unofficial mirror of guix-science@gnu.org 
 help / color / mirror / Atom feed
From: Konrad Hinsen <konrad.hinsen@fastmail.net>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-science@gnu.org
Subject: Re: Help! I messed up guix-past
Date: Tue, 13 Sep 2022 10:58:26 +0200	[thread overview]
Message-ID: <m1leqn647h.fsf@fastmail.net> (raw)
In-Reply-To: <871qsgfwbt.fsf@gnu.org>

Hi Ludo,

> Such keys cannot be accessed without knowing the passphrase, no matter
> what software you use.

I agree in theory, but practice disagree. The only other explanation I
can see is that GnuPG has stored my password somewhere in the file
system without me knowing about it. That isn't a reassuring explanation
either.

Demo:

  $ gpg --list-keys konrad.hinsen@cnrs.fr
  pub   rsa4096 2018-06-11 [SC]
        076A1D7B1EF77E068D2AC07CEC17F85277D7932C
  uid           [ultimate] Konrad Hinsen (http://khinsen.net/) <konrad.hinsen@cnrs.fr>
  sub   rsa4096 2018-06-11 [E]

The "protection mode" of this key is openpgp-s2k3-sha1-aes-cbc (I looked
it up in the key file, following the documentation you pointed to).

  $ echo 1 2 3 | gpg -r konrad.hinsen@cnrs.fr --encrypt --armor > counting.gpg
  $ gpg --decrypt counting.gpg 
  gpg: WARNING: server 'gpg-agent' is older than us (2.2.19 < 2.2.32)
  gpg: Note: Outdated servers may lack important security fixes.
  gpg: Note: Use the command "gpgconf --kill all" to restart them.
  gpg: encrypted with 4096-bit RSA key, ID 8A9433D79D772795, created 2018-06-11
        "Konrad Hinsen (http://khinsen.net/) <konrad.hinsen@cnrs.fr>"
  1 2 3

I haven't typed in the key's password for a few months. The last time I
did was before the update of GnuPG that broke everything for me. I have
rebooted the machine many times since then.

The same operation on a Debian server with no pinentry available (but
the same keyring) yields:

  $ gpg --decrypt counting.gpg 
  gpg: encrypted with 4096-bit RSA key, ID 8A9433D79D772795, created 2018-06-11
        "Konrad Hinsen (http://khinsen.net/) <konrad.hinsen@cnrs.fr>"
  gpg: public key decryption failed: No pinentry
  gpg: decryption failed: No secret key

which is what I would expect. And with a properly configured pinentry
program, it asks for the password.

Cheers,
  Konrad


  reply	other threads:[~2022-09-13  9:46 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-09 15:16 Help! I messed up guix-past Konrad Hinsen
2022-09-09 15:36 ` Ricardo Wurmus
2022-09-09 15:46 ` zimoun
2022-09-09 16:10   ` Konrad Hinsen
2022-09-09 17:39     ` zimoun
2022-09-10  7:39       ` Konrad Hinsen
2022-09-10  9:47         ` zimoun
2022-09-10 16:20           ` Konrad Hinsen
2022-09-11 14:07             ` Ludovic Courtès
2022-09-11 15:19               ` Efraim Flashner
2022-09-12  6:16               ` Konrad Hinsen
2022-09-12 15:26                 ` Ludovic Courtès
2022-09-13  8:58                   ` Konrad Hinsen [this message]
2022-09-13  9:23                     ` Ricardo Wurmus
2022-09-14  9:31                       ` Konrad Hinsen
2022-09-10 10:27         ` Ludovic Courtès
2022-09-10 10:40           ` zimoun
2022-09-10 14:39             ` Ricardo Wurmus
2022-09-12 16:00               ` zimoun
2022-09-09 16:16 ` Julien Lepiller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m1leqn647h.fsf@fastmail.net \
    --to=konrad.hinsen@fastmail.net \
    --cc=guix-science@gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).