From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id gMVbNiBNIGP9NwEAbAwnHQ (envelope-from ) for ; Tue, 13 Sep 2022 11:28:00 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id +IB4NiBNIGNgSAEA9RJhRA (envelope-from ) for ; Tue, 13 Sep 2022 11:28:00 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C1CC3947A for ; Tue, 13 Sep 2022 11:27:57 +0200 (CEST) Received: from localhost ([::1]:52472 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oY2Cy-00022J-QA for larch@yhetil.org; Tue, 13 Sep 2022 05:27:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47336) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oY2Cg-00021M-Ip for guix-science@gnu.org; Tue, 13 Sep 2022 05:27:38 -0400 Received: from sender4-of-o50.zoho.com ([136.143.188.50]:21024) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oY2Ca-0004Cw-6p; Tue, 13 Sep 2022 05:27:38 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1663061248; cv=none; d=zohomail.com; s=zohoarc; b=VS9OJ19t8L63Lw6i/yh9hGHaceXmM3oc05vZqAttWEXLHjCEoALfBE31/uCxy83MUaaL0xDYrt/8opcmqeBRLJ/u89PiuDJXAUJ/ahq65lI5kGF95yVAzt/Z8D0HWWLozYtQeSaqRQrnLgEUt5vz6gQu95wBlMwsSwwEVP9YeXA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1663061248; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=rNvH1dfxwCgwzsXWHxRVEeo8vjfSUVzHy/oimDk83/s=; b=Tuhu8//7tPrPQkEvFUnGivZKJAE7chqON+Bxmdi4RAS58P3/Xmu/5F4cFt6wgs6/ryqVqfYkK2LuTxYtKn88j3TEut9L9h121IGYP0oOGCHBPkpwDBvotQrqEKTgka+Y1vQn1irJ6EygC6pSxnBBU2onKVieTpUf7bQ9KL2r60c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1663061248; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:In-reply-to:Message-ID:MIME-Version:Content-Type:Message-Id:Reply-To; bh=rNvH1dfxwCgwzsXWHxRVEeo8vjfSUVzHy/oimDk83/s=; b=isYsKFKqMGcr5Suo82xasKH7AuOrKsCQ4B7nBjfkQqzhJU/176ZaoOA14FwlN58K UEph5AMr8RrQGPL/Tn6S93fD7r9l9FeZo8JN2iCoeQvmcEeLeJC6wxGsFRtB+EvO2FL dPC8vdEBoNm2Mvx8iFKeKJ1nSahGumkYjzXmfT6Q= Received: from localhost (112-111-142-46.pool.kielnet.net [46.142.111.112]) by mx.zohomail.com with SMTPS id 1663061247345908.7516538179957; Tue, 13 Sep 2022 02:27:27 -0700 (PDT) References: <86v8pwo39x.fsf@gmail.com> <868rmr7e81.fsf@gmail.com> <87h71eypfo.fsf@gnu.org> <871qsgfwbt.fsf@gnu.org> User-agent: mu4e 1.8.7; emacs 28.1 From: Ricardo Wurmus To: Konrad Hinsen Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= , guix-science@gnu.org Subject: Re: Help! I messed up guix-past Date: Tue, 13 Sep 2022 11:23:05 +0200 In-reply-to: X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Message-ID: <871qsfmxoj.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain X-ZohoMailClient: External Received-SPF: pass client-ip=136.143.188.50; envelope-from=rekado@elephly.net; helo=sender4-of-o50.zoho.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-science@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-science-bounces+larch=yhetil.org@gnu.org Sender: "Guix-Science" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1663061280; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=rNvH1dfxwCgwzsXWHxRVEeo8vjfSUVzHy/oimDk83/s=; b=Gc2PGxcD8jgscDeX98ymRtY9nJqg3D3KFe8GBX8PFk4qeALcHPOmJkzk/DygCLuo9Vm9a0 GocjEVOQDEClg97TLOFO8WvAOkxh6WDCchOqdAYx8Rwcy+0xypO7ENwk5isxqIxrjaIMlo nbxsp91sAPKeS1G0jxXi88KZ2i+bYLcek82gxFFUV8m4/goMFznUq6z/82AIyADY/n8bVZ ZJrIvcuaEkyo3ixj7nYCkbbaWLlLJoTxCSW0iD+yLdMXH+Qs1CmHt7qxCrdsGZyUdB5vll mPT8StJxP8KRqqkFepDzgpH3pfxqJ+w5axF45rmIwn2nLJ4+h/G1w44qwsT2Kw== ARC-Seal: i=2; s=key1; d=yhetil.org; t=1663061280; a=rsa-sha256; cv=pass; b=mP5PYXwyDBRfJt6ulSvHHxUUYkF4If4ObcW0dmoSh+8m0yb7VuJeFaIpWSp5ZMlmStaGgM aAIKiTZ6VYjmKAcX0vexBLUEkmYaGGH5q0C504AhWAXQA/2TJIUozA5bzBRd7+KtFrETOa i9UXpGSUi2ADPy/G4mAoIJjGMJPh/iYrI3kt1t584NyIOXUzTVBZA85KNFhhGAm+rAoy3O GU+Brp28j+jxm0j60fTBjCNTNYQAxdjH/FS0Ni0NbgvYUzEH0lUeVMnrHRFSRtqxy8C/Ei M3nZyWbpEpKkMdQTR7cHYJ/bNN02t7NskO7gGGGNDMoF5Qsex9lNdNQlQVzVfA== ARC-Authentication-Results: i=2; aspmx1.migadu.com; dkim=pass header.d=elephly.net header.s=zoho header.b=isYsKFKq; arc=pass ("zohomail.com:s=zohoarc:i=1"); dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-science-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-science-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.31 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=elephly.net header.s=zoho header.b=isYsKFKq; arc=pass ("zohomail.com:s=zohoarc:i=1"); dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-science-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-science-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: C1CC3947A X-Spam-Score: -4.31 X-Migadu-Scanner: scn1.migadu.com X-TUID: pd4kdcBE+oK5 Hi Konrad, >> Such keys cannot be accessed without knowing the passphrase, no matter >> what software you use. > > I agree in theory, but practice disagree. The only other explanation I > can see is that GnuPG has stored my password somewhere in the file > system without me knowing about it. That isn't a reassuring explanation > either. > > Demo: > > $ gpg --list-keys konrad.hinsen@cnrs.fr > pub rsa4096 2018-06-11 [SC] > 076A1D7B1EF77E068D2AC07CEC17F85277D7932C > uid [ultimate] Konrad Hinsen (http://khinsen.net/) > sub rsa4096 2018-06-11 [E] > > The "protection mode" of this key is openpgp-s2k3-sha1-aes-cbc (I looked > it up in the key file, following the documentation you pointed to). > > $ echo 1 2 3 | gpg -r konrad.hinsen@cnrs.fr --encrypt --armor > counting.gpg > $ gpg --decrypt counting.gpg > gpg: WARNING: server 'gpg-agent' is older than us (2.2.19 < 2.2.32) > gpg: Note: Outdated servers may lack important security fixes. > gpg: Note: Use the command "gpgconf --kill all" to restart them. > gpg: encrypted with 4096-bit RSA key, ID 8A9433D79D772795, created 2018-06-11 > "Konrad Hinsen (http://khinsen.net/) " > 1 2 3 This is the gpg-agent unlocking the key. > I haven't typed in the key's password for a few months. The last time I > did was before the update of GnuPG that broke everything for me. I have > rebooted the machine many times since then. Many graphical user environments come with a key manager that unlocks all secrets on login. One example is Seahorse, which is used by Gnome to unlock the Gnome keyring on login. My guess is that GPG is blissfully unaware of your passphrase until Seahorse unlocks the key on login and provides it to gpg agent. So this would really not be about GPG doing something silly or unsafe, but rather about Seahorse and the Gnome keyring doing what they were designed to do: quietly unlocking secrets on login. -- Ricardo