Bug 294064

Summary: can't decrypt files with gpg
Product: [openSUSE] openSUSE 10.3 Reporter: Peter Poeml <poeml>
Component: SecurityAssignee: Lukas Tinkl <ltinkl>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Minor    
Priority: P5 - None CC: coolo, nadvornik, security-team
Version: Alpha 6   
Target Milestone: ---   
Hardware: PowerPC   
OS: Other   
Whiteboard:
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Peter Poeml 2007-07-24 06:30:36 UTC 
After updating to 10.3 Alpha 6, decrypting files with gpg seems no longer possible.
gpg doesn't ask for a passphrase. It claims "cancelled by user" which is not true.


peter@cherry ~ % gpg -d test.gpg            

You need a passphrase to unlock the secret key for
user: "Peter Poeml (local user peter) <poeml@suse.de>"
2048-bit ELG key, ID 10D6F12C, created 2001-09-09 (main key ID 7CBDF837)

gpg: cancelled by user
gpg: encrypted with 2048-bit ELG key, ID 10D6F12C, created 2001-09-09
      "Peter Poeml (local user peter) <poeml@suse.de>"
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key
[4]    24298 exit 2     gpg -d test.gpg



This is with a running gpg-agent.

Without running gpg-agent, it doesn't work either:


peter@cherry ~ % gpg -d test.gpg

You need a passphrase to unlock the secret key for
user: "Peter Poeml (local user peter) <poeml@suse.de>"
2048-bit ELG key, ID 10D6F12C, created 2001-09-09 (main key ID 7CBDF837)

can?t lock memory: Cannot allocate memory
Warning: using insecure memory!
gpg-agent[24346]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: encrypted with 2048-bit ELG key, ID 10D6F12C, created 2001-09-09
      "Peter Poeml (local user peter) <poeml@suse.de>"
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key
[4]    24345 exit 2     gpg -d test.gpg



The tools to create a fresh configuration or modify an existing one (according to the info page) don't work either:


peter@cherry ~ % /usr/sbin/applygnupgdefaults
applygnupgdefaults: global configuration file `/etc/gnupg/gpgconf.conf' does not exist
[4]    24307 exit 1     /usr/sbin/applygnupgdefaults
peter@cherry ~ % addgnupghome peter
addgnupghome: skeleton directory `/etc/skel/.gnupg' does not exist
[4]    24325 exit 1     addgnupghome peter



According to the info page, this tool should be able to cache a passphrase, but it doesn't seem to work:


peter@cherry ~ % /usr/lib/gpg-preset-passphrase --preset poeml
asdf
gpg-preset-passphrase: problem with the agent
gpg-preset-passphrase: caching passphrase failed: Invalid response
[4]    24315 exit 2     /usr/lib/gpg-preset-passphrase --preset poeml
Comment 1 Ludwig Nussel 2007-07-24 06:46:37 UTC 
reassigning to maintainer
Comment 2 Peter Poeml 2007-08-14 13:32:18 UTC 
Did you already look into this, Lukas?

I need some vacation. I'd like to be able to access hrworks again...
Comment 3 Lukas Tinkl 2007-08-14 13:53:23 UTC 
I did but I'm unable to reproduce it...
Comment 4 Peter Poeml 2007-08-14 14:00:48 UTC 
Which part?
Comment 5 Lukas Tinkl 2007-08-14 14:25:16 UTC 
The file decryption part
Comment 6 Vladimir Nadvornik 2007-08-24 11:15:10 UTC 
Peter, can you please try it again with strace -f and attach here the output?
Preferably on beta2.
Comment 7 Lukas Tinkl 2007-08-31 14:37:14 UTC 
http://download.opensuse.org/repositories/home:/ltinkl/openSUSE_Factory/ contains newest version of gpg2, can you please try out out to see if it fixes your problem? TIA
Comment 8 Stephan Kulow 2007-09-08 07:15:03 UTC 
Peter?
Comment 9 Peter Poeml 2007-09-10 08:15:08 UTC 
Unfortunately, I had no opportunity to update the machine to something
later than Alpha 6 yet.
Comment 10 Vladimir Nadvornik 2007-09-10 09:46:59 UTC 
Peter, could you try at least strace? See comment 6.
Comment 11 Peter Poeml 2007-09-10 10:34:11 UTC 
I took a short look and I have good news. It seems I already update the
machine to Beta1, according to /etc/SuSE-release, and it turns out that
decryption now works.
"gpg -d foo.gpg" now results in transparently starting gpg-agent which
in turn spawns pinentry-curses, and after entering the passphrase the
decrypted file is output.

Thus, it seems as if the bug is fixed since Beta1.

It seems I can't use gpg anymore from vim like
  autocmd BufReadPost,FileReadPost      *.gpg '[,']!gpg -d 2> /dev/null
pinentry-curses is spawned here too, but it doesn't grab the pty as
it seems. This worked with the previous gpg.

I wonder if there is a way which allows using gpg like this again. 
Not sure if this a gpg bug. Feel free to close.
Comment 12 Lukas Tinkl 2007-09-10 11:59:14 UTC 
I assume then this bug is dupe of #302323 which will be resolved shortly

*** This bug has been marked as a duplicate of bug 302323 ***