From: Konrad Hinsen <konrad.hinsen@fastmail.net>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-science@gnu.org
Subject: Re: Help! I messed up guix-past
Date: Tue, 13 Sep 2022 10:58:26 +0200 [thread overview]
Message-ID: <m1leqn647h.fsf@fastmail.net> (raw)
In-Reply-To: <871qsgfwbt.fsf@gnu.org>
Hi Ludo,
> Such keys cannot be accessed without knowing the passphrase, no matter
> what software you use.
I agree in theory, but practice disagree. The only other explanation I
can see is that GnuPG has stored my password somewhere in the file
system without me knowing about it. That isn't a reassuring explanation
either.
Demo:
$ gpg --list-keys konrad.hinsen@cnrs.fr
pub rsa4096 2018-06-11 [SC]
076A1D7B1EF77E068D2AC07CEC17F85277D7932C
uid [ultimate] Konrad Hinsen (http://khinsen.net/) <konrad.hinsen@cnrs.fr>
sub rsa4096 2018-06-11 [E]
The "protection mode" of this key is openpgp-s2k3-sha1-aes-cbc (I looked
it up in the key file, following the documentation you pointed to).
$ echo 1 2 3 | gpg -r konrad.hinsen@cnrs.fr --encrypt --armor > counting.gpg
$ gpg --decrypt counting.gpg
gpg: WARNING: server 'gpg-agent' is older than us (2.2.19 < 2.2.32)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
gpg: encrypted with 4096-bit RSA key, ID 8A9433D79D772795, created 2018-06-11
"Konrad Hinsen (http://khinsen.net/) <konrad.hinsen@cnrs.fr>"
1 2 3
I haven't typed in the key's password for a few months. The last time I
did was before the update of GnuPG that broke everything for me. I have
rebooted the machine many times since then.
The same operation on a Debian server with no pinentry available (but
the same keyring) yields:
$ gpg --decrypt counting.gpg
gpg: encrypted with 4096-bit RSA key, ID 8A9433D79D772795, created 2018-06-11
"Konrad Hinsen (http://khinsen.net/) <konrad.hinsen@cnrs.fr>"
gpg: public key decryption failed: No pinentry
gpg: decryption failed: No secret key
which is what I would expect. And with a properly configured pinentry
program, it asks for the password.
Cheers,
Konrad
next prev parent reply other threads:[~2022-09-13 9:46 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-09 15:16 Help! I messed up guix-past Konrad Hinsen
2022-09-09 15:36 ` Ricardo Wurmus
2022-09-09 15:46 ` zimoun
2022-09-09 16:10 ` Konrad Hinsen
2022-09-09 17:39 ` zimoun
2022-09-10 7:39 ` Konrad Hinsen
2022-09-10 9:47 ` zimoun
2022-09-10 16:20 ` Konrad Hinsen
2022-09-11 14:07 ` Ludovic Courtès
2022-09-11 15:19 ` Efraim Flashner
2022-09-12 6:16 ` Konrad Hinsen
2022-09-12 15:26 ` Ludovic Courtès
2022-09-13 8:58 ` Konrad Hinsen [this message]
2022-09-13 9:23 ` Ricardo Wurmus
2022-09-14 9:31 ` Konrad Hinsen
2022-09-10 10:27 ` Ludovic Courtès
2022-09-10 10:40 ` zimoun
2022-09-10 14:39 ` Ricardo Wurmus
2022-09-12 16:00 ` zimoun
2022-09-09 16:16 ` Julien Lepiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1leqn647h.fsf@fastmail.net \
--to=konrad.hinsen@fastmail.net \
--cc=guix-science@gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).