[SOLVED] Thunderbird & Enigmail: Using gpg-agent to cache key

Similar Messages

• [SOLVED] a problem with gpg-agent and ssh keys

  I'm baffled by a strangle problem:
  My setup is as follows: I use gpg-agent with --enable-ssh-support, so that my ssh keys are handled by it. All was fine (when I ssh'ed to another machine, a pinentry window popped up, asked for a password, and if I entered the correct one, gpg-agent would decrypt its copy of my private ssh key and use it for identification). But: I needed to change my ssh key, and so I generated a new one. Next, I ssh-add'ed it to gpg-agent (one password to decrypt the private key, then twice another password for gpg-agent). I uploaded the public key to a server. The setup should be complete.
  The problem is that when I ssh to a machine, a pinentry window comes up, but it does not accept my password (the one that I entered twice when ssh-add'ing the key). I tried adding with various different passwords (always deleting ~/.gnupg/private-keys-v1.d/*, since 'ssh-add -d ~/.ssh/id_rsa.pub' would not work for some reason - it would not make gpg-agent forget the key), different pinentry programs ( -qt4, -gtk-2, -curses), and still the same problems. Pinentry itself seems to work fine, since if I enter two different things when it asks for a new passphrase for the key, it detects that there's a problem.
  So, can anyone help? What could I try (please don't post just to say that I could/should use ssh-agent, or keychain, or anything else. I have used various things, and I like this setup the most. It worked before, and I would like to find out why it stopped working and how to get it back to speed.)
  Thanks.
  Last edited by bender02 (2010-02-15 09:52:54)

  Thats a known bug with the new gpg version.
  http://lists.gnupg.org/pipermail/gnupg- … 38045.html
  You could use an older version of gpg or use a development version.

• [svn:fx-trunk] 5604: Ensuring qualified class names are used in type selector cache keys for Flex 4 applications .

  Revision: 5604
  Author: [email protected]
  Date: 2009-03-26 14:00:26 -0700 (Thu, 26 Mar 2009)
  Log Message:
  Ensuring qualified class names are used in type selector cache keys for Flex 4 applications.
  QE: Yes, this should address style issues for test cases that contain two different components with the same local name.
  Dev: No
  Doc: No
  Checkintests: Pass
  Modified Paths:
  flex/sdk/trunk/frameworks/projects/framework/src/mx/styles/StyleProtoChain.as

  Remember that Arch Arm is a different distribution, but we try to bend the rules and provide limited support for them.  This may or may not be unique to Arch Arm, so you might try asking on their forums as well.

• GPG-AGENT "ignoring" pinentry program? wrong pinentry app for ssh-keys

  Hi!
  I am using gpg-agent to handle my gpg keys and wanted it to handle my ssh keys too, since it is running anyway.
  it works perfectly fine with gpg keys, my pinentry program is pinentry-qt4 , upon request that window pops up for me to enter my passphrase.
  as window manager i use awesome wm.
  however, when i try to use my ssh key, e.g. for github, no pinentry program pops up and in xterm it looks like:
  [me@mybox dotfiles]$ git push origin master
  it seems that is is waiting for my passphrase input but it isnt asking for it. neither does it accept it.
  when i quit my WM, i see that it executed the pinentry program directly in my tty1, to which i do not have access while running my WM.
  my gpg-agent.conf:
  me@mybox ~/.gnupg> cat gpg-agent.conf
  default-cache-ttl 300
  max-cache-ttl 7200
  pinentry-program /usr/bin/pinentry-qt4
  how do i get gpg-agent to respect my pinentry choice for my ssh keys as well?
  thanks for your time !

  I use this
  $ cat /etc/kde/env/gpg-agent-startup.sh
  #!/bin/sh
  # see https://wiki.archlinux.org/index.php/SSH_Keys
  GPG_AGENT=/usr/bin/gpg-agent
  ## Run gpg-agent only if not already running, and available
  if [ -x "${GPG_AGENT}" ] ; then
  # check validity of GPG_SOCKET (in case of session crash)
  GPG_AGENT_INFO_FILE=${HOME}/.gpg-agent-info
  if [ -f "${GPG_AGENT_INFO_FILE}" ]; then
  GPG_AGENT_PID=`cat ${GPG_AGENT_INFO_FILE} | grep GPG_AGENT_INFO | cut -f2 -d:`
  GPG_PID_NAME=`cat /proc/${GPG_AGENT_PID}/comm`
  if [ ! "x${GPG_PID_NAME}" = "xgpg-agent" ]; then
  rm -f "${GPG_AGENT_INFO_FILE}" 2>&1 >/dev/null
  else
  GPG_SOCKET=`cat "${GPG_AGENT_INFO_FILE}" | grep GPG_AGENT_INFO | cut -f1 -d: | cut -f2 -d=`
  if ! test -S "${GPG_SOCKET}" -a -O "${GPG_SOCKET}" ; then
  rm -f "${GPG_AGENT_INFO_FILE}" 2>&1 >/dev/null
  fi
  fi
  unset GPG_AGENT_PID GPG_SOCKET GPG_PID_NAME SSH_AUTH_SOCK
  fi
  if [ -f "${GPG_AGENT_INFO_FILE}" ]; then
  eval "$(cat "${GPG_AGENT_INFO_FILE}")"
  eval "$(cut -d= -f 1 "${GPG_AGENT_INFO_FILE}" | xargs echo export)"
  export GPG_TTY=$(tty)
  else
  eval "$(${GPG_AGENT} -s --enable-ssh-support --daemon --pinentry-program /usr/bin/pinentry-qt4 --write-env-file)"
  fi
  fi
  I think I could probably use the /etc/profile.d location but when I first set it up, kde was already running gpg-agent so I adapted its file. Later, I uninstalled the thing which does that in kde and just kept my own customised version.
  Are you sure that your xinitrc isn't starting a second gpg-agent?

• Help with gpg-agent, ssh, and pinentry-curses

  I use gpg-agent to manage my ssh keys, and for a system that I regularly ssh into, I would like to use pinentry-curses instead of the default pinentry-gtk-2. However, this doesn't work.
  Specifically, I start gpg-agent using script from the arch wiki, /etc/profile.d/gpg-agent.sh:
  if [ $EUID -ne 0 ] ; then
  envfile="$HOME/.gnupg/gpg-agent.env"
  if [[ -e "$envfile" ]] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
  eval "$(cat "$envfile")"
  else
  eval "$(gpg-agent --daemon --enable-ssh-support --write-env-file "$envfile")"
  fi
  export GPG_AGENT_INFO # the env file does not contain the export statement
  export SSH_AUTH_SOCK # enable gpg-agent for ssh
  fi
  and have the following config files
  ~/.gnupg/gpg-agent.conf:
  # Keyboard control
  no-grab
  # PIN entry program
  pinentry-program /usr/bin/pinentry-curses
  #pinentry-program /usr/bin/pinentry-qt4
  #pinentry-program /usr/bin/pinentry-kwallet
  #pinentry-program /usr/bin/pinentry-gtk-2
  ~/.gnupg/gpg.conf:
  use-agent
  ~/.bashrc:
  GPG_TTY=$(tty)
  export GPG_TTY
  Whenever I attempt to ssh using the key that's already been added to gpg-agent, I get the following message:
  Agent admitted failure to sign using the key.
  Permission denied (public key).
  If I change my ~/.gnupg/gpg-agent.conf file to the following:
  # Keyboard control
  #no-grab
  # PIN entry program
  #pinentry-program /usr/bin/pinentry-curses
  #pinentry-program /usr/bin/pinentry-qt4
  #pinentry-program /usr/bin/pinentry-kwallet
  pinentry-program /usr/bin/pinentry-gtk-2
  then everything works fine, and I'm prompted for my passphrase when using ssh.
  I've read posts having to do with a similar issue:
  https://bbs.archlinux.org/viewtopic.php?id=138546
  https://bugs.archlinux.org/task/29156
  It looks like the difference between those and my issue is that I'm using ssh, not just gpg, and I'm not using su. In fact, if I have pinentry-curses set in gpg-agent.conf, and I try to use gpg to encrypt and decrypt a file, everything works fine. The file encrypts, and when decrypting, I am prompted by pinentry-curses for my passphrase. It's just ssh combined with pinentry-curses that gives me troubles.

  I think it actually is the tty capability bug that's biting you...try adding '--without-libcap' to the pinentry-curses PKGBUILD from ABS (/var/abs/core/pinentry/) and rebuilding the package.
  Scott

• Script to clear cached gpg-agent passphrase?

  Hello,
  I recently setup enigmail with thunderbird so I can sign and encrypt email. I had an issue with the passphrase being cached by seahorse, and was unable to find a setting to change the time. Doing a lot of searching I found that setting "use-agent" in ~/.gnupg/gpg.conf and setting appropriate timeouts in ~/.gnupg/gpg-agent.conf was supposed to work. But after many, many failed attempts, I switched from gnome to xfce and got rid of seahorse (probably making this far more complicated than I needed to, but I like xfce, too). As soon as I did that the timeouts I set in gpg-agent.conf started working correctly. Currently using 300 seconds. I would like to extend this time to 10 or 20 minutes to save the password hassle while going through emails, but would like an "easy" way to clear the cached passphrase when I'm finished. I always lock my desktop when I'm away, but would prefer to know my signature and key passphrase is no longer cached when I get up.
  I found this in the kde wiki:
  killall gpg-agent    -stops all instances
  eval "$(gpg-agent --daemon)"     -will restart the agent
  gpg-agent status     -should tell you if the agent is running.
  If I execute eval "$(gpg-agent --daemon)" nothing seems to happen, I can click any message and it decrypts without asking for my passphrase (as long as the 5 minute timeout hasn't expired of course).
  If I kill gpg-agent, and then use eval "$(gpg-agent --daemon)" to start it back up, when I click on an encrypted message in thunderbird I get this error in the signature banner "Error - signature verification failed; click on 'Details' button for more information"
  OpenPGP security info reveals the following:
  Error - signature verification failed
  gpg command line and output:
  /usr/bin/gpg
  can't connect to `/tmp/gpg-ZoVzCT/S.gpg-agent': No such file or directory
  gpg: can't connect to `/tmp/gpg-ZoVzCT/S.gpg-agent': connect failed
  gpg: can't query passphrase in batch mode
  gpg: Invalid passphrase; please try again ...
  gpg: can't query passphrase in batch mode
  gpg: Invalid passphrase; please try again ...
  gpg: can't query passphrase in batch mode
  gpg: encrypted with 4096-bit RSA key, ID XXXXXXX, created 2012-XXXX
        "XXXXXX <XXXXXX>"
  gpg: encrypted with 4096-bit RSA key, ID XXXXXXX, created 2012-XXXX
        "XXXXXX <XXXXXX>"
  gpg: public key decryption failed: bad passphrase
  gpg: decryption failed: secret key not available
  Restarting thunderbird doesn't help. Restarting the computer fixes it. It looks like when gpg-agent starts it creates a gpg-RANDOM temp directory, and when I restart it that changes, but enigmail doesn't pick this up even after restarting thunderbird. How does it figure it out on a fresh start?
  Is there anyway to simply clear the gpg-agent cached passphrase and then be able to use it again (supply the password) without having to restart the computer?
  Thanks!

  Send a SIGHUP signal to the gpg-agent process. This will clear all stored passphrases.
  pkill -SIGHUP gpg-agent

• [SOLVED] gpg-agent and the magical passphrase

  Hey fellas,
  I encountered a strange problem. I just copied my gpg and my ssh keys to my laptop
  to use them with gpg-agent.
  So I setup gpg-agent as described in the wiki, did a ssh-add, entered my ssh-key and
  specified a new passphrase (test). "ssh-add -l" looked good, but ...
  After that I tried to ssh to some of my server, gpg-agent asked for the passphrase, but it seemed i misstyped "test" .... misstyped it again .... and so on, i tired every fuckin password i got, readded the key etc.
  But nothin helped, even the debug-level guru wasnt helpful.
  What could be wrong?
  Best regards,
  b52
  Last edited by b52 (2010-02-15 14:55:04)

  If got the same Problem.
  Tried a lot but nothing worked it out.
  ssh-add ask for passphrase of Key and after this for passphrase for the Keyring through my pinetry program.
  But after re-entering the passphrase it won't work.
  Seems to be a bug !?
  (PS: I am using Gentoo)

• Keychain and gpg-agent not getting along

  I have a problem with gpg-agent. I have been using the Funtoo keychain tool for a while, for my SSH keys exclusively. Works flawlessly - I log in, I call keychain, I type in my passphrases, and it caches my keys. Never get prompted for a passphrase during SSH connection attempts.
  GPG is a different story. I have a GPG key, and I occasionally en- and decrypt files with it. So far so good. I also found out how to get keychain to cache the GPG key. It also picks up my gpg-agent, which is started as per the wiki entry (except that instead of putting it systemwide in /etc/profile.d, I put it in Openbox's ~/.config/openbox/environment file, which is where the SSH agent stuff is supposed to go as well.
  Gpg-agent seemingly launches fine, it exports its environment variables just fine:
  $ echo $GPG_AGENT_INFO
  /tmp/gpg-3faT29/S.gpg-agent:2352:1
  $ cat .gnupg/gpg-agent.env
  GPG_AGENT_INFO=/tmp/gpg-3faT29/S.gpg-agent:2352:1
  There's only one gpg-agent process running:
  $ ps aux|grep gpg-agent
  luser 2352 0.0 0.0 16252 1184 ? Ss 00:00 0:00 gpg-agent --daemon --write-env-file /home/stijn/.gnupg/gpg-agent.env
  luser 3411 0.0 0.0 9276 1016 pts/0 S+ 00:16 0:00 grep gpg-agent
  Keychain picks that up as well:
  $ keychain --eval
  * keychain 2.7.1 ~ http://www.funtoo.org
  * Found existing ssh-agent: 2346
  SSH_AUTH_SOCK=/tmp/ssh-YhDgORoL2345/agent.2345; export SSH_AUTH_SOCK;
  SSH_AGENT_PID=2346; export SSH_AGENT_PID;
  * Found existing gpg-agent: 2352
  GPG_AGENT_INFO=/tmp/gpg-3faT29/S.gpg-agent:2352:1; export GPG_AGENT_INFO;
  * Known ssh key: /home/stijn/.ssh/id_rsa-amalthea
  * Known ssh key: /home/stijn/.ssh/id_rsa-athena
  * Known ssh key: /home/stijn/.ssh/id_rsa-zeus
  * Known ssh key: /home/stijn/.ssh/id_rsa-mnemosyne
  * Known gpg key: [8 digit hex key]
  However, when I open Mutt (or just try to decrypt about any GPG encrypted file), it will prompt me for the passphrase, despite the key already being cached. Passing --use-agent does not help (I also set that in ~/.gnupg/gpg.conf).
  The bizarre thing being, of course, that the keychain-cached key did not get picked up, but if I enter my passphrase into the prompt I get the first time I call gpg, it does seem to get cached - I can open mutt, decrypt files, etc., it will all use that cached key.
  Any tips? I get the feeling I'm missing something, but couldn't find what exactly.
  Last edited by .:B:. (2011-12-06 22:25:27)

  Gpg-agent by itself works fine, although I get the feeling that, a bit like sudo, there's an expiration date on the cached key - it seems I need to type the passphrase again after a few hours or so.
  Either way, I'd love to get this working with keychain.

• Gpg-agent is mysteriously started by systemd

  So I recently switched from initscripts to systemd. Now when I use SSH, gpg-agent tries to save my passwords, but I can't figure out how it got started.
  It's definitely running, started by systemd (or at least, orphaned such that it is parented on systemd):
  $ ps aux | grep gpg-agent
  aogier 405 0.0 0.1 5436 1352 ? Ss 07:30 0:00 /usr/bin/gpg-agent --sh --daemon --enable-ssh-support --write-env-file /home/aogier/.cache/gpg-agent-info
  $ pstree
  systemd─┬─...
  ├─gpg-agent───scdaemon
  ├─...
  But I can't find out why systemd feels the need to start it, the following all turn up empty:
  $ systemctl list-units --all | grep gpg
  $ systemctl list-unit-files --all | grep gpg
  $ grep gpg -r /etc/systemd
  $ grep gpg -r /usr/lib/systemd
  My guess is something is starting gpg-agent and orphaning it, but why it's started in daemon mode with ssh support is beyond me. It gets in the way of my ssh-agent usage, and it disturbs me (a week ago I removed a SSH private key from my computer, only to find today that I could still authenticate using it because gnupg held onto it -- ick).
  Anyone know what the problem could be? Maybe XFCE or LXDM?

  Clueless wrote:
  So I recently switched from initscripts to systemd. Now when I use SSH, gpg-agent tries to save my passwords, but I can't figure out how it got started.
  It's definitely running, started by systemd (or at least, orphaned such that it is parented on systemd):
  $ ps aux | grep gpg-agent
  aogier 405 0.0 0.1 5436 1352 ? Ss 07:30 0:00 /usr/bin/gpg-agent --sh --daemon --enable-ssh-support --write-env-file /home/aogier/.cache/gpg-agent-info
  $ pstree
  systemd─┬─...
  ├─gpg-agent───scdaemon
  ├─...
  But I can't find out why systemd feels the need to start it, the following all turn up empty:
  $ systemctl list-units --all | grep gpg
  $ systemctl list-unit-files --all | grep gpg
  $ grep gpg -r /etc/systemd
  $ grep gpg -r /usr/lib/systemd
  My guess is something is starting gpg-agent and orphaning it, but why it's started in daemon mode with ssh support is beyond me. It gets in the way of my ssh-agent usage, and it disturbs me (a week ago I removed a SSH private key from my computer, only to find today that I could still authenticate using it because gnupg held onto it -- ick).
  Anyone know what the problem could be? Maybe XFCE or LXDM?
  Have you check if it's not started in /etc/profile.d/ ?

• Gpg-agent with systemd

  Hey!
  I am a novice Arch user and I am having problems with the latest gpg distribution when used with systemd and ssh-support. Currently, I am using i3 with lightdm, and I am using systemd to start gpg-agent with ssh support. Specifically, I have the following gpg-agent.service file in my ${HOME}/.config/systemd/user/ directory:
  [Unit]
  Description=gpg-agent Daemon with SSH Support
  [Service]
  Type=forking
  ExecStart=/usr/bin/gpg-agent --quiet --daemon --enable-ssh-support
  Restart=on-success
  [Install]
  WantedBy=default.target
  which is expected to restart when exited properly and/or due to a signal. When I enable and start the service with systemctl --user prefix, it works as it is supposed to be. I have the following gpg-agent.conf file:
  default-cache-ttl 600
  default-cache-ttl-ssh 3600
  max-cache-ttl 7200
  max-cache-ttl-ssh 7200
  enforce-passphrase-constraints
  min-passphrase-len 10
  min-passphrase-nonalpha 4
  max-passphrase-days 180
  pinentry-program /usr/bin/pinentry-curses
  and the following excerpt in my .zshrc:
  # GPG configuration
  # Check for the gpg-agent socket, and set SSH_AUTH_SOCK and GPG_TTY
  # environment variables accordingly:
  if [[ -S "${HOME}/.gnupg/S.gpg-agent.ssh" ]]; then
  export GPG_TTY=$(tty)
  if [[ ${SSH_AUTH_SOCK} != "${HOME}/.gnupg/S.gpg-agent.ssh" ]]; then
  export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
  fi
  fi
  The problem is, everything is working properly except for one thing: "When I want to ssh to my server, I get an 'Agent admitted failure to sign using the key' error." I mean, the environment variables seem to be fine when I fire up a zsh session (terminal emulator) and/or everything seems ok when I issue systemctl --user status gpg-agent, but I cannot ssh to my server using my gpg-key. However, when I stop the systemd unit and just issue eval $(gpg-agent --quiet --daemon --enable-ssh-support) in a new terminal emulator, ssh works fine. In both of the aforementioned versions, when I issue gpg --clearsign some_file.txt command, I am asked in the terminal emulator for my password (I suppose in the so called curses pinentry program).
  I thank you in advance for your time, and appreciate any suggestions. Best,

  You might need to make a script to start it. Like "/usr/local/bin/gpg-agent-daemon.zsh"
  then in that file have:
  #!/usr/bin/zsh
  gpg-agent --quiet --daemon --enable-ssh-support --write-env-file "${HOME}/.gpg-agent-info"
  And do chmod +x
  And in your gpg-agent.service file:
  [Service]
  Type=forking
  ExecStart=gpg-agent-daemon.zsh
  <...>
  And then in $ZDOTDIR/.zprofile
  # GPG configuration
  # Check for the gpg-agent socket, and set SSH_AUTH_SOCK and GPG_TTY
  # environment variables accordingly:
  if [[ -S "${HOME}/.gnupg/S.gpg-agent.ssh" ]]; then
  export GPG_TTY=$(tty)
  export GPG_TTY
  if [[ ${SSH_AUTH_SOCK} != "${HOME}/.gnupg/S.gpg-agent.ssh" ]]; then
  export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
  fi
  if [ -f "${HOME}/.gpg-agent-info" ]; then
  . "${HOME}/.gpg-agent-info"
  export GPG_AGENT_INFO
  fi
  fi

• Hi, I developed a web application using HTML5-Offline Application Cache mechanism. Inspite of deleting the cache as mentioned in the above steps, Firefox still maintains a copy of the page in it's cache. Also, a serious bug is, even though we delete all

  == Issue
  ==
  I have a problem with my bookmarks, cookies, history or settings
  == Description
  ==
  Hi,
  I developed a web application using HTML5-Offline Application Cache mechanism. Inspite of deleting the cache as mentioned in the above steps, Firefox still maintains a copy of the page in it's cache. Also, a serious bug is, even though we delete all temp files used by Firefox, and open the previously cached page, it displays it correctly, but upon refreshing/reloading it again shows the previous version of the page maintained in the cache.
  == Troubleshooting information
  ==
  HTML5: Application Caching
  .style1 {
  font-family: Consolas;
  font-size: small;
  text-align: left;
  margin-left: 80px;
  function onCacheChecking(e)
  printOutput("CHECKINGContents of the manifest are being checked.", 0);
  function onCacheCached(e) {
  printOutput("CACHEDAll the resources mentioned in the manifest have been downloaded", 0);
  function onCacheNoUpdate(e)
  printOutput("NOUPDATEManifest file has not been changed. No updates took place.", 0);
  function onCacheUpdateReady(e)
  printOutput("UPDATEREADYChanges have been made to manifest file, and were downloaded.", 0);
  function onCacheError(e) {
  printOutput("ERRORAn error occured while trying to process manifest file.", 0);
  function onCacheObselete(e)
  printOutput("OBSOLETEEither the manifest file has been deleted or renamed at the source", 0);
  function onCacheDownloading(e) {
  printOutput("DOWNLOADINGDownloading resources into local cache.", 0);
  function onCacheProgress(e) {
  printOutput("PROGRESSDownload in process.", 0);
  function printOutput(statusMessages, howToTell)
  * Outputs information about an event with its description
  * @param statusMessages The message string to be displayed that describes the event
  * @param howToTell Specifies if the output is to be written onto document(0) or alert(1) or both(2)
  try {
  if (howToTell == 2) {
  document.getElementById("stat").innerHTML += statusMessages;
  window.alert(statusMessages);
  else if (howToTell == 0) {
  document.getElementById("stat").innerHTML += statusMessages;
  else if (howToTell == 1) {
  window.alert(statusMessages);
  catch (IOExceptionOutput) {
  window.alert(IOExceptionOutput);
  function initiateCaching()
  var ONLY_DOC = 0;
  var ONLY_ALERT = 1;
  var BOTH_DOC_ALERT = 2;
  try
  if (window.applicationCache)
  var appcache = window.applicationCache;
  printOutput("BROWSER COMPATIBILITYSUCCESS!! AppCache works on this browser.", 0);
  appcache.addEventListener('checking', onCacheChecking, false);
  appcache.addEventListener('cached', onCacheCached, false);
  appcache.addEventListener('noupdate', onCacheNoUpdate, false);
  appcache.addEventListener('downloading', onCacheDownloading, false);
  appcache.addEventListener('progress', onCacheProgress, false);
  appcache.addEventListener('updateready', onCacheUpdateReady, false);
  appcache.addEventListener('error', onCacheError, false);
  appcache.addEventListener('obsolete', onCacheObselete, false);
  else
  document.getElementById("stat").innerHTML = "Failure! I cant work.";
  catch (UnknownError)
  window.alert('Internet Explorer does not support Application Caching yet.\nPlease run me on Safari or Firefox browsers\n\n');
  stat.innerHTML = "Failure! I cant work.";
  == Firefox version
  ==
  3.6.3
  == Operating system
  ==
  Windows XP
  == User Agent
  ==
  Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729; .NET4.0E)
  == Plugins installed
  ==
  *-Shockwave Flash 10.0 r45
  *Default Plug-in
  *Adobe PDF Plug-In For Firefox and Netscape "9.3.2"
  *NPRuntime Script Plug-in Library for Java(TM) Deploy
  *The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  *Google Update
  *4.0.50524.0
  *Office Live Update v1.4
  *NPWLPG
  *Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
  *Next Generation Java Plug-in 1.6.0_20 for Mozilla browsers
  *Npdsplay dll
  *DRM Store Netscape Plugin
  *DRM Netscape Network Object
  Thanks & Regards,
  Kandarpa Chandrasekhar Omkar
  Software Engineer
  Wipro Technologies
  Bangalore.
  [email protected]
  [email protected]

  We have had this issue many, many times before including on the latest 3.6 rev. It appears that when the applicationCache has an update triggered by a new manifest file, the browser may still use only its local network cache to check for updates to the files in the manifest, instead of forcing an HTTP request and revalidating both the browser cache and the applicationCache versions of the cached file (seems there is more than one). I have to assume this is a browser bug, as one should not have to frig with server Cache-Control headers and such to get this to work as expected (and even then it still doesn't sometimes).
  The only thing that seems to fix the problem is setting network.http.use-cache to false (default is true) in about:config . This helps my case because we only ever run offline (applicationCache driven) apps in the affected browser (our managed mobile apps platform), but it will otherwise slow down your browser experience considerably.

• SSH Key login not working when added to gpg-agent

  Hello,
  As I use gnupg, I run the gpg-agent. I run it with systemd --user and it works flawlessly. As I already run gpg-agent, I figured I might as well just add my ssh keys to it as well. Therefore I start gpg-agent with --enable-ssh-support. I use my SSH keys a lot and never had any problems with connecting to anything with a simple ssh .... or pushing things to git etc.
  As the SOCKS_AUTH_SSH envvar needs to be set for ssh-add to work, I added this line to my .bashrc
  export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh
  Now, adding my SSH Keys with a simple ssh-add seems to work fine (no errors etc).
  However, when I try to connect to a server now, the following happens:
  ssh -vT [email protected]
  OpenSSH_6.8p1, OpenSSL 1.0.2a 19 Mar 2015
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: Connecting to XXXXXXXXX port XXXXX.
  debug1: Connection established.
  debug1: identity file /home/XXXXX/.ssh/id_rsa type 1
  debug1: key_load_public: No such file or directory
  debug1: identity file /home/XXXXX/.ssh/id_rsa-cert type -1
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_6.8
  debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8
  debug1: match: OpenSSH_6.8 pat OpenSSH* compat 0x04000000
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: server->client aes128-ctr [email protected] none
  debug1: kex: client->server aes128-ctr [email protected] none
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
  debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Mw5MTDp91yExgStdoMPMwi2yZdoG9MruOm+6XiC5Vks
  debug1: Host '[XXXXXXX]:XXX' is known and matches the ECDSA host key.
  debug1: Found key in /home/XXXX/.ssh/known_hosts:1
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug1: SSH2_MSG_NEWKEYS received
  debug1: Roaming not allowed by server
  debug1: SSH2_MSG_SERVICE_REQUEST sent
  debug1: SSH2_MSG_SERVICE_ACCEPT received
  debug1: Authentications that can continue: publickey
  debug1: Next authentication method: publickey
  debug1: Offering RSA public key: /home/XXXXX/.ssh/id_rsa
  debug1: Server accepts key: pkalg ssh-rsa blen 279
  debug1: No more authentication methods to try.
  Permission denied (publickey).
  Which is very strange as id_rsa is my (ecrypted) private key. I am also prompted to enter the corresponding password when issuing ssh-add.
  What could the problem be in this case? Thanks a lot!!
  Last edited by replax (2015-05-18 19:06:58)

  replax wrote:Well, there is something listed in .gnupg/sshcontrol , I am not sure if it is connected to my own key though. I tried ssh-add -l and it will list my one key, although it is different from the one in sshcontrol. I suspect that that is an issue of presentation though, as ssh-add spews out the SHA256 of my key..
  How could I go about verifying that they key is indeed correct? Shouldn't it be added automatically by ssh-add?
  Thanks a lot!!
  Yes it should be added automatically. I suppose you could try it in a new user just to start fresh and see if it works, at least then you'll have either verified that your steps were correct or incorrect.

• Loop-aes/mount with gpg-agent

  Hey,
  this is not really an Arch related problem, but as this is the only forum I'm using, I'll try it here. The system I'm testing on is Debian etch. loop-aes and gpg-agent alone work fine, when I decrypt data with gpg, pinentry is called and gpg-agent stores the passphrase. I can encrypt/decrypt partitions with loop-aes using a keyfile etc. Now the problem: to decrypt encrypted partitions I want to use a keyfile which is encrypted with gpg. The fstab entry is like this:
  /dev/hda10 /yyy ext3 defaults,loop=/dev/loop4,encryption=AES128,gpgkey=/root/key.asc 0 0
  When I now mount /yyy, the system asks for the passphrase, but not with pinentry. So gpg-agent doesn't store the passphrase. Any ideas?

  Hey,
  this is not really an Arch related problem, but as this is the only forum I'm using, I'll try it here. The system I'm testing on is Debian etch. loop-aes and gpg-agent alone work fine, when I decrypt data with gpg, pinentry is called and gpg-agent stores the passphrase. I can encrypt/decrypt partitions with loop-aes using a keyfile etc. Now the problem: to decrypt encrypted partitions I want to use a keyfile which is encrypted with gpg. The fstab entry is like this:
  /dev/hda10 /yyy ext3 defaults,loop=/dev/loop4,encryption=AES128,gpgkey=/root/key.asc 0 0
  When I now mount /yyy, the system asks for the passphrase, but not with pinentry. So gpg-agent doesn't store the passphrase. Any ideas?

• [Solved] Dualcore Macbook using only one cpu

  Hello,
  I have a dual core macbook running Arch, default installation with default kernel (64bit). I just noticed that I only have one cpu running, even when I do some cpu-intensive work. Here is the output of /proc/cpuinfo:
  └─■ cat /proc/cpuinfo
  processor : 0
  vendor_id : GenuineIntel
  cpu family : 6
  model : 15
  model name : Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
  stepping : 11
  cpu MHz : 800.000
  cache size : 4096 KB
  physical id : 0
  siblings : 2
  core id : 0
  cpu cores : 2
  apicid : 0
  initial apicid : 0
  fpu : yes
  fpu_exception : yes
  cpuid level : 10
  wp : yes
  flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm lahf_lm dts tpr_shadow vnmi flexpriority
  bogomips : 4391.55
  clflush size : 64
  cache_alignment : 64
  address sizes : 36 bits physical, 48 bits virtual
  power management:
  processor : 1
  vendor_id : GenuineIntel
  cpu family : 6
  model : 15
  model name : Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
  stepping : 11
  cpu MHz : 800.000
  cache size : 4096 KB
  physical id : 0
  siblings : 2
  core id : 1
  cpu cores : 2
  apicid : 1
  initial apicid : 1
  fpu : yes
  fpu_exception : yes
  cpuid level : 10
  wp : yes
  flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm lahf_lm dts tpr_shadow vnmi flexpriority
  bogomips : 4390.91
  clflush size : 64
  cache_alignment : 64
  address sizes : 36 bits physical, 48 bits virtual
  power management:
  which shows two cpus registered to the system, but when I do top, I get the following output:
  top - 00:29:07 up 7:33, 0 users, load average: 0.05, 0.05, 0.05
  Tasks: 93 total, 2 running, 91 sleeping, 0 stopped, 0 zombie
  Cpu(s): 9.0%us, 4.1%sy, 0.2%ni, 86.1%id, 0.7%wa, 0.0%hi, 0.0%si, 0.0%st
  Mem: 4020236k total, 1386244k used, 2633992k free, 53056k buffers
  Swap: 0k total, 0k used, 0k free, 826672k cached
  Which tells me I only have one cpu. Am I doing something wrong? I have cpufreq-utils and laptop-mode running, but I don't think it should affect this. The following is the output of cpufreq-info
  └─■ cpufreq-info
  cpufrequtils 008: cpufreq-info (C) Dominik Brodowski 2004-2009
  Report errors and bugs to [email protected], please.
  analyzing CPU 0:
  driver: acpi-cpufreq
  CPUs which run at the same hardware frequency: 0 1
  CPUs which need to have their frequency coordinated by software: 0
  maximum transition latency: 10.0 us.
  hardware limits: 800 MHz - 2.20 GHz
  available frequency steps: 2.20 GHz, 2.00 GHz, 1.80 GHz, 1.60 GHz, 1.40 GHz, 1.20 GHz, 800 MHz
  available cpufreq governors: ondemand, performance
  current policy: frequency should be within 800 MHz and 2.20 GHz.
  The governor "ondemand" may decide which speed to use
  within this range.
  current CPU frequency is 800 MHz.
  analyzing CPU 1:
  driver: acpi-cpufreq
  CPUs which run at the same hardware frequency: 0 1
  CPUs which need to have their frequency coordinated by software: 1
  maximum transition latency: 10.0 us.
  hardware limits: 800 MHz - 2.20 GHz
  available frequency steps: 2.20 GHz, 2.00 GHz, 1.80 GHz, 1.60 GHz, 1.40 GHz, 1.20 GHz, 800 MHz
  available cpufreq governors: ondemand, performance
  current policy: frequency should be within 800 MHz and 2.20 GHz.
  The governor "ondemand" may decide which speed to use
  within this range.
  current CPU frequency is 800 MHz.
  and it also shows the two cpus, and cpu1 frequency gets higher when I do cpu intensive work, as it should, but cpu0 always stays at 800MHz. Can anybody help me please? Thanks!
  Last edited by kcirick (2011-01-24 15:41:21)

  Thanks foutrelis. I installed htop and monitored my cpu usage. It seems to be in working order. When I mentioned "cpu intensive work", it turned out that I was talking about something that was using average 50% on both cores, and assumed that meant one was at 100% and the other was 0% (I have conky tell me the average cpu usage).
  Marking this as solved. Thanks again!

• KDE4.1 ssh-agent and gpg-agent

  Suddenly after an update of kdeworkspace my ssh-agent and gpg-agent have stopped working. Does anyone else have also this problem?
  Regards,

  I've also had this problem, although I don't know the exact time it stopped working as I have not had to use my laptop to ssh for a while.
  Everything seems to get created OK - the socket is created:
  [daren@daren_laptop env]$ ll /tmp/gpg-MZi0kX/
  total 0
  srwxr-xr-x 1 daren daren 0 2009-01-18 10:06 S.gpg-agent
  and the env variable points to it:
  [daren@daren_laptop env]$ env | grep GPG
  GPG_AGENT_INFO=/tmp/gpg-MZi0kX/S.gpg-agent:4508:1
  and the agent is running on the correct pid:
  [daren@daren_laptop env]$ ps axf | grep gpg-agent
  4508 ? Ss 0:00 gpg-agent --daemon
  4902 pts/0 R+ 0:00 \_ grep gpg-agent
  If i run ssh-add from the command line, I get this:
  [daren@daren_laptop env]$ ssh-add
  Could not open a connection to your authentication agent.
  [daren@daren_laptop env]$
  I'm not that clued up on using the agent - it's always "just worked" after adding the script to ~/.kde4/env, but I'm kind of stuck now.  There was another post about issues with KDE 4.1 and the agents, but they resolved theirs by doing what I've had setup for a while now.