[X2Go-Dev] Bug#857: Thunderbird Enigmail fails to access password-protected GPG key in pubapps or single app mode

Michael DePaulo mikedep333 at gmail.com
Mon Apr 27 05:18:10 CEST 2015

Package: x2goserver
Severity: normal

Client: x2goclient (nightly build)
Client OS: Windows 10 64-bit build 10049

Server OS: Fedora 21 64-bit with latest updates
Server Desktop Environment: MATE 1.8.2
Thunderbird: 31.6.0-1.fc21
Enigmail version: 1.8.2 (20150416-1748)
Enigmail "About" states: Using gpg executable /usr/bin/gpg2 to encrypt
and decrypt

Note: Using Fedora packaging for x2goserver components. Version is:
Note: using x2go release build for nx-libs components. Version is:

For those who do not know, Enigmail is a plugin that adds GPG support
for signing and encryption to Thunderbird.

Description of Problem:

The problem is that when I launch Thunderbird under pubapps mode or
single application mode, Enigmail fails to access my
password-protected private key. So it fails to things decrypt
encrypted emails.

I see error messages like:
enigmail Error - no matching private/secret key found to decrypt
message; click on 'Details' button for more information

When I click on "Eetails" and then "Enigmail Security Info", I see the error:

Error - no matching private/secret key found to decrypt message

gpg: decryption failed: No secret key

However, when I launch Thunderbird under a MATE session, I do not have
this problem. I am prompted for my passphrase for my private key by a
pop-up window, which appears to be the "gcr-prompter" executable. Then
Enigmail is able to access the key.

Investigation I've done so far:

This appears to be related to GPG agent(s).

I was able to produce this bug under a MATE session by unsetting this
environment variable:
Where 40001103 is my UID.
That file "gpg" is a socket.

Under pubapps mode, I launched a terminal, set that env var, and then
launched Thunderbird, but the problem was still present. However, the
directory /run/user/40001103/keyring did not exist, so the "gpg"
socket under it did not exist.

I figured I should try to determine what process MATE or x2goserver is
starting under a MATE session that enabled Thunderbird to work by
disabling that process for a MATE session.

So I tried disabling these all of these user background applications
(every applications that appeared to be related to keyrings) under
MATE" startup applications", but it still did not cause the problem.
The "keyring" dir still existed, and so did the "gpg" socket
underneath it. And the env var was still set. I do not know what
process is creating these and setting the env var.

Note that I tried disabling all of them at once.

Note I killed any leftover processes from prior sessions too:

Name: Certificate and Key Storage
Command: /usr/bin/gnome-keyring-daemon --start --components=pkcs11
Comment: GNOME Keyring: PKCS#11 Component

Name: GPG Password Agent
Command: /usr/bin/gnome-keyring-daemon --start --components=gpg
Comment: GNOME Keyring: GPG Agent

Name: Secret Storage Service
Command: /usr/bin/gnome-keyring-daemon --start --components=secrets
Comment: GNOME Keyring: Secret Service

Name: SSH Key Agent
Command: /usr/bin/gnome-keyring-daemon --start --components=ssh
Comment: GNOME Keyring: SSH Agent

More information about the x2go-dev mailing list