password file using root, it decrypted ok, e.g. sudo gpg2 -d .muttpasswd.gpg

Does this mean, since I use a GPG key, I will have to run mutt using root privileges?
FYI when I prefix with sudo for gpg2 -d' command in .muttrc, it works, but I have to enter my password, then my passphrase. An un-desirable workaround!


More findings
I setup Evolution to use my gpg key (created with gpg2), and same error!
BUT, when I created a new GPG key with seahorse, and used this in Evolution it worked!

So the problem is 1) not mutt config related, 2) not privilege related, but something to do with where gpg2 and seahorse store the keys and therefore access by applications.


Note FWIW, gpg and gpg2 CANNOT see the key I created with seahorse, and vice-versa.

c0wb0y 02-26-2017 03:13 AM
SELinux is enabled?

FedoraPete 02-26-2017 05:38 PM
Quote:
Originally Posted by c0wb0y (Post 5676145)
SELinux is enabled?
Yes SELinux is enabled. I disabled and rebooted and still the problem exists.

But I did discover the problem is related to keys created by gpg2 or seahorse - included my findings in the original post.

notKlaatu 02-26-2017 05:50 PM
Can you decrypt the file outside of mutt and not with sudo (ie, as your standard user)? If not, who owns your gpg-encrypted files? you or root?

Maybe the decryption is failing because you don't have correct access to the file. Maybe you should create your .muttpasswd.gpg file fresh.

FedoraPete 02-26-2017 06:40 PM
Thanks notKlaatu, that's the issue!

I was creating the GPG key using sudo. Hence why mutt, evolution, seahorse running under my account couldn't access the GPG key. Ugh, what was I thinking!!!

Created a new key with GPG2 without sudo and this time and everything works! Phew!


All times are GMT -5. The time now is 06:07 AM.