From owner-freebsd-ports@FreeBSD.ORG  Wed Jan  7 17:35:04 2015
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 551834B2
 for <freebsd-ports@freebsd.org>; Wed,  7 Jan 2015 17:35:04 +0000 (UTC)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
 [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.infracaninophile.co.uk",
 Issuer "ca.infracaninophile.co.uk" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id CF9A31903
 for <freebsd-ports@freebsd.org>; Wed,  7 Jan 2015 17:35:03 +0000 (UTC)
Received: from host-4-75.office.adestra.com (vpn-1.adestra.com [46.236.37.122])
 (authenticated bits=0)
 by smtp.infracaninophile.co.uk (8.15.1/8.15.1) with ESMTPSA id t07HYpi6087245
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <freebsd-ports@freebsd.org>; Wed, 7 Jan 2015 17:34:53 GMT
 (envelope-from matthew@FreeBSD.org)
Authentication-Results: smtp.infracaninophile.co.uk;
 dmarc=none header.from=FreeBSD.org
DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t07HYpi6087245
Authentication-Results: smtp.infracaninophile.co.uk/t07HYpi6087245;
 dkim=none reason="no signature"; dkim-adsp=none; dkim-atps=neutral
X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host
 vpn-1.adestra.com [46.236.37.122] claimed to be host-4-75.office.adestra.com
Message-ID: <54AD6E3B.5000005@FreeBSD.org>
Date: Wed, 07 Jan 2015 17:34:51 +0000
From: Matthew Seaman <matthew@FreeBSD.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10;
 rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: freebsd-ports@freebsd.org
Subject: Re: gnupg-2.1 -> 2.1 appears to break decryption of saved messages
References: <20141120192552.GJ31571@albert.catwhisker.org>
 <20150107134934.GA75522@dohhoghi.mutt.home.crhalpin.org>
 <20150107151612.GE14822@albert.catwhisker.org>
In-Reply-To: <20150107151612.GE14822@albert.catwhisker.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.98.5 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,
 URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 lucid-nonsense.infracaninophile.co.uk
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jan 2015 17:35:04 -0000

On 2015/01/07 15:16, David Wolfskill wrote:
> On Wed, Jan 07, 2015 at 07:49:34AM -0600, Corey Halpin wrote:
>> On 2014-11-20, David Wolfskill wrote:
>> ...
>>> Then, a few minutes ago, I tried to retrieve a password from one of my
>>> saved encrypted messages... only to be informed "Could not copy
>>> message".
>>
>>   I also enjoyed some friction trying to use gnupg 2.1 with mutt,
>> though I didn't get the "Could not copy message" error that you
>> report.
>>
>>   Instead I was seeing 'no secret key'.  In my case, this was resolved
>> by following the advice at
>>   https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase .
> 
> Thank you for digging further & reporting.
> 
> I tried your suggestion, but still see the same failure.
> 
> I then ran "ktrace -di mutt ..." to see what was going on (after
> replacing gnupg-2.0 with -2.1); that showed (after initialization):
> 
> ...
>   9268 gpg2     CALL  write(0x2,0x28c20800,0x28)
>   9268 gpg2     GIO   fd 2 wrote 40 bytes
>        "gpg: keydb_search failed: Invalid packet"
>   9268 gpg2     RET   write 40/0x28
>   9268 gpg2     CALL  write(0x2,0x80d54e4,0x1)
>   9268 gpg2     GIO   fd 2 wrote 1 byte
>        "
>        "
>   9268 gpg2     RET   write 1
>   9268 gpg2     CALL  write(0x2,0x28c20800,0x32)
>   9268 gpg2     GIO   fd 2 wrote 50 bytes
>        "gpg: encrypted with RSA key, ID 0xC0395DCCCFC71941"
>   9268 gpg2     RET   write 50/0x32
>   9268 gpg2     CALL  write(0x2,0x80d70d1,0x1)
>   9268 gpg2     GIO   fd 2 wrote 1 byte
>        "
>        "
>   9268 gpg2     RET   write 1
>   9268 gpg2     CALL  write(0x2,0x28c20800,0x25)
>   9268 gpg2     GIO   fd 2 wrote 37 bytes
>        "gpg: decryption failed: No secret key"
>   9268 gpg2     RET   write 37/0x25
>   9268 gpg2     CALL  write(0x2,0x80dc2ea,0x1)
>   9268 gpg2     GIO   fd 2 wrote 1 byte
>        "
>        "
>   9268 gpg2     RET   write 1
>   9268 gpg2     CALL  read(0x6,0x28c33000,0x2000)
>   9268 gpg2     GIO   fd 6 read 0 bytes
> ....
>   9263 mutt     RET   fstat 0
>   9263 mutt     CALL  lseek(0x6,0,SEEK_SET,0)
>   9263 mutt     RET   lseek 0
>   9263 mutt     CALL  read(0x6,0x28d29000,0x1000)
>   9263 mutt     GIO   fd 6 read 130 bytes
>        "gpg: keydb_search failed: Invalid packet
>         gpg: encrypted with RSA key, ID 0xC0395DCCCFC71941
>         gpg: decryption failed: No secret key
>        "
>   9263 mutt     RET   read 130/0x82
>   9263 mutt     CALL  read(0x6,0x28d29000,0x1000)
>   9263 mutt     GIO   fd 6 read 0 bytes
> ...
>   9263 mutt     CALL  write(0x1,0x28c40800,0x35)
>   9263 mutt     GIO   fd 1 wrote 53 bytes
>        0x0000 0d1b 5b33 316d 1b5b 3433 6d1b 5b31 6d44  |..[31m.[43m.[1mD|
>        0x0010 6563 7279 7074 696f 6e20 6661 696c 6564  |ecryption failed|
>        0x0020 1b5b 6d1b 5b33 393b 3439 6d1b 5b33 376d  |.[m.[39;49m.[37m|
>        0x0030 1b5b 3430 6d                             |.[40m|
> 
>   9263 mutt     RET   write 53/0x35
>   9263 mutt     CALL  write(0x1,0x28c40800,0x1)
>   9263 mutt     GIO   fd 1 wrote 1 byte
>        0x0000 07                                       |.|
> 
>   9263 mutt     RET   write 1
>   9263 mutt     CALL  write(0x1,0x28c40800,0x41)
>   9263 mutt     GIO   fd 1 wrote 65 bytes
>        0x0000 0d1b 5b33 316d 1b5b 3433 6d1b 5b31 6d43  |..[31m.[43m.[1mC|
>        0x0010 6f75 6c64 206e 6f74 2064 6563 7279 7074  |ould not decrypt|
>        0x0020 2050 4750 206d 6573 7361 6765 1b5b 6d1b  | PGP message.[m.|
>        0x0030 5b33 393b 3439 6d1b 5b33 376d 1b5b 3430  |[39;49m.[37m.[40|
>        0x0040 6d                                       |m|
> 
>   9263 mutt     RET   write 65/0x41
>   9263 mutt     CALL  close(0x5)
> ....
> 
>>   Namely:
>>   echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf
> 
> FWIW, I hadn't had a ~/.gnupg/gpg-agent.conf before doinbg that.
> 
>>   and editing my copy of mutt's gpg.rc to add '--pinentry-mode
>> loopback' to every gpg invocation involving a passphrase-fd.
>>
>>   After that, things were back to normal for me.
>> ...
> 
> Unfortunately, that wasn't my experience.  I'll revert back to gnupg-2.0
> for now.

I ran into this.  The trick is to re-import your key-rings into gpg
after the upgrade:

    cd ~/.gnupg
    mv pubring.gpg pubring-210.gpg
    mv secring.gpg secring-210.gpg
    mv trustdb.gpg trustdb-210.gpg
    gpg --import pubring-210.gpg
    gpg --import secring-210.gpg     (Prompts for passphrases)
    rm pubring-210.gpg
    rm secring-210.gpg
    mv trustdb-210.gpg trustdb.gpg

Then you should be able to do 'gpg --list-secret-keys' and similar, and
mutt should work properly again.

	Cheers,

	Matthew