Date: Wed, 7 Jan 2015 17:31:13 +0200 From: Konstantin Belousov <kostikbel@gmail.com> To: freebsd-ports@freebsd.org Subject: Re: gnupg-2.1 -> 2.1 appears to break decryption of saved messages Message-ID: <20150107153113.GM42409@kib.kiev.ua> In-Reply-To: <20150107151612.GE14822@albert.catwhisker.org> References: <20141120192552.GJ31571@albert.catwhisker.org> <20150107134934.GA75522@dohhoghi.mutt.home.crhalpin.org> <20150107151612.GE14822@albert.catwhisker.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 07, 2015 at 07:16:12AM -0800, David Wolfskill wrote: > On Wed, Jan 07, 2015 at 07:49:34AM -0600, Corey Halpin wrote: > > On 2014-11-20, David Wolfskill wrote: > > ... > > > Then, a few minutes ago, I tried to retrieve a password from one of my > > > saved encrypted messages... only to be informed "Could not copy > > > message". > > > > I also enjoyed some friction trying to use gnupg 2.1 with mutt, > > though I didn't get the "Could not copy message" error that you > > report. > > > > Instead I was seeing 'no secret key'. In my case, this was resolved > > by following the advice at > > https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase . > > Thank you for digging further & reporting. > > I tried your suggestion, but still see the same failure. > > I then ran "ktrace -di mutt ..." to see what was going on (after > replacing gnupg-2.0 with -2.1); that showed (after initialization): > > ... > 9268 gpg2 CALL write(0x2,0x28c20800,0x28) > 9268 gpg2 GIO fd 2 wrote 40 bytes > "gpg: keydb_search failed: Invalid packet" > 9268 gpg2 RET write 40/0x28 > 9268 gpg2 CALL write(0x2,0x80d54e4,0x1) > 9268 gpg2 GIO fd 2 wrote 1 byte > " > " > 9268 gpg2 RET write 1 > 9268 gpg2 CALL write(0x2,0x28c20800,0x32) > 9268 gpg2 GIO fd 2 wrote 50 bytes > "gpg: encrypted with RSA key, ID 0xC0395DCCCFC71941" > 9268 gpg2 RET write 50/0x32 > 9268 gpg2 CALL write(0x2,0x80d70d1,0x1) > 9268 gpg2 GIO fd 2 wrote 1 byte > " > " > 9268 gpg2 RET write 1 > 9268 gpg2 CALL write(0x2,0x28c20800,0x25) > 9268 gpg2 GIO fd 2 wrote 37 bytes > "gpg: decryption failed: No secret key" > 9268 gpg2 RET write 37/0x25 > 9268 gpg2 CALL write(0x2,0x80dc2ea,0x1) > 9268 gpg2 GIO fd 2 wrote 1 byte > " > " > 9268 gpg2 RET write 1 > 9268 gpg2 CALL read(0x6,0x28c33000,0x2000) > 9268 gpg2 GIO fd 6 read 0 bytes > .... > 9263 mutt RET fstat 0 > 9263 mutt CALL lseek(0x6,0,SEEK_SET,0) > 9263 mutt RET lseek 0 > 9263 mutt CALL read(0x6,0x28d29000,0x1000) > 9263 mutt GIO fd 6 read 130 bytes > "gpg: keydb_search failed: Invalid packet > gpg: encrypted with RSA key, ID 0xC0395DCCCFC71941 > gpg: decryption failed: No secret key > " > 9263 mutt RET read 130/0x82 > 9263 mutt CALL read(0x6,0x28d29000,0x1000) > 9263 mutt GIO fd 6 read 0 bytes > ... > 9263 mutt CALL write(0x1,0x28c40800,0x35) > 9263 mutt GIO fd 1 wrote 53 bytes > 0x0000 0d1b 5b33 316d 1b5b 3433 6d1b 5b31 6d44 |..[31m.[43m.[1mD| > 0x0010 6563 7279 7074 696f 6e20 6661 696c 6564 |ecryption failed| > 0x0020 1b5b 6d1b 5b33 393b 3439 6d1b 5b33 376d |.[m.[39;49m.[37m| > 0x0030 1b5b 3430 6d |.[40m| > > 9263 mutt RET write 53/0x35 > 9263 mutt CALL write(0x1,0x28c40800,0x1) > 9263 mutt GIO fd 1 wrote 1 byte > 0x0000 07 |.| > > 9263 mutt RET write 1 > 9263 mutt CALL write(0x1,0x28c40800,0x41) > 9263 mutt GIO fd 1 wrote 65 bytes > 0x0000 0d1b 5b33 316d 1b5b 3433 6d1b 5b31 6d43 |..[31m.[43m.[1mC| > 0x0010 6f75 6c64 206e 6f74 2064 6563 7279 7074 |ould not decrypt| > 0x0020 2050 4750 206d 6573 7361 6765 1b5b 6d1b | PGP message.[m.| > 0x0030 5b33 393b 3439 6d1b 5b33 376d 1b5b 3430 |[39;49m.[37m.[40| > 0x0040 6d |m| > > 9263 mutt RET write 65/0x41 > 9263 mutt CALL close(0x5) > .... > > > Namely: > > echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf > > FWIW, I hadn't had a ~/.gnupg/gpg-agent.conf before doinbg that. > > > and editing my copy of mutt's gpg.rc to add '--pinentry-mode > > loopback' to every gpg invocation involving a passphrase-fd. > > > > After that, things were back to normal for me. > > ... > > Unfortunately, that wasn't my experience. I'll revert back to gnupg-2.0 > for now. Invalid packet is a reaction to some 'invalid' key in some ring. I used approximately the following procedure, for which I am unable to find a reference right now. mv .gnupg .gnupg-bad mkdir .gnupg mv .gnupg-bad/gpg.conf .gnupg/ gpg --import .gnupg-bad/secring.gpg gpg --import .gnupg-bad/pubring.gpg cp .gnupd/bad/trustdb.gpg .gnupg/ It was rather stressfull half of a hour while I thought that my private keys are destroyed.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150107153113.GM42409>