From unknown Sun Jun 22 17:18:20 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#65316: 29.1.50; EPA can falsely report "wrong passphrase" when decryption fails
Resent-From: Jens Schmidt <jschmidt4gnu@vodafonemail.de>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 15 Aug 2023 19:08:01 +0000
Resent-Message-ID: <handler.65316.B.16921264353295@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 65316
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
To: 65316@debbugs.gnu.org
X-Debbugs-Original-To: bug-gnu-emacs@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.16921264353295
          (code B ref -1); Tue, 15 Aug 2023 19:08:01 +0000
Received: (at submit) by debbugs.gnu.org; 15 Aug 2023 19:07:15 +0000
Received: from localhost ([127.0.0.1]:36639 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1qVzNr-0000r4-Bz
	for submit@debbugs.gnu.org; Tue, 15 Aug 2023 15:07:15 -0400
Received: from lists.gnu.org ([2001:470:142::17]:33264)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jschmidt4gnu@vodafonemail.de>) id 1qVzNm-0000qj-TV
 for submit@debbugs.gnu.org; Tue, 15 Aug 2023 15:07:13 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jschmidt4gnu@vodafonemail.de>)
 id 1qVzNg-0005t1-SV
 for bug-gnu-emacs@gnu.org; Tue, 15 Aug 2023 15:07:05 -0400
Received: from mr5.vodafonemail.de ([145.253.228.165])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jschmidt4gnu@vodafonemail.de>)
 id 1qVzNd-00075V-Gm
 for bug-gnu-emacs@gnu.org; Tue, 15 Aug 2023 15:07:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vodafonemail.de;
 s=vfde-mb-mr2-21dec; t=1692126418;
 bh=5E8YvpoDNqDN2zG56gIRy/AXqxYq4JO5cJlJWxp7Kws=;
 h=Message-ID:Date:User-Agent:Content-Language:From:To:Subject:
 Content-Type:From;
 b=qB0UQOZOkdtTuyaKNBedKUJXneFygQF8gviVSvcCEWqvQF97Eg1jg22nGYCXg7SYm
 FfPhdOkrjnDb3692wH/KDcuJW3pWGxTSmVpaKuiO+g017D1WQwYgwwmiJDJHl1Vtrw
 HRmZaYBTBkuKQEEDeM85Iv+fwE0c/UFuH9RwUzAw=
Received: from smtp.vodafone.de (unknown [10.0.0.2])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by mr5.vodafonemail.de (Postfix) with ESMTPS id 4RQLNf5Bxlz1yJt
 for <bug-gnu-emacs@gnu.org>; Tue, 15 Aug 2023 19:06:58 +0000 (UTC)
Received: from [192.168.178.41] (port-92-194-165-132.dynamic.as20676.net
 [92.194.165.132])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp.vodafone.de (Postfix) with ESMTPSA id 4RQLNZ2dnsz9sZn
 for <bug-gnu-emacs@gnu.org>; Tue, 15 Aug 2023 19:06:51 +0000 (UTC)
Message-ID: <93e0d9de-a1ef-2118-d757-327b76eaeff5@vodafonemail.de>
Date: Tue, 15 Aug 2023 21:06:35 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.14.0
Content-Language: de-DE-frami, en-US
From: Jens Schmidt <jschmidt4gnu@vodafonemail.de>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-purgate-type: clean
X-purgate: clean
X-purgate-size: 1044
X-purgate-ID: 155817::1692126414-CAFDC912-2ACD86CB/0/0
Received-SPF: pass client-ip=145.253.228.165;
 envelope-from=jschmidt4gnu@vodafonemail.de; helo=mr5.vodafonemail.de
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Placeholder to draw a bug number ... details and patch to follow.

--------------------------------------------------

In GNU Emacs 29.1.50 (build 6, x86_64-pc-linux-gnu, GTK+ Version
 3.24.24, cairo version 1.16.0) of 2023-08-15 built on sappc2
Repository revision: 26949819df07cb36ed773cc9df6ca91f5f49e3d5
Repository branch: false-positives-from-epa--wrong-password-p
Windowing system distributor 'The X.Org Foundation', version 11.0.12011000
System Description: Debian GNU/Linux 11 (bullseye)

Configured using:
 'configure -C --with-native-compilation'

Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES
NATIVE_COMP NOTIFY INOTIFY PDUMPER PNG RSVG SECCOMP SOUND THREADS TIFF
TOOLKIT_SCROLL_BARS X11 XDBE XIM XINPUT2 XPM GTK3 ZLIB

Important settings:
  value of $LC_COLLATE: POSIX
  value of $LC_TIME: POSIX
  value of $LANG: en_US.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix




From unknown Sun Jun 22 17:18:20 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#65316: 29.1.50; EPA can falsely report "wrong passphrase" when decryption fails
References: <93e0d9de-a1ef-2118-d757-327b76eaeff5@vodafonemail.de>
In-Reply-To: <93e0d9de-a1ef-2118-d757-327b76eaeff5@vodafonemail.de>
Resent-From: Jens Schmidt <jschmidt4gnu@vodafonemail.de>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 15 Aug 2023 19:50:04 +0000
Resent-Message-ID: <handler.65316.B65316.16921289657525@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 65316
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
To: 65316@debbugs.gnu.org
Received: via spool by 65316-submit@debbugs.gnu.org id=B65316.16921289657525
          (code B ref 65316); Tue, 15 Aug 2023 19:50:04 +0000
Received: (at 65316) by debbugs.gnu.org; 15 Aug 2023 19:49:25 +0000
Received: from localhost ([127.0.0.1]:36692 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1qW02e-0001xJ-SX
	for submit@debbugs.gnu.org; Tue, 15 Aug 2023 15:49:25 -0400
Received: from mr3.vodafonemail.de ([145.253.228.163]:33600)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jschmidt4gnu@vodafonemail.de>) id 1qW02c-0001x4-8v
 for 65316@debbugs.gnu.org; Tue, 15 Aug 2023 15:49:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vodafonemail.de;
 s=vfde-mb-mr2-21dec; t=1692128955;
 bh=xQDkSRSzUEobertY2I+T4gr8pD8Jg1zmG6LatcQ4YCs=;
 h=Content-Type:Message-ID:Date:User-Agent:Content-Language:From:To:
 Subject:From;
 b=An9Gji+CgEZvYbXXwPHHdPEIueXGHLN1q7Emp8vkz3VD+5e/MHqBRd0WqQYs+s9Q6
 M0RlxTFP5D1YQBce5SXFjZqWgmZJ27lk6CgmUudcr848qFK7IkoF6uB1rJMvJhGw6F
 IHHCXgNaxhaxYYcMVuiD1f5dmRQzunl1gv+4d7og=
Received: from smtp.vodafone.de (unknown [10.0.0.2])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by mr3.vodafonemail.de (Postfix) with ESMTPS id 4RQMKR62Xlz207n
 for <65316@debbugs.gnu.org>; Tue, 15 Aug 2023 19:49:15 +0000 (UTC)
Received: from [192.168.178.41] (port-92-194-165-132.dynamic.as20676.net
 [92.194.165.132])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp.vodafone.de (Postfix) with ESMTPSA id 4RQMKM3pFpzHnfq
 for <65316@debbugs.gnu.org>; Tue, 15 Aug 2023 19:49:08 +0000 (UTC)
Content-Type: multipart/mixed; boundary="------------3zl0gtnmi5eNxyGNBU6Bt8CB"
Message-ID: <489cfb4b-81c3-070b-72d9-800f0830ea6f@vodafonemail.de>
Date: Tue, 15 Aug 2023 21:49:07 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.14.0
Content-Language: de-DE-frami, en-US
From: Jens Schmidt <jschmidt4gnu@vodafonemail.de>
X-purgate-type: clean
X-purgate: clean
X-purgate-size: 5742
X-purgate-ID: 155817::1692128951-D37F3487-77E1B494/0/0
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

This is a multi-part message in MIME format.
--------------3zl0gtnmi5eNxyGNBU6Bt8CB
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Package: epa.el
Tags: patch

Repro Case:

# prepare a public-key-encrypted file test.gpg in cwd

# make pinentry executable non-executable
sudo chmod a-x /usr/bin/pinentry

emacs -Q

C-x C-f test.gpg RET

=> Wrong passphrase: No secret key

Where Emacs 27 would report in a separate *Error* buffer:

----------------------------------------
Error while decrypting with "/usr/bin/gpg":

gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
      "test-key"
gpg: public key decryption failed: No pinentry
gpg: decryption failed: No secret key
----------------------------------------

The root cause is in function `epa--wrong-password-p', defined as
follows:

----------------------------------------
(defun epa--wrong-password-p (context)
  (let ((error-string (epg-context-error-output context)))
    (and (string-match
          "decryption failed: \\(Bad session key\\|No secret key\\)"
          error-string)
         (match-string 1 error-string))))
----------------------------------------

It should not search for "No secret key" but rather for "Bad
passphrase".  "No secret key" just means that there is no secret key
available to decrypt the file, "Bad passphrase" means that no secret
keys can be used because of a wrong passphrase.

I collected a couple of non-bad-passphrase error messages from GnuPG
decryption failures, all done with:

  [emacs-29]$ gpg --version
  gpg (GnuPG) 2.2.27
  libgcrypt 1.8.8

----------------------------------------
# public key, chmod a-x /usr/bin/pinentry
gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
      "test-key"
gpg: public key decryption failed: No pinentry
gpg: decryption failed: No secret key

# symmetric, chmod a-x /usr/bin/pinentry
gpg: AES256.CFB encrypted data
gpg: problem with the agent: No pinentry
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key

# public key, 0744 empty GnuPG home directory
gpg: WARNING: unsafe permissions on homedir '/home/jschmidt/work/emacs-29/xxx'
gpg: encrypted with RSA key, ID D0EB77D91C0802D6
gpg: decryption failed: No secret key

# public key, 0400 empty GnuPG home directory
gpg: failed to create temporary file '/home/jschmidt/work/emacs-29/xxx/.#lk0x00005571263a1230.sappc2.4974': Permission denied
gpg: keyblock resource '/home/jschmidt/work/emacs-29/xxx/pubring.kbx': Permission denied
gpg: encrypted with RSA key, ID D0EB77D91C0802D6
gpg: decryption failed: No secret key

# public key, 0700 empty GnuPG home directory
gpg: encrypted with RSA key, ID D0EB77D91C0802D6
gpg: decryption failed: No secret key
----------------------------------------

And here the real bad-passphrase messages:

----------------------------------------
# symmetric, bad passphrase entered
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

# public key, bad passphrase entered
gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
      "test-key"
gpg: public key decryption failed: Bad passphrase
gpg: decryption failed: No secret key
----------------------------------------

Patch attached.
--------------3zl0gtnmi5eNxyGNBU6Bt8CB
Content-Type: text/x-patch; charset=UTF-8;
 name="0001-Avoid-false-wrong-passphrase-messages-in-EPA.patch"
Content-Disposition: attachment;
 filename="0001-Avoid-false-wrong-passphrase-messages-in-EPA.patch"
Content-Transfer-Encoding: base64

RnJvbSAxN2Y0ZThhODg4NTM0ZmZjNzgzYjNhNjA4ODIyOWQ0MzU1YWZkZTMwIE1vbiBTZXAg
MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKZW5zIFNjaG1pZHQgPGpzY2htaWR0NGdudUB2b2Rh
Zm9uZW1haWwuZGU+CkRhdGU6IFR1ZSwgMTUgQXVnIDIwMjMgMjE6Mzc6MDggKzAyMDAKU3Vi
amVjdDogW1BBVENIXSBBdm9pZCBmYWxzZSAid3JvbmcgcGFzc3BocmFzZSIgbWVzc2FnZXMg
aW4gRVBBCgoqIGxpc3AvZXBhLWZpbGUuZWwgKGVwYS0td3JvbmctcGFzc3dvcmQtcCk6IFVz
ZSBhIHN0cmljdGVyIHJlZ2V4cCB0bwptYXRjaCAid3JvbmcgcGFzc3BocmFzZSIgZXJyb3Jz
IGdlbmVyYXRlZCBieSBHbnVQRy4gIChCdWcjNjUzMTYpCi0tLQogbGlzcC9lcGEtZmlsZS5l
bCB8IDkgKysrKysrKystCiAxIGZpbGUgY2hhbmdlZCwgOCBpbnNlcnRpb25zKCspLCAxIGRl
bGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvbGlzcC9lcGEtZmlsZS5lbCBiL2xpc3AvZXBhLWZp
bGUuZWwKaW5kZXggNGQ4Y2ExMWU4MDkuLmEyN2YyNDFjMGMzIDEwMDY0NAotLS0gYS9saXNw
L2VwYS1maWxlLmVsCisrKyBiL2xpc3AvZXBhLWZpbGUuZWwKQEAgLTEyMyw5ICsxMjMsMTYg
QEAgZXBhLWZpbGUtLWZpbmQtZmlsZS1ub3QtZm91bmQtZnVuY3Rpb24KIAkgICAgICAoY29u
cyAiT3BlbmluZyBpbnB1dCBmaWxlIiAoY2RyIGVycm9yKSkpKSkpCiAKIChkZWZ1biBlcGEt
LXdyb25nLXBhc3N3b3JkLXAgKGNvbnRleHQpCisgICJSZXR1cm4gd2hldGhlciBhIHdyb25n
IHBhc3N3b3JkIGNhdXNlZCB0aGUgZXJyb3IgaW4gQ09OVEVYVC4iCiAgIChsZXQgKChlcnJv
ci1zdHJpbmcgKGVwZy1jb250ZXh0LWVycm9yLW91dHB1dCBjb250ZXh0KSkpCisgICAgOzsg
VXNlIGEgc3RyaWN0IHJlZ2V4cCBoZXJlIHRoYXQgcmVhbGx5IG9ubHkgbWF0Y2hlcyAid3Jv
bmcKKyAgICA7OyBwYXNzcGhyYXNlIiBlcnJvcnMgdG8gYXZvaWQgaGlkaW5nIGRpYWdub3N0
aWMgaW5mb3JtYXRpb24KKyAgICA7OyAoYnVnIzY1MzE2KS4gIEJlbG93IHJlZ2V4cCBhbHNv
IGNhbiBmYWlsIHRvIG1hdGNoIG5vbi1FbmdsaXNoCisgICAgOzsgbWVzc2FnZXMsIHNpbmNl
IGF0IGxlYXN0IHRoZSAiZGVjcnlwdGlvbiBmYWlsZWQiIHBhcnQgb2YgaXQKKyAgICA7OyBz
ZWVtcyB0byBiZSBsb2NhbGl6ZWQuICBCdXQgc2luY2UgdGhpcyBtZWFucyBmYWxzZSBuZWdh
dGl2ZXMKKyAgICA7OyB0aGlzIGlzIHByb2JhYmx5IE9LLgogICAgIChhbmQgKHN0cmluZy1t
YXRjaAotICAgICAgICAgICJkZWNyeXB0aW9uIGZhaWxlZDogXFwoQmFkIHNlc3Npb24ga2V5
XFx8Tm8gc2VjcmV0IGtleVxcKSIKKyAgICAgICAgICAiZGVjcnlwdGlvbiBmYWlsZWQ6IFxc
KEJhZCBzZXNzaW9uIGtleVxcfEJhZCBwYXNzcGhyYXNlXFwpIgogICAgICAgICAgIGVycm9y
LXN0cmluZykKICAgICAgICAgIChtYXRjaC1zdHJpbmcgMSBlcnJvci1zdHJpbmcpKSkpCiAK
LS0gCjIuMzAuMgoK

--------------3zl0gtnmi5eNxyGNBU6Bt8CB--




From unknown Sun Jun 22 17:18:20 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: Jens Schmidt <jschmidt4gnu@vodafonemail.de>
Subject: bug#65316: closed (Re: bug#65316: 29.1.50; EPA can falsely report
 "wrong passphrase" when decryption fails)
Message-ID: <handler.65316.D65316.169225993725027.notifdone@debbugs.gnu.org>
References: <83y1ia5bq5.fsf@gnu.org>
 <93e0d9de-a1ef-2118-d757-327b76eaeff5@vodafonemail.de>
X-Gnu-PR-Message: they-closed 65316
X-Gnu-PR-Package: emacs
Reply-To: 65316@debbugs.gnu.org
Date: Thu, 17 Aug 2023 08:13:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1692259982-25086-1"

This is a multi-part message in MIME format...

------------=_1692259982-25086-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#65316: 29.1.50; EPA can falsely report "wrong passphrase" when decryption =
fails

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 65316@debbugs.gnu.org.

--=20
65316: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D65316
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1692259982-25086-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 65316-done) by debbugs.gnu.org; 17 Aug 2023 08:12:17 +0000
Received: from localhost ([127.0.0.1]:42724 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1qWY77-0006Vb-EH
	for submit@debbugs.gnu.org; Thu, 17 Aug 2023 04:12:17 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:59362)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1qWY75-0006VM-KY
 for 65316-done@debbugs.gnu.org; Thu, 17 Aug 2023 04:12:16 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1qWY70-0007hn-8R; Thu, 17 Aug 2023 04:12:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=b2dcOfFDb58Seqn8CoqdaraLLEtSU71ACttVZF6jQ+8=; b=cLydxH7qjhKH
 J7rLCywwxnWtkCcI/Uq2l5VruUsSo/o/ycqxMwLvIHhvDWgftjp6XwUlhZbaTWddEUeTLJTkL9lwT
 5eUqkG/iARMyyRlyVwned9BniMZtAnCeB9NWvBEUGxz2o60yJWxKV/5MwT53ndq0Sb//GmT5KTGWG
 J6tYWZRh/20LVN0tjAFaWdCTxV5ypImwPfpTnZ2FHCo34DXPm04EiF0ANonoNAA9p0poXt0wsU80P
 ACyiuMhOc2R0JhvsIPTGo1h9kdwvHlE5icotAWUgGmsI7FQIQQY2z0PZf38eKebVAOOxASJiYjthe
 I4ciJhJiCOw4XLNCtfWK4Q==;
Date: Thu, 17 Aug 2023 11:12:18 +0300
Message-Id: <83y1ia5bq5.fsf@gnu.org>
From: Eli Zaretskii <eliz@gnu.org>
To: Jens Schmidt <jschmidt4gnu@vodafonemail.de>
In-Reply-To: <489cfb4b-81c3-070b-72d9-800f0830ea6f@vodafonemail.de>
 (bug-gnu-emacs@gnu.org)
Subject: Re: bug#65316: 29.1.50;
 EPA can falsely report "wrong passphrase" when decryption fails
References: <93e0d9de-a1ef-2118-d757-327b76eaeff5@vodafonemail.de>
 <489cfb4b-81c3-070b-72d9-800f0830ea6f@vodafonemail.de>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 65316-done
Cc: 65316-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> Date: Tue, 15 Aug 2023 21:49:07 +0200
> From:  Jens Schmidt via "Bug reports for GNU Emacs,
>  the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
> 
> # prepare a public-key-encrypted file test.gpg in cwd
> 
> # make pinentry executable non-executable
> sudo chmod a-x /usr/bin/pinentry
> 
> emacs -Q
> 
> C-x C-f test.gpg RET
> 
> => Wrong passphrase: No secret key
> 
> Where Emacs 27 would report in a separate *Error* buffer:
> 
> ----------------------------------------
> Error while decrypting with "/usr/bin/gpg":
> 
> gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
>       "test-key"
> gpg: public key decryption failed: No pinentry
> gpg: decryption failed: No secret key
> ----------------------------------------
> 
> The root cause is in function `epa--wrong-password-p', defined as
> follows:
> 
> ----------------------------------------
> (defun epa--wrong-password-p (context)
>   (let ((error-string (epg-context-error-output context)))
>     (and (string-match
>           "decryption failed: \\(Bad session key\\|No secret key\\)"
>           error-string)
>          (match-string 1 error-string))))
> ----------------------------------------
> 
> It should not search for "No secret key" but rather for "Bad
> passphrase".  "No secret key" just means that there is no secret key
> available to decrypt the file, "Bad passphrase" means that no secret
> keys can be used because of a wrong passphrase.
> 
> I collected a couple of non-bad-passphrase error messages from GnuPG
> decryption failures, all done with:
> 
>   [emacs-29]$ gpg --version
>   gpg (GnuPG) 2.2.27
>   libgcrypt 1.8.8
> 
> ----------------------------------------
> # public key, chmod a-x /usr/bin/pinentry
> gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
>       "test-key"
> gpg: public key decryption failed: No pinentry
> gpg: decryption failed: No secret key
> 
> # symmetric, chmod a-x /usr/bin/pinentry
> gpg: AES256.CFB encrypted data
> gpg: problem with the agent: No pinentry
> gpg: encrypted with 1 passphrase
> gpg: decryption failed: No secret key
> 
> # public key, 0744 empty GnuPG home directory
> gpg: WARNING: unsafe permissions on homedir '/home/jschmidt/work/emacs-29/xxx'
> gpg: encrypted with RSA key, ID D0EB77D91C0802D6
> gpg: decryption failed: No secret key
> 
> # public key, 0400 empty GnuPG home directory
> gpg: failed to create temporary file '/home/jschmidt/work/emacs-29/xxx/.#lk0x00005571263a1230.sappc2.4974': Permission denied
> gpg: keyblock resource '/home/jschmidt/work/emacs-29/xxx/pubring.kbx': Permission denied
> gpg: encrypted with RSA key, ID D0EB77D91C0802D6
> gpg: decryption failed: No secret key
> 
> # public key, 0700 empty GnuPG home directory
> gpg: encrypted with RSA key, ID D0EB77D91C0802D6
> gpg: decryption failed: No secret key
> ----------------------------------------
> 
> And here the real bad-passphrase messages:
> 
> ----------------------------------------
> # symmetric, bad passphrase entered
> gpg: AES256.CFB encrypted data
> gpg: encrypted with 1 passphrase
> gpg: decryption failed: Bad session key
> 
> # public key, bad passphrase entered
> gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
>       "test-key"
> gpg: public key decryption failed: Bad passphrase
> gpg: decryption failed: No secret key
> ----------------------------------------
> 
> Patch attached.

Thanks, installed on the emacs-29 branch, and closing the bug.


------------=_1692259982-25086-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 15 Aug 2023 19:07:15 +0000
Received: from localhost ([127.0.0.1]:36639 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1qVzNr-0000r4-Bz
	for submit@debbugs.gnu.org; Tue, 15 Aug 2023 15:07:15 -0400
Received: from lists.gnu.org ([2001:470:142::17]:33264)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jschmidt4gnu@vodafonemail.de>) id 1qVzNm-0000qj-TV
 for submit@debbugs.gnu.org; Tue, 15 Aug 2023 15:07:13 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jschmidt4gnu@vodafonemail.de>)
 id 1qVzNg-0005t1-SV
 for bug-gnu-emacs@gnu.org; Tue, 15 Aug 2023 15:07:05 -0400
Received: from mr5.vodafonemail.de ([145.253.228.165])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jschmidt4gnu@vodafonemail.de>)
 id 1qVzNd-00075V-Gm
 for bug-gnu-emacs@gnu.org; Tue, 15 Aug 2023 15:07:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vodafonemail.de;
 s=vfde-mb-mr2-21dec; t=1692126418;
 bh=5E8YvpoDNqDN2zG56gIRy/AXqxYq4JO5cJlJWxp7Kws=;
 h=Message-ID:Date:User-Agent:Content-Language:From:To:Subject:
 Content-Type:From;
 b=qB0UQOZOkdtTuyaKNBedKUJXneFygQF8gviVSvcCEWqvQF97Eg1jg22nGYCXg7SYm
 FfPhdOkrjnDb3692wH/KDcuJW3pWGxTSmVpaKuiO+g017D1WQwYgwwmiJDJHl1Vtrw
 HRmZaYBTBkuKQEEDeM85Iv+fwE0c/UFuH9RwUzAw=
Received: from smtp.vodafone.de (unknown [10.0.0.2])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by mr5.vodafonemail.de (Postfix) with ESMTPS id 4RQLNf5Bxlz1yJt
 for <bug-gnu-emacs@gnu.org>; Tue, 15 Aug 2023 19:06:58 +0000 (UTC)
Received: from [192.168.178.41] (port-92-194-165-132.dynamic.as20676.net
 [92.194.165.132])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp.vodafone.de (Postfix) with ESMTPSA id 4RQLNZ2dnsz9sZn
 for <bug-gnu-emacs@gnu.org>; Tue, 15 Aug 2023 19:06:51 +0000 (UTC)
Message-ID: <93e0d9de-a1ef-2118-d757-327b76eaeff5@vodafonemail.de>
Date: Tue, 15 Aug 2023 21:06:35 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.14.0
Content-Language: de-DE-frami, en-US
From: Jens Schmidt <jschmidt4gnu@vodafonemail.de>
To: bug-gnu-emacs@gnu.org
Subject: 29.1.50; EPA can falsely report "wrong passphrase" when decryption
 fails
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-purgate-type: clean
X-purgate: clean
X-purgate-size: 1044
X-purgate-ID: 155817::1692126414-CAFDC912-2ACD86CB/0/0
Received-SPF: pass client-ip=145.253.228.165;
 envelope-from=jschmidt4gnu@vodafonemail.de; helo=mr5.vodafonemail.de
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Placeholder to draw a bug number ... details and patch to follow.

--------------------------------------------------

In GNU Emacs 29.1.50 (build 6, x86_64-pc-linux-gnu, GTK+ Version
 3.24.24, cairo version 1.16.0) of 2023-08-15 built on sappc2
Repository revision: 26949819df07cb36ed773cc9df6ca91f5f49e3d5
Repository branch: false-positives-from-epa--wrong-password-p
Windowing system distributor 'The X.Org Foundation', version 11.0.12011000
System Description: Debian GNU/Linux 11 (bullseye)

Configured using:
 'configure -C --with-native-compilation'

Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES
NATIVE_COMP NOTIFY INOTIFY PDUMPER PNG RSVG SECCOMP SOUND THREADS TIFF
TOOLKIT_SCROLL_BARS X11 XDBE XIM XINPUT2 XPM GTK3 ZLIB

Important settings:
  value of $LC_COLLATE: POSIX
  value of $LC_TIME: POSIX
  value of $LANG: en_US.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix



------------=_1692259982-25086-1--