GNU bug report logs -
#65316
29.1.50; EPA can falsely report "wrong passphrase" when decryption fails
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Thu, 17 Aug 2023 11:12:18 +0300
with message-id <83y1ia5bq5.fsf <at> gnu.org>
and subject line Re: bug#65316: 29.1.50; EPA can falsely report "wrong passphrase" when decryption fails
has caused the debbugs.gnu.org bug report #65316,
regarding 29.1.50; EPA can falsely report "wrong passphrase" when decryption fails
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
65316: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=65316
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Placeholder to draw a bug number ... details and patch to follow.
--------------------------------------------------
In GNU Emacs 29.1.50 (build 6, x86_64-pc-linux-gnu, GTK+ Version
3.24.24, cairo version 1.16.0) of 2023-08-15 built on sappc2
Repository revision: 26949819df07cb36ed773cc9df6ca91f5f49e3d5
Repository branch: false-positives-from-epa--wrong-password-p
Windowing system distributor 'The X.Org Foundation', version 11.0.12011000
System Description: Debian GNU/Linux 11 (bullseye)
Configured using:
'configure -C --with-native-compilation'
Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES
NATIVE_COMP NOTIFY INOTIFY PDUMPER PNG RSVG SECCOMP SOUND THREADS TIFF
TOOLKIT_SCROLL_BARS X11 XDBE XIM XINPUT2 XPM GTK3 ZLIB
Important settings:
value of $LC_COLLATE: POSIX
value of $LC_TIME: POSIX
value of $LANG: en_US.UTF-8
value of $XMODIFIERS: @im=ibus
locale-coding-system: utf-8-unix
[Message part 3 (message/rfc822, inline)]
> Date: Tue, 15 Aug 2023 21:49:07 +0200
> From: Jens Schmidt via "Bug reports for GNU Emacs,
> the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org>
>
> # prepare a public-key-encrypted file test.gpg in cwd
>
> # make pinentry executable non-executable
> sudo chmod a-x /usr/bin/pinentry
>
> emacs -Q
>
> C-x C-f test.gpg RET
>
> => Wrong passphrase: No secret key
>
> Where Emacs 27 would report in a separate *Error* buffer:
>
> ----------------------------------------
> Error while decrypting with "/usr/bin/gpg":
>
> gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
> "test-key"
> gpg: public key decryption failed: No pinentry
> gpg: decryption failed: No secret key
> ----------------------------------------
>
> The root cause is in function `epa--wrong-password-p', defined as
> follows:
>
> ----------------------------------------
> (defun epa--wrong-password-p (context)
> (let ((error-string (epg-context-error-output context)))
> (and (string-match
> "decryption failed: \\(Bad session key\\|No secret key\\)"
> error-string)
> (match-string 1 error-string))))
> ----------------------------------------
>
> It should not search for "No secret key" but rather for "Bad
> passphrase". "No secret key" just means that there is no secret key
> available to decrypt the file, "Bad passphrase" means that no secret
> keys can be used because of a wrong passphrase.
>
> I collected a couple of non-bad-passphrase error messages from GnuPG
> decryption failures, all done with:
>
> [emacs-29]$ gpg --version
> gpg (GnuPG) 2.2.27
> libgcrypt 1.8.8
>
> ----------------------------------------
> # public key, chmod a-x /usr/bin/pinentry
> gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
> "test-key"
> gpg: public key decryption failed: No pinentry
> gpg: decryption failed: No secret key
>
> # symmetric, chmod a-x /usr/bin/pinentry
> gpg: AES256.CFB encrypted data
> gpg: problem with the agent: No pinentry
> gpg: encrypted with 1 passphrase
> gpg: decryption failed: No secret key
>
> # public key, 0744 empty GnuPG home directory
> gpg: WARNING: unsafe permissions on homedir '/home/jschmidt/work/emacs-29/xxx'
> gpg: encrypted with RSA key, ID D0EB77D91C0802D6
> gpg: decryption failed: No secret key
>
> # public key, 0400 empty GnuPG home directory
> gpg: failed to create temporary file '/home/jschmidt/work/emacs-29/xxx/.#lk0x00005571263a1230.sappc2.4974': Permission denied
> gpg: keyblock resource '/home/jschmidt/work/emacs-29/xxx/pubring.kbx': Permission denied
> gpg: encrypted with RSA key, ID D0EB77D91C0802D6
> gpg: decryption failed: No secret key
>
> # public key, 0700 empty GnuPG home directory
> gpg: encrypted with RSA key, ID D0EB77D91C0802D6
> gpg: decryption failed: No secret key
> ----------------------------------------
>
> And here the real bad-passphrase messages:
>
> ----------------------------------------
> # symmetric, bad passphrase entered
> gpg: AES256.CFB encrypted data
> gpg: encrypted with 1 passphrase
> gpg: decryption failed: Bad session key
>
> # public key, bad passphrase entered
> gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
> "test-key"
> gpg: public key decryption failed: Bad passphrase
> gpg: decryption failed: No secret key
> ----------------------------------------
>
> Patch attached.
Thanks, installed on the emacs-29 branch, and closing the bug.
This bug report was last modified 1 year and 282 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.