I was using gpg-agent (from the gnupg-agent package) in conjunction with gpg version 1, and had a functional workflow with icedove + enigmail. I had deliberately set use-agent in my gpg.conf, and had ticked the "never ask for any passphrase" checkbox in the enigmail configuration. The agent itself prompted me for the passphrase, which was never directly handled by icedove. This configuration worked perfectly for me up until 0.95.0+1-4, at which point sending signed mail failed repeatedly.
My workaround was to install the gnupg2 package in addition to gnupg,
and to override the enigmail configuration to use /usr/bin/gpg2 instead
of /usr/bin/gpg. Having done that, i can now send signed mail again.
It appears to work more reliably if i do *not* have "use gpg agent for
passphrases" checked, so that icedove/enigmail does not try to launch
its own gpg-agent, and instead the exec'ed gpg process uses the default
one launched by my X11 session.
I prefer to have only one process prompt me for my passphrase, and while
i'm not convinced that gpg-agent is doing exactly what i want, it's
better than having every program that might use gpg explicitly caching
my passphrase.
So i consider enigmail 0.95.0+1-4 to be a regression in functionality --
i do not want to be forced into using gpg2, and i consider the icedove
passphrase prompt to be a worse tradeoff security-wise from having a
single, narrower-scoped agent in control of my key directly.
--dkg
signature.asc
Description: OpenPGP digital signature
