Can't get gnus to work with Gmail and GPG

Question

I was once able to read and write my Gmail email in Gnus, but now I am unable to and can't figure out the problem. There seem to be several problems -- (a) with my gpg2 setup; (b) with my gnus nnimap and gmane server connections; and (c) with the smtp connection. I have my email address and an app-specifc Gmail password in ~/.authinfo.gpg. I have reviewed other answers on similar topics but can't get it to work.

I am using OSX Sierra 12.2.1.

Error messages:

Opening gnus:

nntp (news.gmane.org) open error: `'. Continue?(y or n)
;; y -->
"Warning: Opening nnimap server on gmail...failed: ; Unable to open server nnimap+gmail due to: GPG error: \"no usable configuration\", OpenPGP; Opening nntp server on news.gmane.org...failed: ; Server nntp+news.gmane.org previously determined to be down; not retrying; Opening nntp server on news.gmane.org...failed: ; Server nntp+news.gmane.org previously determined to be down; not retrying; Unable to open server nntp+news.gmane.org due to: GPG error: \"no usable configuration\", OpenPGP"

Notwithstanding all of that, I've drafted an email and try to send it, and I get this SMTP error (note that I have starttls-gnutls-program set to /usr/local/bin/gnutls-cli; when I run this on the command line outside emacs, I get the message "No hostname specified.")

/bin/bash: gnutls-cli: command not found

Process smtpmail exited abnormally with code 127
/bin/bash: gnutls-cli: command not found

Process smtpmail exited abnormally with code 127
2837:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64/src/ssl/s23_clnt.c:618:
CONNECTED(00000008)

Process smtpmail finished

Setup info:

Emacs version:
"GNU Emacs 25.1.50.1 (x86_64-apple-darwin15.5.0, NS appkit-1404.47 Version 10.11.5 (Build 15F34))
 of 2016-07-11"

GPG2:

01:42 name@macbook ~ $ gpg2 --version
gpg (GnuPG) 2.0.30
libgcrypt 1.7.3

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224

Config:

(setq auto-encryption-mode 'nil)

;; set up gpg agent
(setq epg-gpg-program "/usr/local/Cellar/gnupg2/2.0.30_2/bin/gpg2")
;(setq epg-gpg-program "/usr/local/Cellar/gnupg2/2.0.30_2/bin/gpg2")
(epg-config--make-gpg-configuration epg-gpg-program)

(require 'nnir)
;; (setq gnus-select-method '(nntp "news.gmane.org")) ;; if you read news groups

(setq user-mail-address ""
      user-full-name    ""
      mml2015-signers '(""))
(setq gnus-select-method '(nnml ""))
;; @see http://gnus.org/manual/gnus_397.html
(setq gnus-select-method
             '(nnimap "gmail"
                      (nnimap-address "imap.gmail.com")
                      (nnimap-server-port 993)
                      (nnimap-stream ssl)
             (nnimap-authinfo-file "~/.authinfo.gpg")))

;; Read HTML mail
;; You need install the command line brower 'w3m' and Emacs plugin 'w3m'
(setq mm-text-html-renderer 'w3m)
;; Setup to send email through SMTP
(setq message-send-mail-function 'smtpmail-send-it
      smtpmail-default-smtp-server "smtp.gmail.com"
      smtpmail-smtp-service 587
      nntp-authinfo-file "~/.authinfo.gpg"
      gnus-agent nil
      gnus-message-archive-group nil
      mml2015-encrypt-to-self t)
(setq gnus-thread-sort-functions
      '((not gnus-thread-sort-by-date)
        (not gnus-thread-sort-by-number)))
(setq gnus-thread-hide-subtree t)
(setq gnus-thread-ignore-subject t)
(setq gnus-use-correct-string-widths nil)
(setq gnus-use-cache t)
(setq gc-cons-threshold 3500000)
(eval-after-load 'gnus-topic
  '(progn
     (setq gnus-message-archive-group '((format-time-string "sent.%Y")))
     (setq gnus-server-alist '(("archive" nnfolder "archive" (nnfolder-directory "~/Mail/archive")
                                (nnfolder-active-file "~/Mail/archive/active")
                                (nnfolder-get-new-mail nil)
                                (nnfolder-inhibit-expiry t))))
     (setq gnus-topic-topology '(("Gnus" visible)
                                 (("misc" visible)) 
                                (("gmail" visible nil nil))))
     (setq gnus-topic-alist '(("gmail" ; the key of topic
                               "INBOX"
                               "[Gmail]/Sent Mail"
                               "[Gmail]/Trash"
                               "Sent Messages"
                               "Drafts")
                              ("misc" ; the key of topic
                               "nnfolder+archive:sent.2015-12"
                               "nnfolder+archive:sent.2016"
                               "nnfolder+archive:sent.2017"
                               "nndraft:drafts")
                              ("Gnus")))))
;; Attempt to encrypt all the mails we'll be sending.
(add-hook 'message-setup-hook 'mml-secure-message-encrypt)
;; Add two key bindings for your Gmail experience.
(add-hook 'gnus-summary-mode-hook 'my-gnus-summary-keys)
(defun my-gnus-summary-keys ()
  (local-set-key "y" 'gmail-archive)
  (local-set-key "$" 'gmail-report-spam))
(defun gmail-archive ()
  "Archive the current or marked mails.
This moves them into the All Mail folder."
  (interactive)
  (gnus-summary-move-article nil "nnimap+imap.gmail.com:[Gmail]/All Mail"))
(defun gmail-report-spam ()
  "Report the current or marked mails as spam.
This moves them into the Spam folder."
  (gnus-summary-move-article nil "nnimap+imap.gmail.com:[Gmail]/Spam"))
;; Encryption
(require 'epg-config)
 (setq mml2015-use 'epg
       mml2015-verbose t
       epg-user-id ""
       mml2015-encrypt-to-self t
       mml2015-always-trust nil
       mml2015-cache-passphrase t
       mml2015-passphrase-cache-expiry '36000
       mml2015-sign-with-sender t
       gnus-message-replyencrypt t
       gnus-message-replysign t
       gnus-message-replysignencrypted t
       gnus-treat-x-pgp-sig t
;;       mm-sign-option 'guided
;;       mm-encrypt-option 'guided
       mm-verify-option 'always
       mm-decrypt-option 'always
       gnus-buttonized-mime-types
       '("multipart/alternative"
         "multipart/encrypted"
         "multipart/signed")
      epg-debug t ;;  then read the *epg-debug*" buffer
)
  (setq send-mail-function         'smtpmail-send-it
        message-send-mail-function 'message-smtpmail-send-it
        smtpmail-smtp-server       "smtp.gmail.com")
(setq 
 send-mail-function 'smtpmail-send-it
 message-send-mail-function 'smtpmail-send-it
 user-mail-address "email@gmail.com"
 smtpmail-starttls-credentials '(("smtp.gmail.com" "587" nil nil))
 smtpmail-auth-credentials  (expand-file-name "~/.authinfo.gpg")
 smtpmail-default-smtp-server "smtp.gmail.com"
 smtpmail-smtp-server "smtp.gmail.com"
 smtpmail-smtp-service 587
 smtpmail-debug-info t
 starttls-extra-arguments nil
 starttls-gnutls-program "/usr/local/bin/gnutls-cli"
 starttls-use-gnutls t
 )

I appreciate your help; I love emacs but have a lot to learn.

Answer 1

I assume you have already generated your public and private key pairs using gpg2. Before jumping into the gnus configuration there are some things you need to have done.

1. Setup Gmail to cooperate with Gnus

2. Setup ~/.authinfo.gpg

3. Make sure you have gnutls installed on your system

Let me elaborate:

1. Setup two step authentication and get an app password on Gmail. Lets assume your 16 characters secret app password is represented by secretpw.

2. Open ~/.authinfo.gpg in Emacs. Add the following lines to it:

   machine imap.gmail.com login mymail@gmail.com password secretpw port 993
   machine smtp.gmail.com login mymail@gmail.com password secretpw port 587
   

   When saving you might be asked to select recipients for encryption. Here you may want the one starting with u i.e. ultimate trust. Press m to mark it, tab to OK and hit enter. Close the file and reopen in Emacs again. It should ask for your password. If it doesn't, you are missing something.

3. On Mac systems you can install gnutls using brew install gnutls.

Now, lets extract your fingerprint using gpg2: gpg --fingerprint mymail@gmail.com. It looks something like: 1A38 75FD 21ED 85BE 5AC6 BF49 5C1A C924 7893 C0FD. We just need the last 8 characters which is 7893C0FD.

Finally we can write our configuration. I prefer writing it in ~/.gnus.el. Gnus knows about this file so no extra configuration to link this file.

(setq
 ;; You need to replace this email address with your own!
 user-mail-address "mymail@gmail.com"

 ;; You need to replace this key ID with your own key ID!
 mml2015-signers '("7893C0FD")

 ;; This tells Gnus to get email from Gmail via IMAP.
 gnus-select-method
 '(nnimap "gmail"
          ;; It could also be imap.googlemail.com if that's your server.
          (nnimap-address "imap.gmail.com")
          (nnimap-server-port 993)
          (nnimap-stream ssl))

 ;; This tells Gnus to use the Gmail SMTP server. This
 ;; automatically leaves a copy in the Gmail Sent folder.
 smtpmail-smtp-server "smtp.gmail.com"
 smtpmail-smtp-service 587
 ;; Tell message mode to use SMTP.
 message-send-mail-function 'smtpmail-send-it

 ;; This is where we store the password.
 nntp-authinfo-file "~/.authinfo.gpg"

 ;; Gmail system labels have the prefix [Gmail], which matches
 ;; the default value of gnus-ignored-newsgroups. That's why we
 ;; redefine it.
 gnus-ignored-newsgroups "^to\\.\\|^[0-9. ]+\\( \\|$\\)\\|^[\"]\"[#'()]"

 ;; The agent seems to confuse nnimap, therefore we'll disable it.
 gnus-agent nil

 ;; We don't want local, unencrypted copies of emails we write.
 gnus-message-archive-group nil

 ;; We want to be able to read the emails we wrote.
 mml2015-encrypt-to-self t)

You mentioned about GPG then probably you want to sign your messages or encrypt them. According to my experience it is good to encrypt messages but Gmail itself doesn't support decryption. So, it might be better to sign the message with your key to verify your identity. So, the two options are:

1. (add-hook 'message-setup-hook 'mml-secure-message-encrypt)
2. (add-hook 'message-setup-hook 'mml-secure-message-sign)
3. None to use Gmail as you did before

Some extras that you might like is archiving mails or marking them as spam. The keybindings after adding the below are y to archive your mails and $ to mark them as spam.

;; Add two key bindings for your Gmail experience.
(add-hook 'gnus-summary-mode-hook 'my-gnus-summary-keys)

(defun my-gnus-summary-keys ()
  (local-set-key "y" 'gmail-archive)
  (local-set-key "$" 'gmail-report-spam))

(defun gmail-archive ()
  "Archive the current or marked mails.
This moves them into the All Mail folder."
  (interactive)
  (gnus-summary-move-article nil "nnimap+imap.gmail.com:[Gmail]/All Mail"))

(defun gmail-report-spam ()
  "Report the current or marked mails as spam.
This moves them into the Spam folder."
  (interactive)
  (gnus-summary-move-article nil "nnimap+imap.gmail.com:[Gmail]/Spam"))

Finally you can start gnus using M-x gnus. You can use m from within *Groups* buffer or just C-x m to compose-mail. When sending your first email from Gnus, you might get a STARTTLS error. That probably means you skipped step 3 given in this answer. You will get a welcoming buffer to compose your message:

To: 
Subject: 
From: mymail@gmail.com (My Name)
--text follows this line--
<#secure method=pgpmime mode=sign>

You can decide whether you want to sign or encrypt or send a simple message.

1. To sign the message keep the above form as it is.
2. To encrypt the message modify the last line with mode=encrypt.
3. To send normal email remove the last line.

Now you can unlock your capabilities my pressing C-h m in *Group* buffer.

Source: https://github.com/kensanata/ggg