bug#7797: 24.0.50; [EasyPG/Gnus] always pick up the first key from `gpg --list-key $SENDER`

[Luca Capello]

Hi there!

Since more than a month, now, actually since the upgrade from the Debian
package emacs-snapshot 1:20101116-1 to 1:20101120-1 (which I did on
2010-11-23 at 14:50 +0100), EasyPG is not working anymore with Gnus.  I
am sorry for the delay in this bug report, but I did not find the time
before to debug it and switched back to PGG instead.

BTW, now that the emacs-snapshot package is no more updated, I will go
back to the Debian emacs23 package.  If you need me to test something,
please say so and I could even compile a Git snapshot, if needed.

This bug can be reproduced with the following minimal ~/.emacs:
--8<---------------cut here---------------start------------->8---
(setq debug-on-error t)
(setq epg-debug t)
(add-hook 'gnus-message-setup-hook 'epa-mail-mode)
(add-hook 'gnus-message-setup-hook 'mml-secure-message-sign-pgpmime)
(setq gnus-select-method '(nnnil))
--8<---------------cut here---------------end--------------->8---

Here the debug error, which unfortunately is useless:
=====
Debugger entered--Lisp error: (error "Sign failed: ((exit))")
  signal(error ("Sign failed: ((exit))"))
  byte-code("[...]" [mml2015-epg-secret-key-id-list error password-cache-remove 
signal] 4)
  mml2015-epg-sign((part (sign . "pgpmime") (tag-location . 271) (contents . 
"test\n")))
  mml2015-sign((part (sign . "pgpmime") (tag-location . 271) (contents . 
"test\n")))
  mml-pgpmime-sign-buffer((part (sign . "pgpmime") (tag-location . 271) 
(contents . "test\n")))
  mml-generate-mime-1((part (sign . "pgpmime") (tag-location . 271) (contents . 
"test\n")))
  mml-generate-mime()
  message-encode-message-body()
  message-send-mail(nil)
  message-send-via-mail(nil)
  message-send(nil)
  message-send-and-exit(nil)
  call-interactively(message-send-and-exit nil nil)
=====

Thanks to the ` *epg-debug*' buffer, the problem is clear:
=====
/usr/bin/gpg --no-tty --status-fd 1 --yes --command-fd 0 --armor \
 --textmode --output /tmp/epg-output5441TZj --detach-sign \
 -u 8D3867D89DDB992B
gpg: skipped "8D3867D89DDB992B": unusable secret key
gpg: signing failed: unusable secret key
=====

What the hell?  Why EasyPG is specyfing a key and not relying on my
~/.gnupg/gpg.conf, which is *correct*?
=====
luca@gismo:~$ gpg --version
gpg (GnuPG) 1.4.10
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, 
        CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

luca@gismo:~$ gpg --list-key luca@pca.it
pub   1024D/9DDB992B 2007-06-08 [revoked: 2010-01-01]
uid                  Luca Capello <luca@pca.it>
uid                  Luca Capello <gismo@debian.org>

pub   1024D/6D742669 2003-11-09 [revoked: 2005-07-22]
uid                  Luca Capello <luca@pca.it>
uid                  Luca Capello <gismo@member.fsf.org>
uid                  Luca Capello <luca.capello@gmail.com>
uid                  Luca Capello <luca.capello@zoo.unige.ch>
uid                  Luca Capello <lucacapello@users.sourceforge.net>
uid                  Luca Capello <luca.capello@frontiers-in-genetics.org>
uid                  Luca Capello <gismo@innerloop.it>
uid                  Luca Capello <lcapello@common-lisp.net>
uid                  Luca Capello <gismo@debian.org>

pub   4096R/E397832F 2009-07-01
uid                  Luca Capello <luca@pca.it>
uid                  Luca Capello <gismo@debian.org>
sub   4096R/3BE9F36D 2009-07-01
sub   4096R/2BB95F4B 2009-07-01

luca@gismo:~$ cat ~/.gnupg/gpg.conf
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 
ZLIB BZIP2 ZIP Uncompressed

hidden-encrypt-to 3BE9F36D!
hidden-encrypt-to 2BB95F4B!
default-recipient 3BE9F36D!
default-recipient 2BB95F4B!
default-key E397832F

list-options show-sig-expire

display-charset UTF-8
trust-model auto

keyserver hkps://keys.indymedia.org
keyserver-options ca-cert-file=/etc/ssl/certs/cacert.org.pem

luca@gismo:~$ 
=====

FYI, I do not know why the order of the --list-key option is that one
(the three secret keys are there as well), but it is still the same with
GnuPG-2.

I looked into the Git repository and I found the faulty commit:

  commit 9515b7dbfaa1e68fb72c323a45120f77362c7324
  Author: Daniel Dehennin <daniel.dehennin@baby-gnu.org>
  Date:   Tue Nov 16 23:05:02 2010 +0000

    mml2015-epg-sign: Use From header.

    mml2015.el (mml2015-epg-sign): New variable 'sender' is
     (message-options-get 'message-sender) and append it to mml2015-signers.
     If mm-sign-option is not 'guided, mml2015-signers and sender sign the mail.

What is the reason of this change?  If I want to sign with another key,
independent of the From header, I should be able to do so,
*automatically*, thus without any extra choice when sending the email.
My ~/.gnupg/gpg.conf allows that, EasyPG/Gnus does not.

Obviously, even setting `mml2015-signers' does not solve the problem:
because now EasyPG tries to sign with two keys.  The debug error is the
same as above (useless), again the ` *epg-debug*' buffer contains the
answer:
=====
/usr/bin/gpg --no-tty --status-fd 1 --yes --command-fd 0 --armor \
 --textmode --output /tmp/epg-output5441Qsz --detach-sign \
 -u 8D3867D89DDB992B -u 06EAA066E397832F
[GNUPG:] USERID_HINT D91D57A03BE9F36D Luca Capello <luca@pca.it>
[GNUPG:] NEED_PASSPHRASE D91D57A03BE9F36D 06EAA066E397832F 1 0
[GNUPG:] GET_HIDDEN passphrase.enter
[GNUPG:] GOT_IT
[GNUPG:] GOOD_PASSPHRASE
gpg: skipped "8D3867D89DDB992B": unusable secret key
gpg: signing failed: unusable secret key
=====

FTR, if I go back to the `mml2015-sign' version before the commit above,
everything is fine.  Please note, however, the output in the `
*epg-debug*' buffer:
=====
/usr/bin/gpg --no-tty --status-fd 1 --yes --command-fd 0 --armor \
 --textmode --output /tmp/epg-output5441cKP --detach-sign
[GNUPG:] USERID_HINT D91D57A03BE9F36D Luca Capello <luca@pca.it>
[GNUPG:] NEED_PASSPHRASE D91D57A03BE9F36D 06EAA066E397832F 1 0
[GNUPG:] GET_HIDDEN passphrase.enter
[GNUPG:] GOT_IT
[GNUPG:] GOOD_PASSPHRASE
[GNUPG:] BEGIN_SIGNING
[GNUPG:] SIG_CREATED D 1 10 01 1294352394 
139121880F512EC2E6A464D3D91D57A03BE9F36D
/usr/bin/gpg --no-tty --status-fd 1 --yes --command-fd 0 --armor \
 --textmode --output /tmp/epg-output5441pUV --detach-sign
[GNUPG:] USERID_HINT D91D57A03BE9F36D Luca Capello <luca@pca.it>
[GNUPG:] NEED_PASSPHRASE D91D57A03BE9F36D 06EAA066E397832F 1 0
[GNUPG:] GET_HIDDEN passphrase.enter
[GNUPG:] GOT_IT
[GNUPG:] GOOD_PASSPHRASE
[GNUPG:] BEGIN_SIGNING
[GNUPG:] SIG_CREATED D 1 10 01 1294352397 
139121880F512EC2E6A464D3D91D57A03BE9F36D
=====

The GnuPG invocation will respect my ~/.gnupg/gpg.conf (which is, again,
the expected behavior), given that there is no -u option specified.

Thx, bye,
Gismo / Luca

If Emacs crashed, and you have the Emacs process in the gdb debugger,
please include the output from the following gdb commands:
    `bt full' and `xbacktrace'.
For information about debugging Emacs, please read the file
/usr/share/emacs/24.0.50/etc/DEBUG.


In GNU Emacs 24.0.50.1 (x86_64-pc-linux-gnu, GTK+ Version 2.20.1)
 of 2010-12-13 on elegiac, modified by Debian
 (emacs-snapshot package, version 1:20101212-2)
configured using `configure  '--build' 'x86_64-linux-gnu' '--host' \
 'x86_64-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' \
 '--libexecdir=/usr/lib' '--localstatedir=/var' '--infodir=/usr/share/info' \
 '--mandir=/usr/share/man' '--with-pop=yes' \
 '--enable-locallisppath=/etc/emacs-snapshot:/etc/emacs:\
  /usr/local/share/emacs/24.0.50/site-lisp:/usr/local/share/emacs/site-lisp: \
  /usr/share/emacs/24.0.50/site-lisp:/usr/share/emacs/site-lisp' \
 '--without-compress-info' '--with-x=yes' '--with-x-toolkit=gtk' \
 '--with-imagemagick=yes' 'build_alias=x86_64-linux-gnu' \
 'host_alias=x86_64-linux-gnu' 'CFLAGS=-DDEBIAN -DSITELOAD_PURESIZE_EXTRA=5000 \
 -g -O2' 'LDFLAGS=-g -Wl,--as-needed' 'CPPFLAGS=''

Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: en_US.UTF-8
  value of $XMODIFIERS: nil
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Message

Minor modes in effect:
  epa-mail-mode: t
  gnus-message-citation-mode: t
  mml-mode: t
  gpm-mouse-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t
  abbrev-mode: t

Recent input:
ESC x g n u s RET m l u c a @ l o c a l h o s t C-n 
t e s t C-n C-n C-n C-n C-n t e s t RET C-c C-c y q 
ESC x r e p o r t - e m TAB RET

Recent messages:
Opening nnfolder server on archive...done
Reading active file from archive via nnfolder...done
No new newsgroups
Checking new news...done
Setting up drafts group
Warning: Setting up drafts group
Address `luca@localhost' might be bogus.  Continue? (y or n)  y
Sending...
Entering debugger...
Back to top level.

Load-path shadows:
/usr/share/emacs/24.0.50/site-lisp/auctex/tex-fold hides 
/usr/share/emacs/site-lisp/auctex/tex-fold
/usr/share/emacs/24.0.50/site-lisp/auctex/tex-jp hides 
/usr/share/emacs/site-lisp/auctex/tex-jp
/usr/share/emacs/24.0.50/site-lisp/auctex/tex-font hides 
/usr/share/emacs/site-lisp/auctex/tex-font
/usr/share/emacs/24.0.50/site-lisp/auctex/texmathp hides 
/usr/share/emacs/site-lisp/auctex/texmathp
/usr/share/emacs/24.0.50/site-lisp/auctex/toolbar-x hides 
/usr/share/emacs/site-lisp/auctex/toolbar-x
/usr/share/emacs/24.0.50/site-lisp/auctex/tex-buf hides 
/usr/share/emacs/site-lisp/auctex/tex-buf
/usr/share/emacs/24.0.50/site-lisp/auctex/tex-info hides 
/usr/share/emacs/site-lisp/auctex/tex-info
/usr/share/emacs/24.0.50/site-lisp/auctex/tex-mik hides 
/usr/share/emacs/site-lisp/auctex/tex-mik
/usr/share/emacs/24.0.50/site-lisp/auctex/context-nl hides 
/usr/share/emacs/site-lisp/auctex/context-nl
/usr/share/emacs/24.0.50/site-lisp/auctex/tex-fptex hides 
/usr/share/emacs/site-lisp/auctex/tex-fptex
/usr/share/emacs/24.0.50/site-lisp/auctex/multi-prompt hides 
/usr/share/emacs/site-lisp/auctex/multi-prompt
/usr/share/emacs/24.0.50/site-lisp/auctex/tex-style hides 
/usr/share/emacs/site-lisp/auctex/tex-style
/usr/share/emacs/24.0.50/site-lisp/auctex/font-latex hides 
/usr/share/emacs/site-lisp/auctex/font-latex
/usr/share/emacs/24.0.50/site-lisp/auctex/bib-cite hides 
/usr/share/emacs/site-lisp/auctex/bib-cite
/usr/share/emacs/24.0.50/site-lisp/auctex/tex hides 
/usr/share/emacs/site-lisp/auctex/tex
/usr/share/emacs/24.0.50/site-lisp/auctex/context hides 
/usr/share/emacs/site-lisp/auctex/context
/usr/share/emacs/24.0.50/site-lisp/auctex/tex-bar hides 
/usr/share/emacs/site-lisp/auctex/tex-bar
/usr/share/emacs/24.0.50/site-lisp/auctex/latex hides 
/usr/share/emacs/site-lisp/auctex/latex
/usr/share/emacs/24.0.50/site-lisp/auctex/context-en hides 
/usr/share/emacs/site-lisp/auctex/context-en
/usr/share/emacs-snapshot/site-lisp/psgml/psgml hides 
/usr/share/emacs/site-lisp/psgml/psgml
/usr/share/emacs-snapshot/site-lisp/psgml/psgml-other hides 
/usr/share/emacs/site-lisp/psgml/psgml-other
/usr/share/emacs-snapshot/site-lisp/psgml/psgml-init hides 
/usr/share/emacs/site-lisp/psgml/psgml-init
/usr/share/emacs-snapshot/site-lisp/psgml/psgml-sysdep hides 
/usr/share/emacs/site-lisp/psgml/psgml-sysdep
/usr/share/emacs-snapshot/site-lisp/psgml/psgml-html hides 
/usr/share/emacs/site-lisp/psgml/psgml-html
/usr/share/emacs/24.0.50/site-lisp/debian-startup hides 
/usr/share/emacs/site-lisp/debian-startup
/usr/local/share/emacs/site-lisp/fortune hides 
/usr/share/emacs/24.0.50/lisp/play/fortune
/usr/share/emacs-snapshot/site-lisp/emms/tq hides 
/usr/share/emacs/24.0.50/lisp/emacs-lisp/tq

Features:
(shadow emacsbug help-mode view debug mail-extr sort epa-mail epa
derived epg gnus-cite nnfolder nndraft nnmh nnnil gnus-agent gnus-srvr
gnus-score score-mode nnvirtual gnus-msg gnus-art mm-uu mml2015
epg-config mm-view smime password-cache dig mailcap nntp proto-stream
starttls tls gnus-cache nnir gnus-sum macroexp nnoo gnus-group time-date
gnus-undo nnmail mail-source format-spec gnus-start gnus-spec gnus-int
gnus-range message sendmail regexp-opt rfc822 mml easymenu mml-sec
mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045
ietf-drums mailabbrev gmm-utils mailheader gnus-win gnus gnus-ems
nnheader gnus-util mail-utils mm-util mail-prsvr wid-edit t-mouse
planner-autoloads debian-el debian-el-loaddefs w3m-load psgml-init
muse-autoloads emms-auto emacs-goodies-el emacs-goodies-custom
emacs-goodies-loaddefs easy-mmode dpkg-dev-el dpkg-dev-el-loaddefs
bbdb-autoloads preview-latex tex-site auto-loads tooltip ediff-hook
vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image
fringe lisp-mode register page menu-bar rfn-eshadow timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame cham
georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
korean japanese hebrew greek romanian slovak czech european ethiopic
indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple
abbrev loaddefs button minibuffer faces cus-face files text-properties
overlay md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process dbusbind
dynamic-setting font-render-setting move-toolbar gtk x-toolkit x
multi-tty emacs)

pgpHdLl7vmHv6.pgp
Description: PGP signature