From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#65316: 29.1.50; EPA can falsely report "wrong passphrase" when decryption fails Date: Thu, 17 Aug 2023 11:12:18 +0300 Message-ID: <83y1ia5bq5.fsf@gnu.org> References: <93e0d9de-a1ef-2118-d757-327b76eaeff5@vodafonemail.de> <489cfb4b-81c3-070b-72d9-800f0830ea6f@vodafonemail.de> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="8526"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 65316-done@debbugs.gnu.org To: Jens Schmidt Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Aug 17 10:13:11 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qWY7z-00020E-HX for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 17 Aug 2023 10:13:11 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qWY7s-0001Rf-VV; Thu, 17 Aug 2023 04:13:05 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qWY7q-0001PN-S0 for bug-gnu-emacs@gnu.org; Thu, 17 Aug 2023 04:13:02 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qWY7q-0007wA-Jb for bug-gnu-emacs@gnu.org; Thu, 17 Aug 2023 04:13:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qWY7q-0006Wj-FB for bug-gnu-emacs@gnu.org; Thu, 17 Aug 2023 04:13:02 -0400 Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-To: bug-gnu-emacs@gnu.org Resent-Date: Thu, 17 Aug 2023 08:13:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 65316 X-GNU-PR-Package: emacs Mail-Followup-To: 65316@debbugs.gnu.org, eliz@gnu.org, jschmidt4gnu@vodafonemail.de Original-Received: via spool by 65316-done@debbugs.gnu.org id=D65316.169225993725027 (code D ref 65316); Thu, 17 Aug 2023 08:13:02 +0000 Original-Received: (at 65316-done) by debbugs.gnu.org; 17 Aug 2023 08:12:17 +0000 Original-Received: from localhost ([127.0.0.1]:42724 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qWY77-0006Vb-EH for submit@debbugs.gnu.org; Thu, 17 Aug 2023 04:12:17 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:59362) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qWY75-0006VM-KY for 65316-done@debbugs.gnu.org; Thu, 17 Aug 2023 04:12:16 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qWY70-0007hn-8R; Thu, 17 Aug 2023 04:12:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=b2dcOfFDb58Seqn8CoqdaraLLEtSU71ACttVZF6jQ+8=; b=cLydxH7qjhKH J7rLCywwxnWtkCcI/Uq2l5VruUsSo/o/ycqxMwLvIHhvDWgftjp6XwUlhZbaTWddEUeTLJTkL9lwT 5eUqkG/iARMyyRlyVwned9BniMZtAnCeB9NWvBEUGxz2o60yJWxKV/5MwT53ndq0Sb//GmT5KTGWG J6tYWZRh/20LVN0tjAFaWdCTxV5ypImwPfpTnZ2FHCo34DXPm04EiF0ANonoNAA9p0poXt0wsU80P ACyiuMhOc2R0JhvsIPTGo1h9kdwvHlE5icotAWUgGmsI7FQIQQY2z0PZf38eKebVAOOxASJiYjthe I4ciJhJiCOw4XLNCtfWK4Q==; In-Reply-To: <489cfb4b-81c3-070b-72d9-800f0830ea6f@vodafonemail.de> (bug-gnu-emacs@gnu.org) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:267643 Archived-At: > Date: Tue, 15 Aug 2023 21:49:07 +0200 > From: Jens Schmidt via "Bug reports for GNU Emacs, > the Swiss army knife of text editors" > > # prepare a public-key-encrypted file test.gpg in cwd > > # make pinentry executable non-executable > sudo chmod a-x /usr/bin/pinentry > > emacs -Q > > C-x C-f test.gpg RET > > => Wrong passphrase: No secret key > > Where Emacs 27 would report in a separate *Error* buffer: > > ---------------------------------------- > Error while decrypting with "/usr/bin/gpg": > > gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03 > "test-key" > gpg: public key decryption failed: No pinentry > gpg: decryption failed: No secret key > ---------------------------------------- > > The root cause is in function `epa--wrong-password-p', defined as > follows: > > ---------------------------------------- > (defun epa--wrong-password-p (context) > (let ((error-string (epg-context-error-output context))) > (and (string-match > "decryption failed: \\(Bad session key\\|No secret key\\)" > error-string) > (match-string 1 error-string)))) > ---------------------------------------- > > It should not search for "No secret key" but rather for "Bad > passphrase". "No secret key" just means that there is no secret key > available to decrypt the file, "Bad passphrase" means that no secret > keys can be used because of a wrong passphrase. > > I collected a couple of non-bad-passphrase error messages from GnuPG > decryption failures, all done with: > > [emacs-29]$ gpg --version > gpg (GnuPG) 2.2.27 > libgcrypt 1.8.8 > > ---------------------------------------- > # public key, chmod a-x /usr/bin/pinentry > gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03 > "test-key" > gpg: public key decryption failed: No pinentry > gpg: decryption failed: No secret key > > # symmetric, chmod a-x /usr/bin/pinentry > gpg: AES256.CFB encrypted data > gpg: problem with the agent: No pinentry > gpg: encrypted with 1 passphrase > gpg: decryption failed: No secret key > > # public key, 0744 empty GnuPG home directory > gpg: WARNING: unsafe permissions on homedir '/home/jschmidt/work/emacs-29/xxx' > gpg: encrypted with RSA key, ID D0EB77D91C0802D6 > gpg: decryption failed: No secret key > > # public key, 0400 empty GnuPG home directory > gpg: failed to create temporary file '/home/jschmidt/work/emacs-29/xxx/.#lk0x00005571263a1230.sappc2.4974': Permission denied > gpg: keyblock resource '/home/jschmidt/work/emacs-29/xxx/pubring.kbx': Permission denied > gpg: encrypted with RSA key, ID D0EB77D91C0802D6 > gpg: decryption failed: No secret key > > # public key, 0700 empty GnuPG home directory > gpg: encrypted with RSA key, ID D0EB77D91C0802D6 > gpg: decryption failed: No secret key > ---------------------------------------- > > And here the real bad-passphrase messages: > > ---------------------------------------- > # symmetric, bad passphrase entered > gpg: AES256.CFB encrypted data > gpg: encrypted with 1 passphrase > gpg: decryption failed: Bad session key > > # public key, bad passphrase entered > gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03 > "test-key" > gpg: public key decryption failed: Bad passphrase > gpg: decryption failed: No secret key > ---------------------------------------- > > Patch attached. Thanks, installed on the emacs-29 branch, and closing the bug.