bug#65316: 29.1.50; EPA can falsely report "wrong passphrase" when decryption fails - Jens Schmidt via Bug reports for GNU Emacs, the Swiss army knife of text editors

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Jens Schmidt via "Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
To: 65316@debbugs.gnu.org
Subject: bug#65316: 29.1.50; EPA can falsely report "wrong passphrase" when decryption fails
Date: Tue, 15 Aug 2023 21:49:07 +0200	[thread overview]
Message-ID: <489cfb4b-81c3-070b-72d9-800f0830ea6f@vodafonemail.de> (raw)
In-Reply-To: <93e0d9de-a1ef-2118-d757-327b76eaeff5@vodafonemail.de>

[-- Attachment #1: Type: text/plain, Size: 3134 bytes --]

Package: epa.el
Tags: patch

Repro Case:

# prepare a public-key-encrypted file test.gpg in cwd

# make pinentry executable non-executable
sudo chmod a-x /usr/bin/pinentry

emacs -Q

C-x C-f test.gpg RET

=> Wrong passphrase: No secret key

Where Emacs 27 would report in a separate *Error* buffer:

----------------------------------------
Error while decrypting with "/usr/bin/gpg":

gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
      "test-key"
gpg: public key decryption failed: No pinentry
gpg: decryption failed: No secret key
----------------------------------------

The root cause is in function `epa--wrong-password-p', defined as
follows:

----------------------------------------
(defun epa--wrong-password-p (context)
  (let ((error-string (epg-context-error-output context)))
    (and (string-match
          "decryption failed: \\(Bad session key\\|No secret key\\)"
          error-string)
         (match-string 1 error-string))))
----------------------------------------

It should not search for "No secret key" but rather for "Bad
passphrase".  "No secret key" just means that there is no secret key
available to decrypt the file, "Bad passphrase" means that no secret
keys can be used because of a wrong passphrase.

I collected a couple of non-bad-passphrase error messages from GnuPG
decryption failures, all done with:

  [emacs-29]$ gpg --version
  gpg (GnuPG) 2.2.27
  libgcrypt 1.8.8

----------------------------------------
# public key, chmod a-x /usr/bin/pinentry
gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
      "test-key"
gpg: public key decryption failed: No pinentry
gpg: decryption failed: No secret key

# symmetric, chmod a-x /usr/bin/pinentry
gpg: AES256.CFB encrypted data
gpg: problem with the agent: No pinentry
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key

# public key, 0744 empty GnuPG home directory
gpg: WARNING: unsafe permissions on homedir '/home/jschmidt/work/emacs-29/xxx'
gpg: encrypted with RSA key, ID D0EB77D91C0802D6
gpg: decryption failed: No secret key

# public key, 0400 empty GnuPG home directory
gpg: failed to create temporary file '/home/jschmidt/work/emacs-29/xxx/.#lk0x00005571263a1230.sappc2.4974': Permission denied
gpg: keyblock resource '/home/jschmidt/work/emacs-29/xxx/pubring.kbx': Permission denied
gpg: encrypted with RSA key, ID D0EB77D91C0802D6
gpg: decryption failed: No secret key

# public key, 0700 empty GnuPG home directory
gpg: encrypted with RSA key, ID D0EB77D91C0802D6
gpg: decryption failed: No secret key
----------------------------------------

And here the real bad-passphrase messages:

----------------------------------------
# symmetric, bad passphrase entered
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

# public key, bad passphrase entered
gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03
      "test-key"
gpg: public key decryption failed: Bad passphrase
gpg: decryption failed: No secret key
----------------------------------------

Patch attached.

[-- Attachment #2: 0001-Avoid-false-wrong-passphrase-messages-in-EPA.patch --]
[-- Type: text/x-patch, Size: 1470 bytes --]

From 17f4e8a888534ffc783b3a6088229d4355afde30 Mon Sep 17 00:00:00 2001
From: Jens Schmidt <jschmidt4gnu@vodafonemail.de>
Date: Tue, 15 Aug 2023 21:37:08 +0200
Subject: [PATCH] Avoid false "wrong passphrase" messages in EPA

* lisp/epa-file.el (epa--wrong-password-p): Use a stricter regexp to
match "wrong passphrase" errors generated by GnuPG.  (Bug#65316)
---
 lisp/epa-file.el | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lisp/epa-file.el b/lisp/epa-file.el
index 4d8ca11e809..a27f241c0c3 100644
--- a/lisp/epa-file.el
+++ b/lisp/epa-file.el
@@ -123,9 +123,16 @@ epa-file--find-file-not-found-function
 	      (cons "Opening input file" (cdr error))))))
 
 (defun epa--wrong-password-p (context)
+  "Return whether a wrong password caused the error in CONTEXT."
   (let ((error-string (epg-context-error-output context)))
+    ;; Use a strict regexp here that really only matches "wrong
+    ;; passphrase" errors to avoid hiding diagnostic information
+    ;; (bug#65316).  Below regexp also can fail to match non-English
+    ;; messages, since at least the "decryption failed" part of it
+    ;; seems to be localized.  But since this means false negatives
+    ;; this is probably OK.
     (and (string-match
-          "decryption failed: \\(Bad session key\\|No secret key\\)"
+          "decryption failed: \\(Bad session key\\|Bad passphrase\\)"
           error-string)
          (match-string 1 error-string))))
 
-- 
2.30.2

next prev parent reply	other threads:[~2023-08-15 19:49 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-15 19:06 bug#65316: 29.1.50; EPA can falsely report "wrong passphrase" when decryption fails Jens Schmidt via Bug reports for GNU Emacs, the Swiss army knife of text editors
2023-08-15 19:49 ` Jens Schmidt via Bug reports for GNU Emacs, the Swiss army knife of text editors [this message]
2023-08-17  8:12   ` Eli Zaretskii

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:4d8ca11e80 dfblob:a27f241c0c
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=489cfb4b-81c3-070b-72d9-800f0830ea6f@vodafonemail.de \
    --to=bug-gnu-emacs@gnu.org \
    --cc=65316@debbugs.gnu.org \
    --cc=jschmidt4gnu@vodafonemail.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.