* Gnus + GPG integration broken after revision 102412.
@ 2010-12-20 8:54 Ashish SHUKLA
2010-12-21 1:32 ` Daiki Ueno
0 siblings, 1 reply; 11+ messages in thread
From: Ashish SHUKLA @ 2010-12-20 8:54 UTC (permalink / raw)
To: emacs-devel
[-- Attachment #1: Type: text/plain, Size: 5090 bytes --]
Hi,
I'm having problem sending GPG signed mails in Emacs bzr revision 1024640.
#v+
Debugger entered--Lisp error: (error "Sign failed: ((exit))")
signal(error ("Sign failed: ((exit))"))
(condition-case error (setq signature (epg-sign-string context (buffer-string) t) mml2015-epg-secret-key-id-list nil) (error (while mml2015-epg-secret-key-id-list (password-cache-remove (car mml2015-epg-secret-key-id-list)) (setq mml2015-epg-secret-key-id-list (cdr mml2015-epg-secret-key-id-list))) (signal (car error) (cdr error))))
(let* ((inhibit-redisplay t) (context (epg-make-context)) (boundary (mml-compute-boundary cont)) (sender (message-options-get (quote message-sender))) signer-key (signers (or (message-options-get (quote mml2015-epg-signers)) (message-options-set (quote mml2015-epg-signers) (if (eq mm-sign-option (quote guided)) (epa-select-keys context "Select keys for signing.\nIf no one is selected, default secret key is used. " (cons sender mml2015-signers) t) (if (or sender mml2015-signers) (delq nil ...)))))) signature micalg) (epg-context-set-armor context t) (epg-context-set-textmode context t) (epg-context-set-signers context signers) (if mml2015-cache-passphrase (epg-context-set-passphrase-callback context (function mml2015-epg-passphrase-callback))) (condition-case error (setq signature (epg-sign-string context (buffer-string) t) mml2015-epg-secret-key-id-list nil) (error (while mml2015-epg-secret-key-id-list (password-cache-remove (car mml2015-epg-secret-key-id-list)) (setq mml2015-epg-secret-key-id-list (cdr mml2015-epg-secret-key-id-list))) (signal (car error) (cdr error)))) (if (epg-context-result-for context (quote sign)) (setq micalg (epg-new-signature-digest-algorithm (car (epg-context-result-for context (quote sign)))))) (goto-char (point-min)) (insert (format "Content-Type: multipart/signed; boundary=\"%s\";\n" boundary)) (if micalg (insert (format " micalg=pgp-%s; " (downcase (cdr (assq micalg epg-digest-algorithm-alist)))))) (insert "protocol=\"application/pgp-signature\"\n") (insert (format "\n--%s\n" boundary)) (goto-char (point-max)) (insert (format "\n--%s\n" boundary)) (insert "Content-Type: application/pgp-signature\n\n") (insert signature) (goto-char (point-max)) (insert (format "--%s--\n" boundary)) (goto-char (point-max)))
mml2015-epg-sign((part (sign . "pgpmime") (tag-location . 1722) (contents . "\n-- \nAshish SHUKLA\n\n“Progress doesn't come from early risers – progress is made by lazy\nmen looking for easier ways to do things.” (Robert A. Heinlein, 1973)\n")))
mml2015-sign((part (sign . "pgpmime") (tag-location . 1722) (contents . "\n-- \nAshish SHUKLA\n\n“Progress doesn't come from early risers – progress is made by lazy\nmen looking for easier ways to do things.” (Robert A. Heinlein, 1973)\n")))
mml-pgpmime-sign-buffer((part (sign . "pgpmime") (tag-location . 1722) (contents . "\n-- \nAshish SHUKLA\n\n“Progress doesn't come from early risers – progress is made by lazy\nmen looking for easier ways to do things.” (Robert A. Heinlein, 1973)\n")))
mml-generate-mime-1((part (sign . "pgpmime") (tag-location . 1722) (contents . "\n-- \nAshish SHUKLA\n\n“Progress doesn't come from early risers – progress is made by lazy\nmen looking for easier ways to do things.” (Robert A. Heinlein, 1973)\n")))
mml-generate-mime()
message-encode-message-body()
message-send-mail(nil)
message-send-via-mail(nil)
message-send(nil)
message-send-and-exit(nil)
call-interactively(message-send-and-exit nil nil)
#v-
I've tracked it down to change in lisp/gnus/mml2015.el in r102412[1]. To be
able to send GPG signed emails, I've to defun the "mml2015-epg-sign" function
From revision 102411 of lisp/gnus/mml2015.el.
The GPG signing related customizations, which I'm using, are copied from
GnusPGG page of EmacsWiki[2]:
#v+
(require 'pgg)
(setq pgg-default-user-id "wahjava")
(eval-after-load "mm-decode" '(add-to-list 'mm-inlined-types "application/pgp$"))
(eval-after-load "mm-decode" '(add-to-list 'mm-inline-media-tests '("application/pgp$" mm-inline-text identity)))
(eval-after-load "mm-decode" '(add-to-list 'mm-automatic-display "application/pgp$"))
(eval-after-load "mm-decode" (quote (setq mm-automatic-display (remove "application/pgp-signature" mm-automatic-display))))
#v-
It seems to me that Gnus is now defaulting to EPG. The only EP{A,G}
customization, I've is in my "~/.emacs.d/init.el" file:
#v+
(require 'epg-config)
(require 'epa)
(eval-after-load "epa" (setq epa-armor t))
(setq epg-gpg-program (executable-find "gpg2"))
#v-
Any ideas how to fix this issue ? Or how to switch my Gnus configuration to
use EPG, if EPG is supposed to work for me ?
In case any other information is required please mention.
References:
[1] http://bazaar.launchpad.net/~vcs-imports/emacs/trunk/revision/102412#lisp/gnus/mml2015.el
[2] http://www.emacswiki.org/emacs/GnusPGG
TiA
--
Ashish SHUKLA
“Real Programmers always confuse Christmas and Halloween because Oct31
== Dec25.” (Andrew Rutherford)
[-- Attachment #2: Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Gnus + GPG integration broken after revision 102412.
2010-12-20 8:54 Gnus + GPG integration broken after revision 102412 Ashish SHUKLA
@ 2010-12-21 1:32 ` Daiki Ueno
2010-12-21 11:06 ` Ashish SHUKLA
0 siblings, 1 reply; 11+ messages in thread
From: Daiki Ueno @ 2010-12-21 1:32 UTC (permalink / raw)
To: Ashish SHUKLA; +Cc: Daniel Dehennin, emacs-devel
wahjava.ml@gmail.com (Ashish SHUKLA) writes:
> I'm having problem sending GPG signed mails in Emacs bzr revision 1024640.
>
> Debugger entered--Lisp error: (error "Sign failed: ((exit))")
> signal(error ("Sign failed: ((exit))"))
Could you try again with (setq epg-debug t) and provide the contents of
buffer " *epg-debug*" (note that the first letter is a white space)?
> I've tracked it down to change in lisp/gnus/mml2015.el in
> r102412[1]. To be able to send GPG signed emails, I've to defun the
> "mml2015-epg-sign" function From revision 102411 of
> lisp/gnus/mml2015.el.
Cc'ed Daniel, who is the author of that change.
Regards,
--
Daiki Ueno
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Gnus + GPG integration broken after revision 102412.
2010-12-21 1:32 ` Daiki Ueno
@ 2010-12-21 11:06 ` Ashish SHUKLA
2010-12-21 17:53 ` Daniel Dehennin
2010-12-22 1:31 ` Daiki Ueno
0 siblings, 2 replies; 11+ messages in thread
From: Ashish SHUKLA @ 2010-12-21 11:06 UTC (permalink / raw)
To: Daiki Ueno; +Cc: Ashish SHUKLA, Daniel Dehennin, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 1404 bytes --]
Daiki Ueno writes:
> wahjava.ml@gmail.com (Ashish SHUKLA) writes:
>> I'm having problem sending GPG signed mails in Emacs bzr revision 1024640.
>>
>> Debugger entered--Lisp error: (error "Sign failed: ((exit))")
>> signal(error ("Sign failed: ((exit))"))
> Could you try again with (setq epg-debug t) and provide the contents of
> buffer " *epg-debug*" (note that the first letter is a white space)?
#v+
/usr/local/bin/gpg2 --no-tty --status-fd 1 --yes --use-agent --command-fd 0 --armor --textmode --output /tmp/epg-output62957uOj --detach-sign -u 1F2F8410762E5E74
Warning: using insecure memory!
gpg: skipped "1F2F8410762E5E74": Unusable secret key
[GNUPG:] INV_SGNR 9 1F2F8410762E5E74
gpg: signing failed: Unusable secret key
#v-
The above mentioned key id belongs to my GPG key which I revoked, but it's
still present in my system to decrypt old content encrypted with it. Any ideas
how I can switch to other GPG user ID (the one which is used to sign this
email) ?
>> I've tracked it down to change in lisp/gnus/mml2015.el in
>> r102412[1]. To be able to send GPG signed emails, I've to defun the
>> "mml2015-epg-sign" function From revision 102411 of
>> lisp/gnus/mml2015.el.
> Cc'ed Daniel, who is the author of that change.
Thanks
--
Ashish SHUKLA
“We've so many people in India, that we're able to route each network
packet manually.” (nobotz)
[-- Attachment #2: Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Gnus + GPG integration broken after revision 102412.
2010-12-21 11:06 ` Ashish SHUKLA
@ 2010-12-21 17:53 ` Daniel Dehennin
2010-12-21 22:51 ` Ashish SHUKLA
2010-12-22 1:31 ` Daiki Ueno
1 sibling, 1 reply; 11+ messages in thread
From: Daniel Dehennin @ 2010-12-21 17:53 UTC (permalink / raw)
To: Ashish SHUKLA; +Cc: Daiki Ueno, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 1864 bytes --]
wahjava.ml@gmail.com (Ashish SHUKLA) writes:
> Daiki Ueno writes:
>> wahjava.ml@gmail.com (Ashish SHUKLA) writes:
>
>>> I'm having problem sending GPG signed mails in Emacs bzr revision 1024640.
>>>
>>> Debugger entered--Lisp error: (error "Sign failed: ((exit))")
>>> signal(error ("Sign failed: ((exit))"))
>
>> Could you try again with (setq epg-debug t) and provide the contents of
>> buffer " *epg-debug*" (note that the first letter is a white space)?
> #v+
> /usr/local/bin/gpg2 --no-tty --status-fd 1 --yes --use-agent --command-fd 0 --armor --textmode --output /tmp/epg-output62957uOj --detach-sign -u 1F2F8410762E5E74
> Warning: using insecure memory!
> gpg: skipped "1F2F8410762E5E74": Unusable secret key
> [GNUPG:] INV_SGNR 9 1F2F8410762E5E74
> gpg: signing failed: Unusable secret key
> #v-
> The above mentioned key id belongs to my GPG key which I revoked, but it's
> still present in my system to decrypt old content encrypted with it. Any ideas
> how I can switch to other GPG user ID (the one which is used to sign this
> email) ?
>
>>> I've tracked it down to change in lisp/gnus/mml2015.el in
>>> r102412[1]. To be able to send GPG signed emails, I've to defun the
>>> "mml2015-epg-sign" function From revision 102411 of
>>> lisp/gnus/mml2015.el.
>
>> Cc'ed Daniel, who is the author of that change.
Maybe you signed your email based on the default-key option in gpg.conf,
my change use the sender address in addition to mml2015-signers.
If you have more than one key for an e-mail address you may (setq
mm-sign-option 'guided) to choose which key to use.
Another option may be to remove that email address from the key, it will
not be picked up for signing but still usable to decrypt?
Regards.
--
Daniel Dehennin
Récupérer ma clef GPG:
gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Gnus + GPG integration broken after revision 102412.
2010-12-21 17:53 ` Daniel Dehennin
@ 2010-12-21 22:51 ` Ashish SHUKLA
0 siblings, 0 replies; 11+ messages in thread
From: Ashish SHUKLA @ 2010-12-21 22:51 UTC (permalink / raw)
To: Daniel Dehennin; +Cc: Daiki Ueno, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 2840 bytes --]
Daniel Dehennin writes:
> wahjava.ml@gmail.com (Ashish SHUKLA) writes:
>> Daiki Ueno writes:
>>> wahjava.ml@gmail.com (Ashish SHUKLA) writes:
>>
>>>> I'm having problem sending GPG signed mails in Emacs bzr revision 1024640.
>>>>
>>>> Debugger entered--Lisp error: (error "Sign failed: ((exit))")
>>>> signal(error ("Sign failed: ((exit))"))
>>
>>> Could you try again with (setq epg-debug t) and provide the contents of
>>> buffer " *epg-debug*" (note that the first letter is a white space)?
>> #v+
>> /usr/local/bin/gpg2 --no-tty --status-fd 1 --yes --use-agent --command-fd 0 --armor --textmode --output /tmp/epg-output62957uOj --detach-sign -u 1F2F8410762E5E74
>> Warning: using insecure memory!
>> gpg: skipped "1F2F8410762E5E74": Unusable secret key
>> [GNUPG:] INV_SGNR 9 1F2F8410762E5E74
>> gpg: signing failed: Unusable secret key
>> #v-
>> The above mentioned key id belongs to my GPG key which I revoked, but it's
>> still present in my system to decrypt old content encrypted with it. Any ideas
>> how I can switch to other GPG user ID (the one which is used to sign this
>> email) ?
>>
>>>> I've tracked it down to change in lisp/gnus/mml2015.el in
>>>> r102412[1]. To be able to send GPG signed emails, I've to defun the
>>>> "mml2015-epg-sign" function From revision 102411 of
>>>> lisp/gnus/mml2015.el.
>>
>>> Cc'ed Daniel, who is the author of that change.
> Maybe you signed your email based on the default-key option in gpg.conf,
> my change use the sender address in addition to mml2015-signers.
"default-key" option in gpg.conf is present and points to the correct key, but
it is not working.
> If you have more than one key for an e-mail address you may (setq
> mm-sign-option 'guided) to choose which key to use.
I've more than one keys, and in one of the keys, the UIDs are more than 10,
which means the only 10 UIDs appear in the output of "gpg2
--list-secret-keys", to retrieve list of all UIDs, you've to explicitly query
"gpg2 --list-secret-keys $KEYID".
It would be nice to have a customizable variable (something like
"pgg-default-user-id") which stores the default key id used for signing the
messages. And, users with multiple keys should be able to override the key
used for signing an email in the message buffer as well.
> Another option may be to remove that email address from the key, it will
> not be picked up for signing but still usable to decrypt?
This could be done, but this looks like an ugly work around. :(
Thanks
--
Ashish SHUKLA
“I am free, no matter what rules surround me. If I find them
tolerable, I tolerate them; if I find them too obnoxious, I break
them. I am free because I know that I alone am morally responsible for
everything I do.” (Robert A. Heinlein, "The Moon Is a Harsh Mistress",
1966)
[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Gnus + GPG integration broken after revision 102412.
2010-12-21 11:06 ` Ashish SHUKLA
2010-12-21 17:53 ` Daniel Dehennin
@ 2010-12-22 1:31 ` Daiki Ueno
2010-12-22 3:49 ` Ashish SHUKLA
1 sibling, 1 reply; 11+ messages in thread
From: Daiki Ueno @ 2010-12-22 1:31 UTC (permalink / raw)
To: Ashish SHUKLA; +Cc: Daniel Dehennin, emacs-devel
wahjava.ml@gmail.com (Ashish SHUKLA) writes:
> #v+
> /usr/local/bin/gpg2 --no-tty --status-fd 1 --yes --use-agent --command-fd 0 --armor --textmode --output /tmp/epg-output62957uOj --detach-sign -u 1F2F8410762E5E74
> Warning: using insecure memory!
> gpg: skipped "1F2F8410762E5E74": Unusable secret key
> [GNUPG:] INV_SGNR 9 1F2F8410762E5E74
> gpg: signing failed: Unusable secret key
> #v-
>
> The above mentioned key id belongs to my GPG key which I revoked, but it's
> still present in my system to decrypt old content encrypted with it.
It looks strange that mml2015 passes the expired key to gpg, since
`mml2015-epg-sign' is expected to reject such a key through
`mml2015-epg-find-usable-key'.
Do you see 1F2F8410762E5E74 key with:
(mml2015-epg-find-usable-key
(epg-list-keys (epg-make-context 'OpenPGP) "1F2F8410762E5E74" t)
'sign)
?
Regards,
--
Daiki Ueno
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Gnus + GPG integration broken after revision 102412.
2010-12-22 1:31 ` Daiki Ueno
@ 2010-12-22 3:49 ` Ashish SHUKLA
2010-12-22 5:21 ` Daiki Ueno
2010-12-22 8:29 ` Daniel Dehennin
0 siblings, 2 replies; 11+ messages in thread
From: Ashish SHUKLA @ 2010-12-22 3:49 UTC (permalink / raw)
To: Daiki Ueno; +Cc: Daniel Dehennin, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 1137 bytes --]
Daiki Ueno writes:
> wahjava.ml@gmail.com (Ashish SHUKLA) writes:
>> #v+
>> /usr/local/bin/gpg2 --no-tty --status-fd 1 --yes --use-agent --command-fd 0 --armor --textmode --output /tmp/epg-output62957uOj --detach-sign -u 1F2F8410762E5E74
>> Warning: using insecure memory!
>> gpg: skipped "1F2F8410762E5E74": Unusable secret key
>> [GNUPG:] INV_SGNR 9 1F2F8410762E5E74
>> gpg: signing failed: Unusable secret key
>> #v-
>>
>> The above mentioned key id belongs to my GPG key which I revoked, but it's
>> still present in my system to decrypt old content encrypted with it.
> It looks strange that mml2015 passes the expired key to gpg, since
> `mml2015-epg-sign' is expected to reject such a key through
> `mml2015-epg-find-usable-key'.
> Do you see 1F2F8410762E5E74 key with:
> (mml2015-epg-find-usable-key
> (epg-list-keys (epg-make-context 'OpenPGP) "1F2F8410762E5E74" t)
> 'sign)
Yes, I see that key. And, please note that it's not expired, it's revoked.
Thanks
--
Ashish SHUKLA
“There are 10 types of people in this world, those who understand
binary and those who do not” (anonymous)
[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Gnus + GPG integration broken after revision 102412.
2010-12-22 3:49 ` Ashish SHUKLA
@ 2010-12-22 5:21 ` Daiki Ueno
2010-12-22 6:56 ` Ashish SHUKLA
2010-12-22 8:29 ` Daniel Dehennin
1 sibling, 1 reply; 11+ messages in thread
From: Daiki Ueno @ 2010-12-22 5:21 UTC (permalink / raw)
To: Ashish SHUKLA; +Cc: Daniel Dehennin, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 529 bytes --]
wahjava.ml@gmail.com (Ashish SHUKLA) writes:
>> It looks strange that mml2015 passes the expired key to gpg, since
>> `mml2015-epg-sign' is expected to reject such a key through
>> `mml2015-epg-find-usable-key'.
>
>> Do you see 1F2F8410762E5E74 key with:
>
>> (mml2015-epg-find-usable-key
>> (epg-list-keys (epg-make-context 'OpenPGP) "1F2F8410762E5E74" t)
>> 'sign)
>
> Yes, I see that key. And, please note that it's not expired, it's revoked.
Aha, then it's indeed a bug of mml2015-epg-*. Please try the attached
patch.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: mml2015-revoked.patch --]
[-- Type: text/x-patch, Size: 668 bytes --]
=== modified file 'lisp/gnus/mml2015.el'
--- lisp/gnus/mml2015.el 2010-11-17 22:15:24 +0000
+++ lisp/gnus/mml2015.el 2010-12-22 05:16:41 +0000
@@ -957,7 +957,7 @@
(mapcar
(lambda (signer)
(setq signer-key (mml2015-epg-find-usable-key
- (epg-list-keys context signer t)
+ (epg-list-keys context signer)
'sign))
(unless (or signer-key
(y-or-n-p
@@ -1068,7 +1068,7 @@
(mapcar
(lambda (signer)
(setq signer-key (mml2015-epg-find-usable-key
- (epg-list-keys context signer t)
+ (epg-list-keys context signer)
'sign))
(unless (or signer-key
(y-or-n-p
[-- Attachment #3: Type: text/plain, Size: 145 bytes --]
Since I'm personally not confident if the fix is the right way, the
actual fix will be done after asking the gpg list.
Regards,
--
Daiki Ueno
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Gnus + GPG integration broken after revision 102412.
2010-12-22 5:21 ` Daiki Ueno
@ 2010-12-22 6:56 ` Ashish SHUKLA
0 siblings, 0 replies; 11+ messages in thread
From: Ashish SHUKLA @ 2010-12-22 6:56 UTC (permalink / raw)
To: Daiki Ueno; +Cc: Daniel Dehennin, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 1673 bytes --]
Daiki Ueno writes:
> wahjava.ml@gmail.com (Ashish SHUKLA) writes:
>>> It looks strange that mml2015 passes the expired key to gpg, since
>>> `mml2015-epg-sign' is expected to reject such a key through
>>> `mml2015-epg-find-usable-key'.
>>
>>> Do you see 1F2F8410762E5E74 key with:
>>
>>> (mml2015-epg-find-usable-key
>>> (epg-list-keys (epg-make-context 'OpenPGP) "1F2F8410762E5E74" t)
>>> 'sign)
>>
>> Yes, I see that key. And, please note that it's not expired, it's revoked.
> Aha, then it's indeed a bug of mml2015-epg-*. Please try the attached
> patch.
> === modified file 'lisp/gnus/mml2015.el'
> --- lisp/gnus/mml2015.el 2010-11-17 22:15:24 +0000
> +++ lisp/gnus/mml2015.el 2010-12-22 05:16:41 +0000
> @@ -957,7 +957,7 @@
> (mapcar
> (lambda (signer)
> (setq signer-key (mml2015-epg-find-usable-key
> - (epg-list-keys context signer t)
> + (epg-list-keys context signer)
> 'sign))
> (unless (or signer-key
> (y-or-n-p
> @@ -1068,7 +1068,7 @@
> (mapcar
> (lambda (signer)
> (setq signer-key (mml2015-epg-find-usable-key
> - (epg-list-keys context signer t)
> + (epg-list-keys context signer)
> 'sign))
> (unless (or signer-key
> (y-or-n-p
> Since I'm personally not confident if the fix is the right way, the
> actual fix will be done after asking the gpg list.
Works great. I'm able to send signed/encrypted mails using patched functions. :)
Thanks
--
Ashish SHUKLA
“The camera is to the brush what Java is to assembly.” ("Sougata
Santra", ".sig of Sir Debarshi Ray", 2010)
[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Gnus + GPG integration broken after revision 102412.
2010-12-22 3:49 ` Ashish SHUKLA
2010-12-22 5:21 ` Daiki Ueno
@ 2010-12-22 8:29 ` Daniel Dehennin
2010-12-23 3:12 ` Ashish SHUKLA
1 sibling, 1 reply; 11+ messages in thread
From: Daniel Dehennin @ 2010-12-22 8:29 UTC (permalink / raw)
To: Ashish SHUKLA; +Cc: Daiki Ueno, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 1832 bytes --]
wahjava.ml@gmail.com (Ashish SHUKLA) writes:
> Daiki Ueno writes:
>> wahjava.ml@gmail.com (Ashish SHUKLA) writes:
>
>>> #v+
>>> /usr/local/bin/gpg2 --no-tty --status-fd 1 --yes --use-agent --command-fd 0 --armor --textmode --output /tmp/epg-output62957uOj --detach-sign -u 1F2F8410762E5E74
>>> Warning: using insecure memory!
>>> gpg: skipped "1F2F8410762E5E74": Unusable secret key
>>> [GNUPG:] INV_SGNR 9 1F2F8410762E5E74
>>> gpg: signing failed: Unusable secret key
>>> #v-
>>>
>>> The above mentioned key id belongs to my GPG key which I revoked, but it's
>>> still present in my system to decrypt old content encrypted with it.
>
>> It looks strange that mml2015 passes the expired key to gpg, since
>> `mml2015-epg-sign' is expected to reject such a key through
>> `mml2015-epg-find-usable-key'.
>
>> Do you see 1F2F8410762E5E74 key with:
>
>> (mml2015-epg-find-usable-key
>> (epg-list-keys (epg-make-context 'OpenPGP) "1F2F8410762E5E74" t)
>> 'sign)
>
> Yes, I see that key. And, please note that it's not expired, it's revoked.
Hello,
mml2015-epg-find-usable-key should remove revoked keys.
Can you test the following for me?
#v+
(defun test-mml2015-epg-find-usable-key (signers)
(let* ((context (epg-make-context))
(keys (epg-list-keys context signers))
(validities nil))
(while keys
(let ((pointer (epg-key-sub-key-list (car keys))))
(while pointer
(setq validities (cons
(cons (epg-sub-key-id (car pointer)) (symbol-name (epg-sub-key-validity (car pointer))))
validities))
(setq pointer (cdr pointer))))
(setq keys (cdr keys)))
validities))
(test-mml2015-epg-find-usable-key '("1F2F8410762E5E74"))
#v-
Thanks.
--
Daniel Dehennin
Récupérer ma clef GPG:
gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Gnus + GPG integration broken after revision 102412.
2010-12-22 8:29 ` Daniel Dehennin
@ 2010-12-23 3:12 ` Ashish SHUKLA
0 siblings, 0 replies; 11+ messages in thread
From: Ashish SHUKLA @ 2010-12-23 3:12 UTC (permalink / raw)
To: Daniel Dehennin; +Cc: Daiki Ueno, emacs-devel
[-- Attachment #1: Type: text/plain, Size: 2138 bytes --]
Daniel Dehennin writes:
> wahjava.ml@gmail.com (Ashish SHUKLA) writes:
>> Daiki Ueno writes:
>>> wahjava.ml@gmail.com (Ashish SHUKLA) writes:
>>
>>>> #v+
>>>> /usr/local/bin/gpg2 --no-tty --status-fd 1 --yes --use-agent --command-fd 0 --armor --textmode --output /tmp/epg-output62957uOj --detach-sign -u 1F2F8410762E5E74
>>>> Warning: using insecure memory!
>>>> gpg: skipped "1F2F8410762E5E74": Unusable secret key
>>>> [GNUPG:] INV_SGNR 9 1F2F8410762E5E74
>>>> gpg: signing failed: Unusable secret key
>>>> #v-
>>>>
>>>> The above mentioned key id belongs to my GPG key which I revoked, but it's
>>>> still present in my system to decrypt old content encrypted with it.
>>
>>> It looks strange that mml2015 passes the expired key to gpg, since
>>> `mml2015-epg-sign' is expected to reject such a key through
>>> `mml2015-epg-find-usable-key'.
>>
>>> Do you see 1F2F8410762E5E74 key with:
>>
>>> (mml2015-epg-find-usable-key
>>> (epg-list-keys (epg-make-context 'OpenPGP) "1F2F8410762E5E74" t)
>>> 'sign)
>>
>> Yes, I see that key. And, please note that it's not expired, it's revoked.
> Hello,
> mml2015-epg-find-usable-key should remove revoked keys.
> Can you test the following for me?
> #v+
> (defun test-mml2015-epg-find-usable-key (signers)
> (let* ((context (epg-make-context))
> (keys (epg-list-keys context signers))
> (validities nil))
> (while keys
> (let ((pointer (epg-key-sub-key-list (car keys))))
> (while pointer
> (setq validities (cons
> (cons (epg-sub-key-id (car pointer)) (symbol-name (epg-sub-key-validity (car pointer))))
> validities))
> (setq pointer (cdr pointer))))
> (setq keys (cdr keys)))
> validities))
> (test-mml2015-epg-find-usable-key '("1F2F8410762E5E74"))
> #v-
This is what I get:
(("F80D89FB7B05E99F" . "revoked") ("1F2F8410762E5E74" . "revoked"))
HTH
--
Ashish SHUKLA
“It's good to be wrong. Don't feel shamed. Wear past mistakes as a
badge of honor because growth is everything. To stop learning is to
decay.” ("apokalyptik", "in a conversation to abbe", 2010)
[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2010-12-23 3:12 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-12-20 8:54 Gnus + GPG integration broken after revision 102412 Ashish SHUKLA
2010-12-21 1:32 ` Daiki Ueno
2010-12-21 11:06 ` Ashish SHUKLA
2010-12-21 17:53 ` Daniel Dehennin
2010-12-21 22:51 ` Ashish SHUKLA
2010-12-22 1:31 ` Daiki Ueno
2010-12-22 3:49 ` Ashish SHUKLA
2010-12-22 5:21 ` Daiki Ueno
2010-12-22 6:56 ` Ashish SHUKLA
2010-12-22 8:29 ` Daniel Dehennin
2010-12-23 3:12 ` Ashish SHUKLA
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).