bug#22941: 25.1.50; epa-list-secret-keys does not find gpg private keys

bug#22941: 25.1.50; epa-list-secret-keys does not find gpg private keys

[Iñigo Serna]

Since a couple of months ago emacs 25.0.x (last tested as 2016/03/08
from git master) can't open encrypted files (using symmetric keys), as
epa can't find secret keys from gpg.

This is the error message I get:
"""
Error while decrypting with "gpg":

gpg: encrypted with 2048-bit RSA key, ID C0ED9C8489B28C43, created 2016-01-12
      "Iñigo Serna (XXX.YY) <inigo@XXX.YY>"
gpg: decryption failed: No secret key
"""

I use gpg (not gpg2) so I added '(setq epg-gpg-program "gpg")' to my
configuration as new epa defaults to gpg2 when I've run "emacs -Q -nw".

`epa-list-secret-keys` does not find any keys.

This same configuration works ok with 24.5.1 (from Fedora 23 x86_64), and
even `epa-list-secret-keys` shows the private keys correctly.

#########################################################################

This bug report will be sent to the Bug-GNU-Emacs mailing list
and the GNU bug tracker at debbugs.gnu.org.  Please check that
the From: line contains a valid email address.  After a delay of up
to one day, you should receive an acknowledgment at that address.

Please write in English if possible, as the Emacs maintainers
usually do not have translators for other languages.

Please describe exactly what actions triggered the bug, and
the precise symptoms of the bug.  If you can, give a recipe
starting from 'emacs -Q':

[SEE ABOVE]

If Emacs crashed, and you have the Emacs process in the gdb debugger,
please include the output from the following gdb commands:
    'bt full' and 'xbacktrace'.
For information about debugging Emacs, please read the file
/opt/emacs/share/emacs/25.1.50/etc/DEBUG.


In GNU Emacs 25.1.50.1 (x86_64-unknown-linux-gnu, GTK+ Version 3.18.7)
 of 2016-03-08 built on inigo.katxi.org
Repository revision: 80864c2a04597d31ba453c9af69d35b15c4e1e24
System Description:     Fedora release 23 (Twenty Three)

Configured using:
 'configure --prefix=/usr/ --libdir=/usr/lib64 --sysconfdir=/etc
 --disable-static --prefix=/opt/emacs --with-xwidgets
 --with-x-toolkit=gtk3 CFLAGS=-Os'

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GSETTINGS NOTIFY
ACL LIBSELINUX GNUTLS LIBXML2 FREETYPE XFT ZLIB TOOLKIT_SCROLL_BARS GTK3
X11 XWIDGETS

Important settings:
  value of $LANG: en_GB.utf8
  value of $XMODIFIERS: @im=none
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent messages:
"gpg"
Decrypting /home/inigo/personal/agenda/other.org.gpg...done
epa-file--find-file-not-found-function: Opening input file: Decryption failed, No secret key: C0ED9C8489B28C43
"gpg"

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message dired dired-loaddefs format-spec
rfc822 mml easymenu mml-sec password-cache gnus-util rmail
rmail-loaddefs mm-decode mm-bodies mm-encode mail-parse rfc2231
mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums
mm-util mail-prsvr mail-utils epa-file epa derived epg epg-config
term/xterm xterm time-date mule-util tooltip eldoc electric uniquify
ediff-hook vc-hooks lisp-float-type mwheel term/x-win x-win
term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list newcomment elisp-mode lisp-mode prog-mode register page
menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock
syntax facemenu font-core term/tty-colors frame cl-generic cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese charscript case-table epa-hook
jka-cmpr-hook help simple abbrev obarray minibuffer cl-preloaded nadvice
loaddefs button faces cus-face macroexp files text-properties overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote dbusbind inotify dynamic-setting
system-font-setting font-render-setting xwidget-internal move-toolbar
gtk x-toolkit x multi-tty make-network-process emacs)

Memory information:
((conses 16 91217 6511)
 (symbols 48 19819 0)
 (miscs 40 52 107)
 (strings 32 14550 4887)
 (string-bytes 1 415390)
 (vectors 16 9702)
 (vector-slots 8 371442 10588)
 (floats 8 171 795)
 (intervals 56 222 14)
 (buffers 976 13)
 (heap 1024 34449 1624))

bug#22941: 25.1.50; epa-list-secret-keys does not find gpg private keys

[Daiki Ueno]

tag 22941 notabug
close 22941
stop

Iñigo Serna <inigoserna@gmail.com> writes:

> Since a couple of months ago emacs 25.0.x (last tested as 2016/03/08
> from git master) can't open encrypted files (using symmetric keys), as
> epa can't find secret keys from gpg.
>
> This is the error message I get:
> """
> Error while decrypting with "gpg":
>
> gpg: encrypted with 2048-bit RSA key, ID C0ED9C8489B28C43, created 2016-01-12
>       "Iñigo Serna (XXX.YY) <inigo@XXX.YY>"
> gpg: decryption failed: No secret key
> """
>
> I use gpg (not gpg2) so I added '(setq epg-gpg-program "gpg")' to my
> configuration as new epa defaults to gpg2 when I've run "emacs -Q -nw".
>
> `epa-list-secret-keys` does not find any keys.
>
> This same configuration works ok with 24.5.1 (from Fedora 23 x86_64), and
> even `epa-list-secret-keys` shows the private keys correctly.

This behavior is intended, if the key was created with gpg2.  GnuPG 2.1
removed support for secring.gpg, which was used by pre-2.1 versions.
That is one of the reasons we switched the default to "gpg2".

See doc/whats-new-in-2.1.txt in GnuPG:

1.1 Removal of the secret keyring
─────────────────────────────────
[...]
  2.1.  However, any change to the private keys using the new /gpg/ will
  not show up when using pre-2.1 versions of GnuPG and vice versa.

Regards,
-- 
Daiki Ueno

bug#22941: 25.1.50; epa-list-secret-keys does not find gpg private keys

[Iñigo Serna]

Hello, and thanks for your answer.

Daiki Ueno <ueno@gnu.org> writes:
> [...]
>
> This behavior is intended, if the key was created with gpg2.  GnuPG 2.1
> removed support for secring.gpg, which was used by pre-2.1 versions.
> That is one of the reasons we switched the default to "gpg2".

Sorry, I don't understand.
The key was generated with gpg v1.x, and I want to continue using gpg
v1.x within emacs. From cli, I can see the correct key with "gpg -K".

I understand from the doc you cited that now it is not possible 
to use gpg v1.x keys with gpg v2.1+ and vice versa. But in my case I
want to use a v1.x key with gpg v1.x. And that's why I set
`epg-pgp-program' to "gpg" instead of using default "gpg2".

Am I missing something?

Thanks in advance,
Iñigo Serna


> tag 22941 notabug
> close 22941
> stop
>
> Iñigo Serna <inigoserna@gmail.com> writes:
>
>> Since a couple of months ago emacs 25.0.x (last tested as 2016/03/08
>> from git master) can't open encrypted files (using symmetric keys), as
>> epa can't find secret keys from gpg.
>>
>> This is the error message I get:
>> """
>> Error while decrypting with "gpg":
>>
>> gpg: encrypted with 2048-bit RSA key, ID C0ED9C8489B28C43, created 2016-01-12
>>       "Iñigo Serna (XXX.YY) <inigo@XXX.YY>"
>> gpg: decryption failed: No secret key
>> """
>>
>> I use gpg (not gpg2) so I added '(setq epg-gpg-program "gpg")' to my
>> configuration as new epa defaults to gpg2 when I've run "emacs -Q -nw".
>>
>> `epa-list-secret-keys` does not find any keys.
>>
>> This same configuration works ok with 24.5.1 (from Fedora 23 x86_64), and
>> even `epa-list-secret-keys` shows the private keys correctly.
>
> This behavior is intended, if the key was created with gpg2.  GnuPG 2.1
> removed support for secring.gpg, which was used by pre-2.1 versions.
> That is one of the reasons we switched the default to "gpg2".
>
> See doc/whats-new-in-2.1.txt in GnuPG:
>
> 1.1 Removal of the secret keyring
> ─────────────────────────────────
> [...]
>   2.1.  However, any change to the private keys using the new /gpg/ will
>   not show up when using pre-2.1 versions of GnuPG and vice versa.
>
> Regards,


-- 
Iñigo Serna

bug#22941: 25.1.50; epa-list-secret-keys does not find gpg private keys

[Daiki Ueno]

Iñigo Serna <inigoserna@gmail.com> writes:

> The key was generated with gpg v1.x, and I want to continue using gpg
> v1.x within emacs. From cli, I can see the correct key with "gpg -K".

Then I suspect that Emacs is using "gpg2" instead of "gpg" regardless of
the `epg-gpg-program' setting.  How do you set the variable, with `setq'
or M-x customize ?

Regards,
-- 
Daiki Ueno

bug#22941: 25.1.50; epa-list-secret-keys does not find gpg private keys

[Iñigo Serna]

Daiki Ueno <ueno@gnu.org> writes:

> Iñigo Serna <inigoserna@gmail.com> writes:
>
>> The key was generated with gpg v1.x, and I want to continue using gpg
>> v1.x within emacs. From cli, I can see the correct key with "gpg -K".
>
> Then I suspect that Emacs is using "gpg2" instead of "gpg" regardless of
> the `epg-gpg-program' setting.  How do you set the variable, with `setq'
> or M-x customize ?

I use 'setq' as mentioned in the first message.
Even, "gpg" is showed in the error message:

"""
Error while decrypting with "gpg":

gpg: encrypted with 2048-bit RSA key, ID 89B28C43, created 2016-01-12
      "Iñigo Serna (XXX.YY) <inigo@serna.eu>"
gpg: decryption failed: No secret key
"""

Thanks,
Iñigo Serna

bug#22941: 25.1.50; epa-list-secret-keys does not find gpg private keys

[Daiki Ueno]

Iñigo Serna <inigoserna@gmail.com> writes:

> I use 'setq' as mentioned in the first message.
> Even, "gpg" is showed in the error message:
>
> """
> Error while decrypting with "gpg":
>
> gpg: encrypted with 2048-bit RSA key, ID 89B28C43, created 2016-01-12
>       "Iñigo Serna (XXX.YY) <inigo@serna.eu>"
> gpg: decryption failed: No secret key
> """

That's strange indeed.  Are you able to check what is happening by
setting (setq epg-debug t) and looking at the " *epg-debug*" buffer
(note the first whitespace)?  The buffer should contain the actual
command-line and the interactions between Emacs and the "gpg" command.

Regards,
-- 
Daiki Ueno

bug#22941: 25.1.50; epa-list-secret-keys does not find gpg private keys

[Iñigo Serna]

Hi

Daiki Ueno <ueno@gnu.org> writes:
> That's strange indeed.  Are you able to check what is happening by
> setting (setq epg-debug t) and looking at the " *epg-debug*" buffer
> (note the first whitespace)?  The buffer should contain the actual
> command-line and the interactions between Emacs and the "gpg" command.

You were right, it is using gpg2!

GPG_AGENT_INFO is not set
/usr/bin/gpg2 --no-tty --status-fd 1 --yes --enable-progress-filter --command-fd 0 --output /tmp/epg-output8110Oun --decrypt --/home/inigo/personal/agenda/other.org.gpg
[GNUPG:] PROGRESS /home/inigo/personal ? 0 3518
[GNUPG:] ENC_TO C0ED9C8489B28C43 1 0
[GNUPG:] NO_SECKEY C0ED9C8489B28C43
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
[GNUPG:] PROGRESS /home/inigo/personal ? 3518 3518
[GNUPG:] END_DECRYPTION


I tested setting `epg-gpg-program' to something like "xxx", error buffer
displays "xxx" as gpg program in message, but debug shows
"/usr/bin/gpg2" again.

Note I have gpg and gpg2 both installed on my system.
I can't uninstall gpg2 package, but I've tried renaming /usr/bin/gpg2 to
somenthing else; in this case the encrypted file is correctly opened
even without setting `epg-gpg-program' to "gpg".
So I think problem comes that when epa finds gpg2 binary in system it
does not honore `epg-gpg-program' setting.

Thanks,
Iñigo Serna

bug#22941: 25.1.50; epa-list-secret-keys does not find gpg private keys

[Daiki Ueno]

Iñigo Serna <inigoserna@gmail.com> writes:

> So I think problem comes that when epa finds gpg2 binary in system it
> does not honore `epg-gpg-program' setting.

Then I guess you could avoid the problem by setting the variable with
M-x customize-variable and save the configuration, instead of `setq', as
epg respects the setting through custom:
http://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/epg-config.el#n117

Regards,
-- 
Daiki Ueno

bug#22941: 25.1.50; epa-list-secret-keys does not find gpg private keys

[Iñigo Serna]

Daiki Ueno <ueno@gnu.org> writes:

> Iñigo Serna <inigoserna@gmail.com> writes:
>
>> So I think problem comes that when epa finds gpg2 binary in system it
>> does not honore `epg-gpg-program' setting.
>
> Then I guess you could avoid the problem by setting the variable with
> M-x customize-variable and save the configuration, instead of `setq', as
> epg respects the setting through custom:
> http://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/epg-config.el#n117

Bingo!
It works now when setting the variable through `customize-variable'.

Thanks a lot for your time and help,
Iñigo Serna