From owner-freebsd-ports@FreeBSD.ORG  Wed Jan  7 15:31:23 2015
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id B79FE21D
 for <freebsd-ports@freebsd.org>; Wed,  7 Jan 2015 15:31:23 +0000 (UTC)
Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5B1D813B1
 for <freebsd-ports@freebsd.org>; Wed,  7 Jan 2015 15:31:23 +0000 (UTC)
Received: from tom.home (kostik@localhost [127.0.0.1])
 by kib.kiev.ua (8.14.9/8.14.9) with ESMTP id t07FVDe7025553
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
 for <freebsd-ports@freebsd.org>; Wed, 7 Jan 2015 17:31:13 +0200 (EET)
 (envelope-from kostikbel@gmail.com)
DKIM-Filter: OpenDKIM Filter v2.9.2 kib.kiev.ua t07FVDe7025553
Received: (from kostik@localhost)
 by tom.home (8.14.9/8.14.9/Submit) id t07FVDwG025552
 for freebsd-ports@freebsd.org; Wed, 7 Jan 2015 17:31:13 +0200 (EET)
 (envelope-from kostikbel@gmail.com)
X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com
 using -f
Date: Wed, 7 Jan 2015 17:31:13 +0200
From: Konstantin Belousov <kostikbel@gmail.com>
To: freebsd-ports@freebsd.org
Subject: Re: gnupg-2.1 -> 2.1 appears to break decryption of saved messages
Message-ID: <20150107153113.GM42409@kib.kiev.ua>
References: <20141120192552.GJ31571@albert.catwhisker.org>
 <20150107134934.GA75522@dohhoghi.mutt.home.crhalpin.org>
 <20150107151612.GE14822@albert.catwhisker.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150107151612.GE14822@albert.catwhisker.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no
 autolearn_force=no version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on tom.home
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jan 2015 15:31:23 -0000

On Wed, Jan 07, 2015 at 07:16:12AM -0800, David Wolfskill wrote:
> On Wed, Jan 07, 2015 at 07:49:34AM -0600, Corey Halpin wrote:
> > On 2014-11-20, David Wolfskill wrote:
> > ...
> > > Then, a few minutes ago, I tried to retrieve a password from one of my
> > > saved encrypted messages... only to be informed "Could not copy
> > > message".
> > 
> >   I also enjoyed some friction trying to use gnupg 2.1 with mutt,
> > though I didn't get the "Could not copy message" error that you
> > report.
> > 
> >   Instead I was seeing 'no secret key'.  In my case, this was resolved
> > by following the advice at
> >   https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase .
> 
> Thank you for digging further & reporting.
> 
> I tried your suggestion, but still see the same failure.
> 
> I then ran "ktrace -di mutt ..." to see what was going on (after
> replacing gnupg-2.0 with -2.1); that showed (after initialization):
> 
> ...
>   9268 gpg2     CALL  write(0x2,0x28c20800,0x28)
>   9268 gpg2     GIO   fd 2 wrote 40 bytes
>        "gpg: keydb_search failed: Invalid packet"
>   9268 gpg2     RET   write 40/0x28
>   9268 gpg2     CALL  write(0x2,0x80d54e4,0x1)
>   9268 gpg2     GIO   fd 2 wrote 1 byte
>        "
>        "
>   9268 gpg2     RET   write 1
>   9268 gpg2     CALL  write(0x2,0x28c20800,0x32)
>   9268 gpg2     GIO   fd 2 wrote 50 bytes
>        "gpg: encrypted with RSA key, ID 0xC0395DCCCFC71941"
>   9268 gpg2     RET   write 50/0x32
>   9268 gpg2     CALL  write(0x2,0x80d70d1,0x1)
>   9268 gpg2     GIO   fd 2 wrote 1 byte
>        "
>        "
>   9268 gpg2     RET   write 1
>   9268 gpg2     CALL  write(0x2,0x28c20800,0x25)
>   9268 gpg2     GIO   fd 2 wrote 37 bytes
>        "gpg: decryption failed: No secret key"
>   9268 gpg2     RET   write 37/0x25
>   9268 gpg2     CALL  write(0x2,0x80dc2ea,0x1)
>   9268 gpg2     GIO   fd 2 wrote 1 byte
>        "
>        "
>   9268 gpg2     RET   write 1
>   9268 gpg2     CALL  read(0x6,0x28c33000,0x2000)
>   9268 gpg2     GIO   fd 6 read 0 bytes
> ....
>   9263 mutt     RET   fstat 0
>   9263 mutt     CALL  lseek(0x6,0,SEEK_SET,0)
>   9263 mutt     RET   lseek 0
>   9263 mutt     CALL  read(0x6,0x28d29000,0x1000)
>   9263 mutt     GIO   fd 6 read 130 bytes
>        "gpg: keydb_search failed: Invalid packet
>         gpg: encrypted with RSA key, ID 0xC0395DCCCFC71941
>         gpg: decryption failed: No secret key
>        "
>   9263 mutt     RET   read 130/0x82
>   9263 mutt     CALL  read(0x6,0x28d29000,0x1000)
>   9263 mutt     GIO   fd 6 read 0 bytes
> ...
>   9263 mutt     CALL  write(0x1,0x28c40800,0x35)
>   9263 mutt     GIO   fd 1 wrote 53 bytes
>        0x0000 0d1b 5b33 316d 1b5b 3433 6d1b 5b31 6d44  |..[31m.[43m.[1mD|
>        0x0010 6563 7279 7074 696f 6e20 6661 696c 6564  |ecryption failed|
>        0x0020 1b5b 6d1b 5b33 393b 3439 6d1b 5b33 376d  |.[m.[39;49m.[37m|
>        0x0030 1b5b 3430 6d                             |.[40m|
> 
>   9263 mutt     RET   write 53/0x35
>   9263 mutt     CALL  write(0x1,0x28c40800,0x1)
>   9263 mutt     GIO   fd 1 wrote 1 byte
>        0x0000 07                                       |.|
> 
>   9263 mutt     RET   write 1
>   9263 mutt     CALL  write(0x1,0x28c40800,0x41)
>   9263 mutt     GIO   fd 1 wrote 65 bytes
>        0x0000 0d1b 5b33 316d 1b5b 3433 6d1b 5b31 6d43  |..[31m.[43m.[1mC|
>        0x0010 6f75 6c64 206e 6f74 2064 6563 7279 7074  |ould not decrypt|
>        0x0020 2050 4750 206d 6573 7361 6765 1b5b 6d1b  | PGP message.[m.|
>        0x0030 5b33 393b 3439 6d1b 5b33 376d 1b5b 3430  |[39;49m.[37m.[40|
>        0x0040 6d                                       |m|
> 
>   9263 mutt     RET   write 65/0x41
>   9263 mutt     CALL  close(0x5)
> ....
> 
> >   Namely:
> >   echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf
> 
> FWIW, I hadn't had a ~/.gnupg/gpg-agent.conf before doinbg that.
> 
> >   and editing my copy of mutt's gpg.rc to add '--pinentry-mode
> > loopback' to every gpg invocation involving a passphrase-fd.
> > 
> >   After that, things were back to normal for me.
> > ...
> 
> Unfortunately, that wasn't my experience.  I'll revert back to gnupg-2.0
> for now.

Invalid packet is a reaction to some 'invalid' key in some ring.
I used approximately the following procedure, for which I am unable
to find a reference right now.

mv .gnupg .gnupg-bad
mkdir .gnupg
mv .gnupg-bad/gpg.conf .gnupg/
gpg --import .gnupg-bad/secring.gpg
gpg --import .gnupg-bad/pubring.gpg
cp .gnupd/bad/trustdb.gpg .gnupg/

It was rather stressfull half of a hour while I thought that my private
keys are destroyed.