I've successfully set up Kgpg, created a key pair and am using it to encrypt my KMyMoney file. This is working fine on my tower.

I'm now trying to set this up on my laptop. I've copied over the ~/.gnupg folder from the working computer to the laptop.
When I go to KMyMoney Settings on the laptop, I can turn on encryption and my key shows up as I would expect. I've exported the Public Key as a .asc file from the tower and imported it on the laptop.

However, when I try and load my encrypted data file, there is no prompt to enter a password. I just get a "Decryption failed" error message.
What am I overlooking here?

KMyMoney v5.0.1 according to the install file in synaptic. v5.0.0 according to Help > About in KMyMoney
KDE Neon - neon-useredition-20180405-1018-amd64

In asymmetrical encryption the public key is used to encrypt the data. To decrypt the data, you need the corresponding private key. KMyMoney uses encryption during the save operation and decryption during the open/load operation of an encrypted file. Since you describe that you only moved the public key over to your second box, things should be obvious

Thanks for the feedback ipwizard.

Ok, I've gone back to my second box and deleted ~/.gnupg and started over.
from box 1: gpg --export-secret-key -a > secretkey.asc
from box 1: gpg --export -a > private.asc

copied both secretkey & private over to box 2.
from box 2: gpg --import secretkey.asc
from box 2: gpg --import private.asc
both seemed to import correctly.

started Kpgp which found and accepted my key. Set Properties as Ultimately Trusted.

Tried to open my encrypted data file I once again received "a Decryption failed error message." No prompt for a password.

Hmm, what happens, if you run

Code: Select all

gpg -d your-file-name.kmy

from the command line? Does it ask you for the passphrase on the command line or does a window pop up for passphrase entry? Anything suspicious if you start KMyMoney from the command line?

hmmmm . . . now that was interesting . . .

1)
$ gpg -d my-filename.kmy

You need a passphrase to unlock the secret key for
user: "User Name, etc"
2048-bit ELG-E key, ID xxxxxxxx, created 2018-03-23 (main key ID yyyyyyyy)

Enter passphrase:

Pasting in the passphrase appears to open the file just fine (or at least identically) on both machines but not in kmymoney, just text in the terminal window.

2)
starting kmymoney from command line and opening an encrypted file started kmymoney but prompted for a passphrase in the terminal, not from a popup. Pasting the passphrase into the terminal window opened the file with no problem.

Running kmymoney from the desktop throws up that Decryption failed message.

On box 1 where I initially set up encryption, it mostly prompts for the passphrase but sometimes just opens the file without prompting.

Also, when saving the file I have the option of "no encryption", or two identical keys to select from?

Aha! You need to activate the gpg-agent. Then things will work as expected. BTW: The gpg-agent is responsible for the fact that you sometimes don't have to enter the passphrase and the file opens anyway.

ah, gnupg-agent . . . I get the following error message when I start kgpg . . .

"The use of GnuPG Agent is enabled in GnuPG's configuration file (~/.gnupg/gpg.conf). However, the agent does not seem to be running. This could result in problems with signing/decryption. Please disable GnuPG Agent from KGpg settings, or fix the agent."

On both boxes I had disabled "Use GnuPG agent" in Kgpg because of that error and things were (mostly) working on Box 1. Trying to Enable it does not highlight the Apply button.

Presumably I need to activate it but I have no idea how.

Tried uninstalling gnupg-agent. That would take out half my operating system.
Re-installed instead but that makes no difference.

I have an executable file in ~/$KDEDIR/env named gpg-agent.sh with the following contents

Code: Select all

eval "$(gpg-agent --daemon)"

I've manually run gpg-agent --daemon and eval "$(gpg-agent --daemon)" tells me that gpg-agent is already running and won't start a second instance.

This is also not making any difference to being able to select "Use GnuPG Agent" in Kgpg in either box. Still getting the same error message when I start Kgpg whether gpg-agent is running or not.

. . . "The use of GnuPG Agent is enabled in GnuPG's configuration file (~/.gnupg/gpg.conf). However, the agent . . . , etc)"

Box2 (with gpg-agent running) still wants the passphrase in a terminal window.

Do you have pinentry-qt4 on this box installed?

It is now
It's listed as a transitional dummy package.

Box 1 that is mostly working has the following installed
pinentry-curses, pinentry-gnome3, pinentry-qt and now pinentry-qt4 installed.

Box 2 which only works by entering the passphrase in the terminal has
pinentry-curses installed. I'll try adding pinentry-qt4 (which added pinentry-qt)
and it now opens the encrypted file without complaint, the first time asking for the passphrase in a popup, after that it just opens it.

Error message about GnuPG-agent still there on both machines although gpg-agent IS running.

Problem solved. Thank you for your help ipwizard.

A clean install of Neon with KMyMoney and Kpgp did not install pinentry-qt, which needs to be there.

There seems to be a default window of 10 minutes after KMyMoney is closed. Opening it again anytime within that window causes it to load without asking for the passphrase. If you leave it closed for longer than 10 minutes, it does request the passphrase.

I had thought that when closing and re-opening KMyMoney I would immediately be prompted for the passphrase. Having it open without the passphrase threw me. Now that I'm aware of the 10 minute window I'm happy.

From man gpg-agent:

Code: Select all

       --default-cache-ttl n
              Set  the  time a cache entry is valid to n seconds.  The default
              is 600 seconds.