Date: Tue, 2 Jan 2018 10:20:16 -0800 From: David Wolfskill <david@catwhisker.org> To: freebsd-ports@freebsd.org Subject: mail/mutt && security/gnupg (after gnupg20 -> gnupg) weirdness Message-ID: <20180102182016.GG1258@albert.catwhisker.org>
next in thread | raw e-mail | index | archive | help
--r8KQfZmTpEqOZYSi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I have been using mail/mutt & security/gnupg (latter switched to
security/gnupg20 back when gnupg20 port was created because of a
similar-looking issue to what's described in the first part of the
below narrative) for several years -- without enabling "gpgme" (in
case that turns out to be relevant).
As a result, I have a collection of messages that were sent to me that
contain information that was deemed suitable for encryption; I still
have occasion to refer to the contents of some of these messages, and
prefer to leave them stored in encrypted form when I am not actively
reading them.
This morning, during the daily update of installed ports on my
laptop, I saw:
=3D=3D=3D>>> The security/gnupg20 port moved to security/gnupg
=3D=3D=3D>>> Reason: Has expired: Will reach EOL upstream on 2017-1=
2-31
OK. I had vague memories that things didn't work very well last time
there was a "minor" upgrade to gnupg, so I deferred that part of the
upgrade until I could do a bit more research.
I soon found "Bug 196382 - security/gnupg breaks keyring on 2.1.1"
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D196382>. So I tried
the recipe listed in Comment 4, then verified that decryption still
worked (while gnupg20 was the version of gnupg that was installed).
That was successful, so I deleted security/gnupg20, then installed
security/gnupg; that done, I re-tried the decryption, which failed
("Could not decrypt PGP message"; "Could not copy message" -- these
messages from mutt).
I then re-did the recipe from Comment 4 (now that security/gnupg was
installed), then re-tried the decryption test; it (still) failed the
same way.
Trying the decryption again (under "ktrace -di") showed the following
messages being issued by gpg:
"gpg: WARNING: no command supplied. Trying to guess what you mean .=
=2E."
"gpg: encrypted with 2048-bit RSA key, ID C8A5439CFA5A0A07, created =
201\
5-11-29"
" "David H. Wolfskill <david@catwhisker.org>"
"gpg: public key decryption failed: Invalid IPC response"
"gpg: decryption failed: No secret key"
Following a hint obtained by searching on the above (particularly
the "gpg: public key decryption failed: Invalid IPC response" message),
I logged in to a machine that still has security/gnupg20 and used
gpg -e /etc/rc.conf
to encrypt a copy of that file with me as a recipient. Decrypting
worked (as expected).
I then copied the rc.conf.gpg from that machine to my laptop (which now
has security/gnupg installed) and attempted the decryption -- and it
worked.
Given that, I thought that perhaps the (re-)installation of mail/mutt
had been what got things working again; I was thus quite surprised when
(about 3.5 hrs. later) I got in to work and had need to decrypt a
message on my laptop, and it -- again -- failed as described above.
As a reality check, I then re-tried the decryption of rc.conf.gpg (from
above); that worked.
After a couple quick shakes of my head to help ensure that I wasn't
hallucinating, I tried reading an encrypted email message (on the
laptop) again... and this time, it worked.
In fact, going back to the first "mutt" invocation that failed at work,
merely requesting to read a message Just Worked -- my passphrase was not
requested (as I had entered it less than 2 hours earlier).
This leaves me wondering if all of the above means that before
attempting to decrypt an encrypted email message via mutt, one is
supposed to (first) use bare gpg to decrypt a file -- but that seems
ridiculous to thye point of hostility....
Does anyone have insights, clues, or pointers to same to share?
Thanks!
Peace,
david
--=20
David H. Wolfskill david@catwhisker.org
If you want the best Fake News, go to the best source of it: Donald J. Trum=
p.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
--r8KQfZmTpEqOZYSi
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQF8BAEBCgBmBQJaS81gXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDQ0I3Q0VGOTE3QTgwMUY0MzA2NEQ3N0Ix
NTM5Q0M0MEEwNDlFRTE3AAoJEBU5zECgSe4X+qEIALuJWL+RxTTf5elQBKGUTd8I
c/lIUyUyPOhYFq4emzqgIFAOAGfctCwzApiSWmgUipbppNTGo3RO7rZILGw9TLKr
ylvoc3/nRSGdHUCDZm4ON/4qfkbKCVtHmqmp/rgMvy48LMI981L+D377T8M3ak9c
KyCBeCaCiYyAUg4lZB4RMax2+IpIHs57DGYuYWgqY9ruRfvlbhIhcEjQWWuPB7qe
FfdRUQ38VYxfxUQJ1dK/1w6WjO/NvOjpEnMaFw+y8o/8R1p9WsoKZhiAcAwfltkf
hXyhd7lcbFlZajvBQEX9ifMUHIBOPgVEQzyQKUnqRq3RZgmfm0h5kkJoNwji+e4=
=gE1s
-----END PGP SIGNATURE-----
--r8KQfZmTpEqOZYSi--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180102182016.GG1258>