Bug 115538 - GnuPG / OpenPGP keys not found on macOS unless from command line (fixed for Intel macs, persisting on Apple Silicon see comment #56)
Summary: GnuPG / OpenPGP keys not found on macOS unless from command line (fixed for I...
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
6.0.2.1 release
Hardware: All macOS (All)
: high major
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: implementationError
: 116638 126098 132425 137584 146185 (view as bug list)
Depends on:
Blocks: MacOS-Wishlist Digital-Signatures 113278
  Show dependency treegraph
 
Reported: 2018-02-08 07:29 UTC by Florian Effenberger
Modified: 2022-02-15 11:08 UTC (History)
16 users (show)

See Also:
Crash report or crash signature:
Regression By:


Attachments
GPGME debug trace (12.06 KB, text/plain)
2018-03-27 17:27 UTC, Tony Kinyua
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Effenberger 2018-02-08 07:29:53 UTC
Description:
Running LibreOffice 6.0 on mac OS 10.13 with GPGTools 2017.3.

No PGP keys/signatures are found when LibreOffice is started from Spotlight or directly via double click on ODF file.

This is both visible in the settings when no predefined PGP key can be chosen, and in the signature dialog, when no PGP is offered.

Regular X.509 certificates work (from within Thunderbird's profile).

Verifying existing signatures yields to an error message with "broken/unknown signature".

Starting LibreOffice via "open /Applications/LibreOffice.app", or "open file.odt" or "/Applications/LibreOffice.app/Contents/MacOS/soffice" does find the key.

I assume it has something to do with the path to GPGTools, but no idea how to chase this. Both PATH and /etc/paths.d seem to contain the right path.

I can confirm above behaviour on two different machines.

Steps to Reproduce:
1. Open LibreOffice
2. Go to Settings, Encryption

Actual Results:  
PGP keys shown as option for default keys

Expected Results:
No PGP keys available


Reproducible: Always


User Profile Reset: Yes



Additional Info:
Version: 6.0.0.3
Build-ID: 64a0f66915f38c6217de274f0aa8e15618924765
CPU-Threads: 8; BS: Mac OS X 10.13.3; UI-Render: Standard; 
Gebietsschema: de-DE (de_DE.UTF-8); Calc: group


User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0
Comment 1 Alex Thurgood 2018-02-12 09:22:35 UTC
I can't find my GnuPG key via LibreOffice :

Version: 6.0.0.3
Build ID: 64a0f66915f38c6217de274f0aa8e15618924765
Threads CPU : 8; OS : Mac OS X 10.13.3; UI Render : par défaut; 
Locale : fr-FR (fr_FR.UTF-8); Calc: group

I'm guessing that this is because the gnupg folder is hidden in the file system by default in MacOS.
Comment 2 Alex Thurgood 2018-02-12 09:28:47 UTC
OK, so even after making the gnupg folder visible, LO still can't find any keys.
Comment 3 Alex Thurgood 2018-02-12 09:29:18 UTC Comment hidden (obsolete)
Comment 4 Thorsten Behrens (allotropia) 2018-02-12 14:53:58 UTC Comment hidden (obsolete)
Comment 5 Hans-Gerd Ernst 2018-02-13 16:58:28 UTC
Libre Office 6.0.0.3 does not find the GPG-certificate to digitally sign an odt-file. 


Some information about the environment: 

Version: 6.0.0.3
Build ID: 64a0f66915f38c6217de274f0aa8e15618924765
CPU threads: 2; OS: Mac OS X 10.10.5; UI render: default; 
Locale: en-GB (en_GB.UTF-8); Calc: group

GPGTools, 2017(GPL v3)

Firefox 58.0.2
Comment 6 Arturo Candela 2018-03-03 10:14:31 UTC
Hi maybe the bug is related with the cryptography module of LibreOffice in Mac.

If you want, tell me and I will open another bug. I've been trying to sign a document with my software X509 and with my Spanish Identification Smart Card (Known in Spain as DNIe)(PKCS Module). 

LibreOffice Version: 6.0.2.1 with Spanish Translation.

That's what I got:

If I use the Latest Version of Firefox (58.0.2-64bit Mac) profile with the PCKS #11 configured I'm able to view all of my software certificates but not the ones installed in the smartCard. And if I run LibreOffice from the command line I get the following messages:

(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed

Instead, if change the security profile to Thunderbird (52.6.0-64bit Mac) profile with the PCKS #11 I'm able to view all of my certificates - LibreOffice asks me for the DNIe key - And I'm able to sign using the certificates from the Smart Card.

In both cases when I reopen LibreOffice, It tells me that the original document has been modified.
Comment 7 Alex Thurgood 2018-03-27 14:17:10 UTC
*** Bug 116638 has been marked as a duplicate of this bug. ***
Comment 8 Tony Kinyua 2018-03-27 14:54:41 UTC
(In reply to Alex Thurgood from comment #7)
> *** Bug 116638 has been marked as a duplicate of this bug. ***

I can confirm that both LO & LODev when opened via the terminal "open "/Applications/LibreOffice.app"" and  "open "/Applications/LibreOfficeDev.app"" do show the PGP signatures/keys.

Ditto to opening a document via the CLI ---> "open "Some_Document.odt"

I went a bit further and checked Preferences--Security--Certificate Path. It seems to be looking for signatures in a Firefox directory something like "/Users/tony/Library/Application Support/Firefox/Profiles/rw7dqdyo.default-1234567890123"

Might be grasping at straws here but does it mean that the certficate/key/signature store for Firefox is being used as default? The directory is the same in both LO and LODev whether opened via CLI or GUI only that when opened in CLI mode we have the OpenPGP keys now present.
Comment 9 Tony Kinyua 2018-03-27 14:59:38 UTC
(In reply to Kysh from comment #8)
> (In reply to Alex Thurgood from comment #7)
> > *** Bug 116638 has been marked as a duplicate of this bug. ***
> 
> I can confirm that both LO & LODev when opened via the terminal "open
> "/Applications/LibreOffice.app"" and  "open
> "/Applications/LibreOfficeDev.app"" do show the PGP signatures/keys.
> 
> Ditto to opening a document via the CLI ---> "open "Some_Document.odt"
> 
> I went a bit further and checked Preferences--Security--Certificate Path. It
> seems to be looking for signatures in a Firefox directory something like
> "/Users/tony/Library/Application
> Support/Firefox/Profiles/rw7dqdyo.default-1234567890123"
> 
> Might be grasping at straws here but does it mean that the
> certficate/key/signature store for Firefox is being used as default? The
> directory is the same in both LO and LODev whether opened via CLI or GUI
> only that when opened in CLI mode we have the OpenPGP keys now present.

Also seeking some clarification on the error "Could not find any certificate manager" when you click on the start certificate manager under Digital Signature, just what is LO looking for as a certificate manager?
Comment 10 Thorsten Behrens (allotropia) 2018-03-27 15:22:46 UTC
(In reply to Kysh from comment #8)
> I can confirm that both LO & LODev when opened via the terminal "open
> "/Applications/LibreOffice.app"" and  "open
> "/Applications/LibreOfficeDev.app"" do show the PGP signatures/keys.
> 
> Ditto to opening a document via the CLI ---> "open "Some_Document.odt"

This is helpful feedback.

So how this works internally, is that there's a library called gpgme, that will try & find a system-wide gpg install, by looking for a gpgconf binary in the PATH (and getting everything else from the output of that binary)

It _seems_ relevant that all uses from a shell work, and uses from the Finder do not. Until I manage to setup a debuggable build on Mac, perhaps getting trace output from gpgme might provide further clues: https://www.gnupg.org/documentation/manuals/gpgme/Debugging.html ?
Comment 11 Tony Kinyua 2018-03-27 17:27:49 UTC Comment hidden (obsolete)
Comment 12 Tony Kinyua 2018-03-27 17:32:59 UTC
(In reply to Kysh from comment #11)
> Created attachment 140919 [details]
> GPGME debug trace

Did a bit more digging and also ran a trace against gpgme.

I see my shell has, as part of the PATH environment, /usr/local/MacGPG2/bin. The trace output when LO opened via CLI also confirms that its using that path for the various binaries for GPG.

I see no output whatsoever on the trace when launched from GUI. Attached the initial trace output as its quite large. Let me know if more output will be needed.
Comment 13 Thorsten Behrens (allotropia) 2018-03-27 20:50:47 UTC
(In reply to Kysh from comment #12)
> I see no output whatsoever on the trace when launched from GUI. Attached the
> initial trace output as its quite large. Let me know if more output will be
> needed.

That's unfortunate, since that's the interesting part. Regardless, I'm now reasonably sure it's the missing path for GUI applications - if you could try setting this globally, as per https://serverfault.com/questions/16355/how-to-set-global-path-on-os-x , to /usr/local/MacGPG2/bin and retry (possibly after reboot) ?

If that's confirmed, I'll need to dig a bit how that's implemented for other client code, e.g. EnigMail on OSX...
Comment 14 Thorsten Behrens (allotropia) 2018-03-27 20:57:24 UTC
Ah hmm, it appears Apple is changing launchd there frequently.

Now the methods du jour are described here:

* https://apple.stackexchange.com/questions/106355/setting-the-system-wide-path-environment-variable-in-mavericks
* https://apple.stackexchange.com/questions/289060/setting-variables-in-environment-plist
Comment 15 Tony Kinyua 2018-03-27 23:17:23 UTC
(In reply to Thorsten Behrens (CIB) from comment #14)
> Ah hmm, it appears Apple is changing launchd there frequently.
> 
> Now the methods du jour are described here:
> 
> *
> https://apple.stackexchange.com/questions/106355/setting-the-system-wide-
> path-environment-variable-in-mavericks
> *
> https://apple.stackexchange.com/questions/289060/setting-variables-in-
> environment-plist

I can confirm setting the path in environment.plist as suggested above works for both LO and LODev (When launched from Dock and Launchpad)

However one caveat is that this method will not work for launching via Spotlight. When launched via Spotlight no keys are found.
Comment 16 Tony Kinyua 2018-04-01 00:14:31 UTC
Seems there might be a way to set the PATH within LO itself. Was looking at https://superuser.com/questions/476752/setting-environment-variables-in-os-x-for-gui-applications/787415#787415 and also https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/LaunchServicesKeys.html#//apple_ref/doc/uid/20001431-106825 especially the LSEnvironment key.

Unfortunately my attempts at modifying the Info.plist of LO caused it to be unable to start suggesting that my edits might have been wrongly placed or just not right.

Have had to revert back to the environment.plist method.
Comment 17 Joseph 2018-04-06 14:43:55 UTC
MacOSX LibreOffice version 6.0.2.1 
buildID:  f7f06a8f319e4b62f9bc5095aa112a65d2f3ac89 

does not show gpg key to pick from, during sign action.

In same situation, clicking on the 'Start Certificate Manager' button, gives an "Impossible to find a certificate manager' notification.

On the sistem GPGTools is installed.
Comment 18 Joseph 2018-04-06 14:55:23 UTC
The report I make is valid ONLY on:

1. running LO clicking his icon from or from the docker 
2. running LO from the FileManager (Finder)
3. if double clikked an .odt file.

Only if run via "open /Application/Libreoffice.app" the gpg keys are listed.
Comment 19 Hans-Gerd Ernst 2018-04-06 18:47:05 UTC
I am able to digitally sign an .odt file if I start LibreOffice by "open /Applications/Libreoffice.app"

When I start LibreOffice once again from the CLI and open the signed document, a blue bar appears on top of the document saying  "This document is digitally signed and the signature is valid."

Pressing the "Show Signatures" button the details about this signature are displayed. 

When I start LibreOffice from the dock and open the digitally signed document a red bar is displayed on top of the document saying "The signature is invalid." 

Pressing the "Show Signatures" button the details about this signature are displayed.
Comment 20 Xisco Faulí 2018-04-09 20:35:12 UTC Comment hidden (obsolete)
Comment 21 Tony Kinyua 2018-05-29 16:51:01 UTC
Just noticed that after applying the environment.plist hack one can sign the document or view the signature without an error.

Should another document be opened via the File-->Open method, the signature is invalid if it exists or the document cannot be signed with the PGP key.

The same is also evident when one tries to sign an existing PDF document using the File-->Digital Signatures-->Sign existing PDF

Am on:-
Version: 6.0.4.2
Build ID: 9b0d9b32d5dcda91d2f1a96dc04c645c450872bf
CPU threads: 4; OS: Mac OS X 10.13.4; UI render: default; 
Locale: en-GB (en_GB.UTF-8); Calc: group
Comment 22 bunkem 2018-06-18 17:16:14 UTC
I noticed this bug today as I've not tried digitally sign a document.

This problem also exists in 6.2a
Version: 6.2.0.0.alpha0+
Build ID: c8d95ccecfcd31b720fdff67bbd6acbdceaf2546
CPU threads: 8; OS: Mac OS X 10.11.6; UI render: default; 
TinderBox: MacOSX-x86_64@49-TDF, Branch:master, Time: 2018-06-18_00:27:45
Locale: en-CA (en.UTF-8); Calc: group threaded

From the dialog File:Properties:Digital Signatures, there is no certificates listed as identified earlier.  The "Start Certificate Manager" doesn't work either.

It would be helpful to have some documentation so I can help figure out what is happening.  I realize that this request is also a bug.
Comment 23 Gunther Strube 2018-09-26 16:36:50 UTC
I can confirm same problem (no certificate listed) on LO:

Version: 6.1.1.2
Build ID: 5d19a1bfa650b796764388cd8b33a5af1f5baa1b
CPU threads: 8; OS: Mac OS X 10.11.6; UI render: default; 

I can sign if LO is started with open on terminal, however, GPG certificate is not listed for document signing when LO is started from Finder.
Comment 24 Luc Lalonde 2018-11-28 12:54:30 UTC
Can't use PGP certs wether I open from command line or Finder:

Version: 6.1.3.2
Build ID: 86daf60bf00efa86ad547e59e09d6bb77c699acb
CPU threads: 8; OS: Mac OS X 10.14.1; UI render: default; 
Locale: en-CA (en_CA.UTF-8); Calc: group threaded
Comment 25 Frank Fuchs 2018-11-29 13:25:10 UTC
Same Problem here:
GPG Suite Build 2380 (latest nightly)
and LibO 6.1.3.2 on macOS 10.14.1
Comment 26 Doug Nix 2019-01-21 18:20:02 UTC
No PGP keys/signatures are found when LibreOffice is started from Spotlight or directly via double click on ODF file.

This is both visible in the settings when no predefined PGP key can be chosen, and in the signature dialogue, when no PGP is offered.

Steps to Reproduce:
1. Open LibreOffice
2. Go to Settings, Encryption

Actual Results:  
PGP keys are shown as an option for default keys

Expected Results:
No PGP keys available

Reproducible: Always

Additional Info:
Version: 6.1.4.2
Build ID: 9d0f32d1f0b509096fd65e0d4bec26ddd1938fd3
CPU threads: 4; OS: Mac OS X 10.14.2; UI render: GL; 
Locale: en-CA (en_CA.UTF-8); Calc: group threaded
Comment 27 Johan Havermans 2019-01-25 12:59:48 UTC
I think I found a work around that enable LibreOffice version 6.1.4.2 on Mac OS High Sierra to find my PGO key and sign a document. It is still a bug of course when I update LO. My work around is inspired by  https://apple.stackexchange.com/questions/51677/how-to-set-path-for-finder-launched-applications

First, my Mac PGO tools are installed in:
/usr/local/MacGPG2/bin
This path also is shown when doing echo $PATH in Terminal.app


Here is what I did:
Step 1: Close LibreOffice and open in your text editor 
/Applications/LibreOffice.app/Contents/Info.plist 

Step 2: Just above the line 
<key>CFBundleExecutable</key>
I added:

<key>LSEnvironment</key>
<dict>
     <key>PATH</key>
     <string>/usr/local/MacGPG2/bin:</string>
</dict>

Step 3: Save the info.plist

Step 4: Open Terminal.app and execute
/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -v -f /Applications/LibreOffice.app

Step 5: Launch LO
Go to LO/Preferences/User Data, and you can select your PGP signing key from the drop down list. When you create a Writer document, and digitally sign it, you can do that too.

Hope this helps to fix this bug upstream
Johan
Comment 28 Tony Kinyua 2019-02-05 12:39:53 UTC
(In reply to Johan Havermans from comment #27)
--snip--
> Here is what I did:
> Step 1: Close LibreOffice and open in your text editor 
> /Applications/LibreOffice.app/Contents/Info.plist 
> 
> Step 2: Just above the line 
> <key>CFBundleExecutable</key>
> I added:
> 
> <key>LSEnvironment</key>
> <dict>
>      <key>PATH</key>
>      <string>/usr/local/MacGPG2/bin:</string>
> </dict>
> 
> Step 3: Save the info.plist
--snip--
Hi Johan,

After you did this have you restarted your Mac? On my end it works but once the machine is restarted then LibreOffice does not start. Tried to open via Dock, Launchpad, Finder but nothing was happening and no error reported. Its only when launched via Terminal that I got an error report

kysh@kysh /p/tmp > open /Applications/LibreOffice.app
LSOpenURLsWithRole() failed with error -10810 for the file /Applications/LibreOffice.app.

Once I remove the changes in Info.plist then LibreOffice starts working.

If I put back the changes it works as well until I restart the machine. I had encountered something similar earlier on in this thread (Comment 16).

@Thorsten: Hopefully this feedback sheds some light towards resolving this issue
Comment 29 Alex Thurgood 2019-06-26 07:30:23 UTC
*** Bug 126098 has been marked as a duplicate of this bug. ***
Comment 30 steve 2019-06-26 12:50:11 UTC
This should be solvable if LibreOffice would look for gpg in "/usr/local/bin" or "/usr/local/MacGPG2/bin".
Comment 31 Xisco Faulí 2019-06-26 15:06:13 UTC
(In reply to steve -_- from comment #30)
> This should be solvable if LibreOffice would look for gpg in
> "/usr/local/bin" or "/usr/local/MacGPG2/bin".

On Win, we use the flag 'w32-inst-dir' to indicate where the spawn helper is < https://opengrok.libreoffice.org/xref/core/xmlsecurity/source/gpg/SecurityEnvironment.cxx?r=64faea31#48 > there's no similar flag for mac
Comment 32 Xisco Faulí 2019-06-27 09:29:20 UTC Comment hidden (obsolete)
Comment 33 Tony Kinyua 2019-06-27 16:33:52 UTC
(In reply to Xisco Faulí from comment #32)
> I think it's fare to increase the importance...

Hi Xisco,

Am available anytime to test this. Let me know if any help is needed.

Am able to work round this (See earlier on this thread) but its not permanent across upgrades or anytime when I close LO.
Comment 34 Luc Lalonde 2020-01-31 20:37:32 UTC
Two years later, now at version 6.4 of LibreOffice:  Bug still there!
Comment 35 steve 2020-04-29 08:00:29 UTC
*** Bug 132425 has been marked as a duplicate of this bug. ***
Comment 36 Andrew Watson 2020-05-11 11:43:04 UTC
Bug still present in:

Version: 7.0.0.0.alpha1
Build ID: 6a03b2a54143a9bc0c6d4c7f1...
CPU threads: 4; OS: Mac OS X 10.11.6; UI render: default; VCL: osx; 
Locale: en-GB (en_GB.UTF-8); UI: en-GB
Calc: threaded
Comment 37 Alex Thurgood 2020-06-12 15:10:07 UTC
I can neither get LO to detect GnuPG via the command line or via the application UI, and it fails to call up the certificate manager with an error message.

This is on Catalina 10.15.4 with LO6442.
Comment 38 Vladislav Velizarov 2020-06-15 06:42:47 UTC
There is the same problem in the company where I work we use LibreOffice and under Mas OS we have the same problem through the user interface of the application can not call the certificate manager.
Mac OS X - Catalina OS Version 10.15.5
Mac OS X - Catalina OS Version 10.15.4
Comment 39 Alex Thurgood 2020-10-19 07:58:42 UTC
*** Bug 137584 has been marked as a duplicate of this bug. ***
Comment 40 Sierk Bornemann 2020-10-26 15:57:42 UTC
Any progress on this issue?


What about implementing and providing


<key>LSEnvironment</key>
<dict>
     <key>PATH</key>
     <string>/usr/local/MacGPG2/bin:</string>
</dict>

if GPG2 from GPGTools (https://gpgtools.org/) is in use.

Or, to include also the path to GPG2, when provided by MacPorts (https://www.macports.org/):

<key>LSEnvironment</key>
<dict>
     <key>PATH</key>
     <string>/usr/local/MacGPG2/bin:/opt/local/bin:</string>
</dict>

or, to include the path to GPG2 (/usr/local/bin or /usr/local/Cellar/bin or the like, please verify and change accordingly), when provided via Homebrew:

<key>LSEnvironment</key>
<dict>
     <key>PATH</key>
     <string>/usr/local/MacGPG2/bin:/opt/local/bin:/usr/local/bin:</string>
</dict>

in Info.plist

as already proposed in Comment #27, Comment #28 respecting https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/LaunchServicesKeys.html#//apple_ref/doc/uid/20001431-106825

?



Info.plist:

https://github.com/LibreOffice/core/blob/master/sysui/desktop/macosx/Info.plist.in
https://cgit.freedesktop.org/libreoffice/core/tree/sysui/desktop/macosx/Info.plist.in
Comment 41 Alex Thurgood 2021-06-18 12:52:41 UTC
Still present in 

Version: 7.1.4.2 / LibreOffice Community
Build ID: a529a4fab45b75fefc5b6226684193eb000654f6
CPU threads: 4; OS: Mac OS X 10.16; UI render: default; VCL: osx
Locale: fr-FR (fr_FR.UTF-8); UI: fr-FR
Calc: threaded

with GPG Suite 2021.1
Comment 42 JunichiArai 2021-06-19 16:34:41 UTC
7.0.6.2
まだ修正されていません。
Comment 43 Ariel Grassano 2021-08-09 05:13:59 UTC
Hello.

I think that is an environment problem. When i open LibreOffice with terminal, its job fine.

- Open terminal
- cd /Applications
- open LibreOffice
- In Menu LibreOffice->Preferences, i can select gpg key

Bye.
Comment 44 Alex Thurgood 2021-08-10 14:13:34 UTC
(In reply to Ariel Grassano from comment #43)
> Hello.
> 
> I think that is an environment problem. When i open LibreOffice with
> terminal, its job fine.
> 

Thanks, but that is exactly what the title of the bug says.
Comment 45 Alex Thurgood 2021-08-27 14:42:14 UTC
Testing with 

Version: 7.2.0.4 / LibreOffice Community
Build ID: 9a9c6381e3f7a62afc1329bd359cc48accb6435b
CPU threads: 8; OS: Mac OS X 10.16; UI render: default; VCL: osx
Locale: fr-FR (fr_FR.UTF-8); UI: fr-FR
Calc: threaded


Still failing to find any GPG key, even if I launch LO from the Terminal, where "echo $PATH" shows that "/usr/local/MacGPG2/bin" is in the local path.
Comment 46 steve 2021-12-13 10:32:57 UTC
*** Bug 146185 has been marked as a duplicate of this bug. ***
Comment 47 Alex Thurgood 2021-12-20 08:39:00 UTC
Still present in 

Version: 7.2.4.1 / LibreOffice Community
Build ID: 27d75539669ac387bb498e35313b970b7fe9c4f9
CPU threads: 8; OS: Mac OS X 10.16; UI render: default; VCL: osx
Locale: fr-FR (fr_FR.UTF-8); UI: fr-FR
Calc: threaded
Comment 48 steve 2022-02-01 13:16:06 UTC
Version: 7.4.0.0.alpha0+ / LibreOffice Community
Build ID: beb6c62e990599d91ac5d9183164c94d269027d3
CPU threads: 8; OS: Mac OS X 10.16; UI render: default; VCL: osx
Locale: de-DE (en_DE.UTF-8); UI: en-US
Calc: threaded

does show OpenPGP keys in Settings > LO > User Data for both `OpenPGP signing key:` and `OpenPGP encryption key:`. I also managed to sign I think. The UI for this is highly confusing and also wrong (OpenPGP key lists shows but dialog has "Select X.509 Certificate" as title) but those are problems to be tackled subsequently.

The fact that OpenPGP keys are showing at all on macOS in LibreOffice is a huge improvement as this has been broken since its initial implementation back in 2018.

Can someone else confirm OpenPGP keys do show now and can be selected in Settings > LO > User Data please. Nightly build is here: https://dev-builds.libreoffice.org/daily/master/current.html
Comment 49 Thorsten Behrens (allotropia) 2022-02-01 13:43:30 UTC
Nice! I've recently updated gpgme on master, so it seems upstream fixed the problems on Mac.
Comment 50 Andrew Watson 2022-02-01 14:19:00 UTC
(In reply to steve from comment #48)
> Version: 7.4.0.0.alpha0+ / LibreOffice Community
> Build ID: beb6c62e990599d91ac5d9183164c94d269027d3
> CPU threads: 8; OS: Mac OS X 10.16; UI render: default; VCL: osx
> Locale: de-DE (en_DE.UTF-8); UI: en-US
> Calc: threaded
> 
> does show OpenPGP keys in Settings > LO > User Data for both `OpenPGP
> signing key:` and `OpenPGP encryption key:`. I also managed to sign I think.

<snip>

> Can someone else confirm OpenPGP keys do show now and can be selected in
> Settings > LO > User Data please. Nightly build is here:
> https://dev-builds.libreoffice.org/daily/master/current.html

Tested with:

Version: 7.4.0.0.alpha0+ / LibreOffice Community
Build ID: beb6c62e990599d91ac5d9183164c94d269027d3
CPU threads: 4; OS: Mac OS X 10.14.6; UI render: Skia/Metal; VCL: osx
Locale: en-GB (en_GB.UTF-8); UI: en-US
Calc: threaded

GPG private key does indeed show up in Preferences>LibreOffice>User Data when LO is run by double-clicking on LibreOffice icon.

However (and this is probably a separate bug), there is no "Encrypt with GPG key" check-box in "Save As ..." dialog box when UseSystemFileDialog is True (i.e. when using MacOS Save dialogue boxes). One has to set UseSystemFileDialog to False (via Preferences>LibreOffice>Advanced>Open Expert Configuration, then seaching for "UseSystemFileDialogue" and toggling the Boolean) before it's actually possible to save an encryted document.
Comment 51 Alex Thurgood 2022-02-01 14:47:00 UTC
(In reply to steve from comment #48)

 
> Can someone else confirm OpenPGP keys do show now and can be selected in
> Settings > LO > User Data please. Nightly build is here:
> https://dev-builds.libreoffice.org/daily/master/current.html


Sorry, I still don't see anything in the User Data pane with:


Version: 7.4.0.0.alpha0+ / LibreOffice Community
Build ID: beb6c62e990599d91ac5d9183164c94d269027d3
CPU threads: 8; OS: Mac OS X 10.16; UI render: default; VCL: osx
Locale: fr-FR (fr_FR.UTF-8); UI: en-US
Calc: threaded

GPGKeychain 1.9 (1676)

unless I'm doing something wrong.
Comment 52 steve 2022-02-08 13:00:11 UTC
@Alex: can you double check your secret key (and subkey) are valid. Are you using a self-compiled build or a build from the nightly CI?

I have updated to macOS 12.2 and am still able to access my secret key in Version: 7.4.0.0.alpha0+ / LibreOffice Community
Build ID: beb6c62e990599d91ac5d9183164c94d269027d3
CPU threads: 8; OS: Mac OS X 10.16; UI render: default; VCL: osx
Locale: de-DE (en_DE.UTF-8); UI: en-US
Calc: threaded

I am calling this fixed since at least one other users confirmed this is working for them (comment #50).

However, various new bug reports are needed to make this usable for end-users. I think your outstanding issue should also be a new bug report as the initial problem here seems gone.

Seeting to fixed despite not having a commit since Thorsten confirmed updating gpgme in comment #49.
Comment 53 Alex Thurgood 2022-02-09 12:24:26 UTC
(In reply to steve from comment #52)
> @Alex: can you double check your secret key (and subkey) are valid. Are you
> using a self-compiled build or a build from the nightly CI?
>

Hi Steve,

I have 2 GPG keys in my keychain for 2 different email addresses, one is valid until 27/08/2025, and the other is valid until 22/09/2022.


> 
> I am calling this fixed since at least one other users confirmed this is
> working for them (comment #50).
> 

I deleted my LODev profile folder from Application Support, and restarted:

Version: 7.4.0.0.alpha0+ / LibreOffice Community
Build ID: beb6c62e990599d91ac5d9183164c94d269027d3
CPU threads: 8; OS: Mac OS X 10.16; UI render: Skia/Metal; VCL: osx
Locale: fr-FR (fr_FR.UTF-8); UI: en-US
Calc: threaded

There is still no GPG key selectable under the Preferences menu, either for signing or encrypting. I've tried filling in my user details, email address, and pointing to Thunderbird in the email preferences (just in case) of the LO user configuration - to no avail.


Output of ls .gnupg from the terminal:

S.gpg-agent		gnupg			pubring.kbx~
S.gpg-agent.browser	gpg-agent.conf		random_seed
S.gpg-agent.extra	gpg.conf		tofu.db
S.gpg-agent.ssh		openpgp-revocs.d	trustdb.gpg
crls.d			private-keys-v1.d
dirmngr.conf		pubring.kbx

Not sure what else I'm supposed to be doing here.
Comment 54 steve 2022-02-09 23:30:18 UTC
Version: 7.4.0.0.alpha0+ / LibreOffice Community
Build ID: beb6c62e990599d91ac5d9183164c94d269027d3
CPU threads: 8; OS: Mac OS X 10.16; UI render: default; VCL: osx
Locale: de-DE (en_DE.UTF-8); UI: en-US
Calc: threaded

UI render default here. Not sure if this is another thing that gets strange results when skia is used? Otherwise we seem to be using the identical build.
Comment 55 Alex Thurgood 2022-02-10 11:26:29 UTC
I tested this on an ARM M1 MacMini also, in addition to my ARM M1 MacbookPro.

LibreOffice still fails to find my GPG keys under Preferences > User Data with master LODev 7400 alpha from 10/02/2022.

Can the people who reported that it is now working indicate whether their processor is Intel or Arm ? I don't see that in the comments so far and it might have a bearing.
Comment 56 Alex Thurgood 2022-02-10 12:16:27 UTC
Have just tested this on:

Macmini
mac Monterey 12.1 (21C52)
3,6 GHz Intel Core i3 quadricore

with 

Version: 7.4.0.0.alpha0+ / LibreOffice Community
Build ID: a5c6fbe247ee9f9b2fba828d1360748c3fe4642b
CPU threads: 4; OS: Mac OS X 10.16; UI render: Skia/Metal; VCL: osx
Locale: fr-FR (fr_FR.UTF-8); UI: en-US
Calc: threaded

and can confirm that the GPG key is visible in the User > Data preferences pane.


So, I am confirming that this now works with Intel arch Macs and not Apple M1 Silicon.

However, that doesn't solve the problem for M1 (or upcoming M2) Apple Silicon processors.