From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jens Schmidt via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#65316: 29.1.50; EPA can falsely report "wrong passphrase" when decryption fails Date: Tue, 15 Aug 2023 21:49:07 +0200 Message-ID: <489cfb4b-81c3-070b-72d9-800f0830ea6f@vodafonemail.de> References: <93e0d9de-a1ef-2118-d757-327b76eaeff5@vodafonemail.de> Reply-To: Jens Schmidt Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------3zl0gtnmi5eNxyGNBU6Bt8CB" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="11896"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.14.0 To: 65316@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Aug 15 21:50:35 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qW03m-0002up-Ts for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 15 Aug 2023 21:50:35 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qW03R-0003JO-QT; Tue, 15 Aug 2023 15:50:13 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qW03I-0003IU-Vy for bug-gnu-emacs@gnu.org; Tue, 15 Aug 2023 15:50:05 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qW03I-0008FC-O3 for bug-gnu-emacs@gnu.org; Tue, 15 Aug 2023 15:50:04 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qW03I-0001zb-Jd for bug-gnu-emacs@gnu.org; Tue, 15 Aug 2023 15:50:04 -0400 X-Loop: help-debbugs@gnu.org In-Reply-To: <93e0d9de-a1ef-2118-d757-327b76eaeff5@vodafonemail.de> Resent-From: Jens Schmidt Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 15 Aug 2023 19:50:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65316 X-GNU-PR-Package: emacs Original-Received: via spool by 65316-submit@debbugs.gnu.org id=B65316.16921289657525 (code B ref 65316); Tue, 15 Aug 2023 19:50:04 +0000 Original-Received: (at 65316) by debbugs.gnu.org; 15 Aug 2023 19:49:25 +0000 Original-Received: from localhost ([127.0.0.1]:36692 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qW02e-0001xJ-SX for submit@debbugs.gnu.org; Tue, 15 Aug 2023 15:49:25 -0400 Original-Received: from mr3.vodafonemail.de ([145.253.228.163]:33600) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qW02c-0001x4-8v for 65316@debbugs.gnu.org; Tue, 15 Aug 2023 15:49:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vodafonemail.de; s=vfde-mb-mr2-21dec; t=1692128955; bh=xQDkSRSzUEobertY2I+T4gr8pD8Jg1zmG6LatcQ4YCs=; h=Content-Type:Message-ID:Date:User-Agent:Content-Language:From:To: Subject:From; b=An9Gji+CgEZvYbXXwPHHdPEIueXGHLN1q7Emp8vkz3VD+5e/MHqBRd0WqQYs+s9Q6 M0RlxTFP5D1YQBce5SXFjZqWgmZJ27lk6CgmUudcr848qFK7IkoF6uB1rJMvJhGw6F IHHCXgNaxhaxYYcMVuiD1f5dmRQzunl1gv+4d7og= Original-Received: from smtp.vodafone.de (unknown [10.0.0.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by mr3.vodafonemail.de (Postfix) with ESMTPS id 4RQMKR62Xlz207n for <65316@debbugs.gnu.org>; Tue, 15 Aug 2023 19:49:15 +0000 (UTC) Original-Received: from [192.168.178.41] (port-92-194-165-132.dynamic.as20676.net [92.194.165.132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.vodafone.de (Postfix) with ESMTPSA id 4RQMKM3pFpzHnfq for <65316@debbugs.gnu.org>; Tue, 15 Aug 2023 19:49:08 +0000 (UTC) Content-Language: de-DE-frami, en-US X-purgate-type: clean X-purgate: clean X-purgate-size: 5742 X-purgate-ID: 155817::1692128951-D37F3487-77E1B494/0/0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:267516 Archived-At: This is a multi-part message in MIME format. --------------3zl0gtnmi5eNxyGNBU6Bt8CB Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Package: epa.el Tags: patch Repro Case: # prepare a public-key-encrypted file test.gpg in cwd # make pinentry executable non-executable sudo chmod a-x /usr/bin/pinentry emacs -Q C-x C-f test.gpg RET => Wrong passphrase: No secret key Where Emacs 27 would report in a separate *Error* buffer: ---------------------------------------- Error while decrypting with "/usr/bin/gpg": gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03 "test-key" gpg: public key decryption failed: No pinentry gpg: decryption failed: No secret key ---------------------------------------- The root cause is in function `epa--wrong-password-p', defined as follows: ---------------------------------------- (defun epa--wrong-password-p (context) (let ((error-string (epg-context-error-output context))) (and (string-match "decryption failed: \\(Bad session key\\|No secret key\\)" error-string) (match-string 1 error-string)))) ---------------------------------------- It should not search for "No secret key" but rather for "Bad passphrase". "No secret key" just means that there is no secret key available to decrypt the file, "Bad passphrase" means that no secret keys can be used because of a wrong passphrase. I collected a couple of non-bad-passphrase error messages from GnuPG decryption failures, all done with: [emacs-29]$ gpg --version gpg (GnuPG) 2.2.27 libgcrypt 1.8.8 ---------------------------------------- # public key, chmod a-x /usr/bin/pinentry gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03 "test-key" gpg: public key decryption failed: No pinentry gpg: decryption failed: No secret key # symmetric, chmod a-x /usr/bin/pinentry gpg: AES256.CFB encrypted data gpg: problem with the agent: No pinentry gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key # public key, 0744 empty GnuPG home directory gpg: WARNING: unsafe permissions on homedir '/home/jschmidt/work/emacs-29/xxx' gpg: encrypted with RSA key, ID D0EB77D91C0802D6 gpg: decryption failed: No secret key # public key, 0400 empty GnuPG home directory gpg: failed to create temporary file '/home/jschmidt/work/emacs-29/xxx/.#lk0x00005571263a1230.sappc2.4974': Permission denied gpg: keyblock resource '/home/jschmidt/work/emacs-29/xxx/pubring.kbx': Permission denied gpg: encrypted with RSA key, ID D0EB77D91C0802D6 gpg: decryption failed: No secret key # public key, 0700 empty GnuPG home directory gpg: encrypted with RSA key, ID D0EB77D91C0802D6 gpg: decryption failed: No secret key ---------------------------------------- And here the real bad-passphrase messages: ---------------------------------------- # symmetric, bad passphrase entered gpg: AES256.CFB encrypted data gpg: encrypted with 1 passphrase gpg: decryption failed: Bad session key # public key, bad passphrase entered gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03 "test-key" gpg: public key decryption failed: Bad passphrase gpg: decryption failed: No secret key ---------------------------------------- Patch attached. --------------3zl0gtnmi5eNxyGNBU6Bt8CB Content-Type: text/x-patch; charset=UTF-8; name="0001-Avoid-false-wrong-passphrase-messages-in-EPA.patch" Content-Disposition: attachment; filename="0001-Avoid-false-wrong-passphrase-messages-in-EPA.patch" Content-Transfer-Encoding: base64 RnJvbSAxN2Y0ZThhODg4NTM0ZmZjNzgzYjNhNjA4ODIyOWQ0MzU1YWZkZTMwIE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKZW5zIFNjaG1pZHQgPGpzY2htaWR0NGdudUB2b2Rh Zm9uZW1haWwuZGU+CkRhdGU6IFR1ZSwgMTUgQXVnIDIwMjMgMjE6Mzc6MDggKzAyMDAKU3Vi amVjdDogW1BBVENIXSBBdm9pZCBmYWxzZSAid3JvbmcgcGFzc3BocmFzZSIgbWVzc2FnZXMg aW4gRVBBCgoqIGxpc3AvZXBhLWZpbGUuZWwgKGVwYS0td3JvbmctcGFzc3dvcmQtcCk6IFVz ZSBhIHN0cmljdGVyIHJlZ2V4cCB0bwptYXRjaCAid3JvbmcgcGFzc3BocmFzZSIgZXJyb3Jz IGdlbmVyYXRlZCBieSBHbnVQRy4gIChCdWcjNjUzMTYpCi0tLQogbGlzcC9lcGEtZmlsZS5l bCB8IDkgKysrKysrKystCiAxIGZpbGUgY2hhbmdlZCwgOCBpbnNlcnRpb25zKCspLCAxIGRl bGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvbGlzcC9lcGEtZmlsZS5lbCBiL2xpc3AvZXBhLWZp bGUuZWwKaW5kZXggNGQ4Y2ExMWU4MDkuLmEyN2YyNDFjMGMzIDEwMDY0NAotLS0gYS9saXNw L2VwYS1maWxlLmVsCisrKyBiL2xpc3AvZXBhLWZpbGUuZWwKQEAgLTEyMyw5ICsxMjMsMTYg QEAgZXBhLWZpbGUtLWZpbmQtZmlsZS1ub3QtZm91bmQtZnVuY3Rpb24KIAkgICAgICAoY29u cyAiT3BlbmluZyBpbnB1dCBmaWxlIiAoY2RyIGVycm9yKSkpKSkpCiAKIChkZWZ1biBlcGEt LXdyb25nLXBhc3N3b3JkLXAgKGNvbnRleHQpCisgICJSZXR1cm4gd2hldGhlciBhIHdyb25n IHBhc3N3b3JkIGNhdXNlZCB0aGUgZXJyb3IgaW4gQ09OVEVYVC4iCiAgIChsZXQgKChlcnJv ci1zdHJpbmcgKGVwZy1jb250ZXh0LWVycm9yLW91dHB1dCBjb250ZXh0KSkpCisgICAgOzsg VXNlIGEgc3RyaWN0IHJlZ2V4cCBoZXJlIHRoYXQgcmVhbGx5IG9ubHkgbWF0Y2hlcyAid3Jv bmcKKyAgICA7OyBwYXNzcGhyYXNlIiBlcnJvcnMgdG8gYXZvaWQgaGlkaW5nIGRpYWdub3N0 aWMgaW5mb3JtYXRpb24KKyAgICA7OyAoYnVnIzY1MzE2KS4gIEJlbG93IHJlZ2V4cCBhbHNv IGNhbiBmYWlsIHRvIG1hdGNoIG5vbi1FbmdsaXNoCisgICAgOzsgbWVzc2FnZXMsIHNpbmNl IGF0IGxlYXN0IHRoZSAiZGVjcnlwdGlvbiBmYWlsZWQiIHBhcnQgb2YgaXQKKyAgICA7OyBz ZWVtcyB0byBiZSBsb2NhbGl6ZWQuICBCdXQgc2luY2UgdGhpcyBtZWFucyBmYWxzZSBuZWdh dGl2ZXMKKyAgICA7OyB0aGlzIGlzIHByb2JhYmx5IE9LLgogICAgIChhbmQgKHN0cmluZy1t YXRjaAotICAgICAgICAgICJkZWNyeXB0aW9uIGZhaWxlZDogXFwoQmFkIHNlc3Npb24ga2V5 XFx8Tm8gc2VjcmV0IGtleVxcKSIKKyAgICAgICAgICAiZGVjcnlwdGlvbiBmYWlsZWQ6IFxc KEJhZCBzZXNzaW9uIGtleVxcfEJhZCBwYXNzcGhyYXNlXFwpIgogICAgICAgICAgIGVycm9y LXN0cmluZykKICAgICAgICAgIChtYXRjaC1zdHJpbmcgMSBlcnJvci1zdHJpbmcpKSkpCiAK LS0gCjIuMzAuMgoK --------------3zl0gtnmi5eNxyGNBU6Bt8CB--