unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* gnupg 2.2.29 -> 2.2.30 breaks symmetric decryption (and gpg-agent?)
@ 2021-12-26 13:31 Sergiu Ivanov
  2021-12-26 22:45 ` Leo Famulari
  0 siblings, 1 reply; 3+ messages in thread
From: Sergiu Ivanov @ 2021-12-26 13:31 UTC (permalink / raw)
  To: help-guix

Hi,

I have just upgraded my Guix home on a Guix System, which took gnupg
from 2.2.29 to 2.2.30.  When I run gpg -v --decrypt on a file with
symmetric encryption, I get the following error:

scolobb@quark ~/tmp$ gpg -v --decrypt world.gpg 
gpg: AES.CFB encrypted data
gpg: no running gpg-agent - starting '/gnu/store/0snfzd41n430ddpq316j9v2z5fn2y62m-gnupg-2.2.30/bin/gpg-agent'
gpg: waiting for the agent to come up ... (5s)
gpg: connection to agent established
gpg: pinentry launched (3287 gtk2 1.1.1 /dev/pts/0 eterm-color :0 20620/1000/996 1000/998 1)
gpg: problem with the agent: End of file
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key

After this procedure, gpg-agent is not running, for example:

scolobb@quark ~/tmp$ gpg-agent
gpg-agent[3513]: no gpg-agent running in this session

If I remove world.gpg, re-encrypt world, and rerun the above decryption
command, it works.  However, if I try decrypting another file, or if
I reboot and try decrypting the same world.gpg, I get back to the same
error.  gpg-agent is never running after I issue the decryption
commands, even if I explicitly start it before.

Does anyone experience similar issues?

I did look around the internet quite a bit, but people getting similar
error messages have different symptoms.

My current workaround is to boot into my latest configuration (system
and home), rollback home to the previous configuration, decrypt the
files I need in temporary Emacs buffers, then switch home to the
latest configuration.

For the record, here are the outputs of gpg --version in my latest and
previous home generations:

# Current generation
gpg (GnuPG) 2.2.30
libgcrypt 1.8.8
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/scolobb/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


# Previous generation
gpg (GnuPG) 2.2.29
libgcrypt 1.8.5
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/scolobb/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

-
Happy holidays :-)
Sergiu


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: gnupg 2.2.29 -> 2.2.30 breaks symmetric decryption (and gpg-agent?)
  2021-12-26 13:31 gnupg 2.2.29 -> 2.2.30 breaks symmetric decryption (and gpg-agent?) Sergiu Ivanov
@ 2021-12-26 22:45 ` Leo Famulari
  2021-12-27 11:36   ` Sergiu Ivanov
  0 siblings, 1 reply; 3+ messages in thread
From: Leo Famulari @ 2021-12-26 22:45 UTC (permalink / raw)
  To: Sergiu Ivanov; +Cc: help-guix

On Sun, Dec 26, 2021 at 02:31:01PM +0100, Sergiu Ivanov wrote:
> Hi,
> 
> I have just upgraded my Guix home on a Guix System, which took gnupg
> from 2.2.29 to 2.2.30.  When I run gpg -v --decrypt on a file with
> symmetric encryption, I get the following error:
> 
> scolobb@quark ~/tmp$ gpg -v --decrypt world.gpg 
> gpg: AES.CFB encrypted data
> gpg: no running gpg-agent - starting '/gnu/store/0snfzd41n430ddpq316j9v2z5fn2y62m-gnupg-2.2.30/bin/gpg-agent'
> gpg: waiting for the agent to come up ... (5s)
> gpg: connection to agent established
> gpg: pinentry launched (3287 gtk2 1.1.1 /dev/pts/0 eterm-color :0 20620/1000/996 1000/998 1)
> gpg: problem with the agent: End of file
> gpg: encrypted with 1 passphrase
> gpg: decryption failed: No secret key

[...]

> Does anyone experience similar issues?

Yes, you're describing bug #52483, "GnuPG 2.2.30 cannot do symmetric
encryption":

https://issues.guix.gnu.org/52483

I just pushed commit d03aa942def0037cb32ff1d0cc2ac5d13f1a63df, which
allows you to upgrade your gnupg package to 2.2.32, which fixes this
bug.

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d03aa942def0037cb32ff1d0cc2ac5d13f1a63df


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: gnupg 2.2.29 -> 2.2.30 breaks symmetric decryption (and gpg-agent?)
  2021-12-26 22:45 ` Leo Famulari
@ 2021-12-27 11:36   ` Sergiu Ivanov
  0 siblings, 0 replies; 3+ messages in thread
From: Sergiu Ivanov @ 2021-12-27 11:36 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix

Leo Famulari <leo@famulari.name> [2021-12-26T23:45:23+0100]:
> On Sun, Dec 26, 2021 at 02:31:01PM +0100, Sergiu Ivanov wrote:
>> Hi,
>> 
>> I have just upgraded my Guix home on a Guix System, which took gnupg
>> from 2.2.29 to 2.2.30.  When I run gpg -v --decrypt on a file with
>> symmetric encryption, I get the following error:
>> 
>> scolobb@quark ~/tmp$ gpg -v --decrypt world.gpg 
>> gpg: AES.CFB encrypted data
>> gpg: no running gpg-agent - starting '/gnu/store/0snfzd41n430ddpq316j9v2z5fn2y62m-gnupg-2.2.30/bin/gpg-agent'
>> gpg: waiting for the agent to come up ... (5s)
>> gpg: connection to agent established
>> gpg: pinentry launched (3287 gtk2 1.1.1 /dev/pts/0 eterm-color :0 20620/1000/996 1000/998 1)
>> gpg: problem with the agent: End of file
>> gpg: encrypted with 1 passphrase
>> gpg: decryption failed: No secret key
>
> [...]
>
>> Does anyone experience similar issues?
>
> Yes, you're describing bug #52483, "GnuPG 2.2.30 cannot do symmetric
> encryption":
>
> https://issues.guix.gnu.org/52483

Oh!  Thanks for the reference, I'll subscribe to bug-guix so that I'm up
to date with bug reports.

> I just pushed commit d03aa942def0037cb32ff1d0cc2ac5d13f1a63df, which
> allows you to upgrade your gnupg package to 2.2.32, which fixes this
> bug.
>
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d03aa942def0037cb32ff1d0cc2ac5d13f1a63df

I confirm that symmetric decryption works in guix shell gnupg after
a guix pull.

Thanks a lot for the quick answer!

-
Sergiu


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-12-27 12:56 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-26 13:31 gnupg 2.2.29 -> 2.2.30 breaks symmetric decryption (and gpg-agent?) Sergiu Ivanov
2021-12-26 22:45 ` Leo Famulari
2021-12-27 11:36   ` Sergiu Ivanov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).