bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#65316: 29.1.50; EPA can falsely report "wrong passphrase" when decry

From: Eli Zaretskii
Subject: bug#65316: 29.1.50; EPA can falsely report "wrong passphrase" when decryption fails
Date: Thu, 17 Aug 2023 11:12:18 +0300 
> Date: Tue, 15 Aug 2023 21:49:07 +0200
> From:  Jens Schmidt via "Bug reports for GNU Emacs,
>  the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
> 
> # prepare a public-key-encrypted file test.gpg in cwd
> 
> # make pinentry executable non-executable
> sudo chmod a-x /usr/bin/pinentry
> 
> emacs -Q
> 
> C-x C-f test.gpg RET
> 
> => Wrong passphrase: No secret key
> 
> Where Emacs 27 would report in a separate *Error* buffer:
> 
> ----------------------------------------
> Error while decrypting with "/usr/bin/gpg":
> 
> gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
>       "test-key"
> gpg: public key decryption failed: No pinentry
> gpg: decryption failed: No secret key
> ----------------------------------------
> 
> The root cause is in function `epa--wrong-password-p', defined as
> follows:
> 
> ----------------------------------------
> (defun epa--wrong-password-p (context)
>   (let ((error-string (epg-context-error-output context)))
>     (and (string-match
>           "decryption failed: \\(Bad session key\\|No secret key\\)"
>           error-string)
>          (match-string 1 error-string))))
> ----------------------------------------
> 
> It should not search for "No secret key" but rather for "Bad
> passphrase".  "No secret key" just means that there is no secret key
> available to decrypt the file, "Bad passphrase" means that no secret
> keys can be used because of a wrong passphrase.
> 
> I collected a couple of non-bad-passphrase error messages from GnuPG
> decryption failures, all done with:
> 
>   [emacs-29]$ gpg --version
>   gpg (GnuPG) 2.2.27
>   libgcrypt 1.8.8
> 
> ----------------------------------------
> # public key, chmod a-x /usr/bin/pinentry
> gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
>       "test-key"
> gpg: public key decryption failed: No pinentry
> gpg: decryption failed: No secret key
> 
> # symmetric, chmod a-x /usr/bin/pinentry
> gpg: AES256.CFB encrypted data
> gpg: problem with the agent: No pinentry
> gpg: encrypted with 1 passphrase
> gpg: decryption failed: No secret key
> 
> # public key, 0744 empty GnuPG home directory
> gpg: WARNING: unsafe permissions on homedir '/home/jschmidt/work/emacs-29/xxx'
> gpg: encrypted with RSA key, ID D0EB77D91C0802D6
> gpg: decryption failed: No secret key
> 
> # public key, 0400 empty GnuPG home directory
> gpg: failed to create temporary file 
> '/home/jschmidt/work/emacs-29/xxx/.#lk0x00005571263a1230.sappc2.4974': 
> Permission denied
> gpg: keyblock resource '/home/jschmidt/work/emacs-29/xxx/pubring.kbx': 
> Permission denied
> gpg: encrypted with RSA key, ID D0EB77D91C0802D6
> gpg: decryption failed: No secret key
> 
> # public key, 0700 empty GnuPG home directory
> gpg: encrypted with RSA key, ID D0EB77D91C0802D6
> gpg: decryption failed: No secret key
> ----------------------------------------
> 
> And here the real bad-passphrase messages:
> 
> ----------------------------------------
> # symmetric, bad passphrase entered
> gpg: AES256.CFB encrypted data
> gpg: encrypted with 1 passphrase
> gpg: decryption failed: Bad session key
> 
> # public key, bad passphrase entered
> gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
>       "test-key"
> gpg: public key decryption failed: Bad passphrase
> gpg: decryption failed: No secret key
> ----------------------------------------
> 
> Patch attached.

Thanks, installed on the emacs-29 branch, and closing the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]