Passphrase problem in gpgsm 2.0.14
Hi! While preparing a new release of Gpg4win we found a regression in GnuPG 2.0.14. The problem is due to this change: * New and changed passphrases are now created with an iteration count requiring about 100ms of CPU work. I don't know how it slipped through my tests, but somehow it happend. The bug occurs in all cases where gpg-agent creates a new protected key or changes the protection. For example: - You import a new private key with GPGSM from a PKCSC#12 file. - You change the passphrase of a X.509 key (gpgsm --passwd) - You create or import a new on-disk Secure Shell key. It does not affect keys or passphrases related to GPG (OpenPGP keys). The bug is that the new iteration count is not encoded in the file. Instead the old constant value of 65536 (encoded as 96) is written to the file. If you now try to use the key and enter the passphrase, gpg-agent uses the wrong iteration count from the file (65536) and thus can't unprotect the key. A patch against 2.0.14 is attached. It is possible to fixup the wrong iteration counts but before I add such a feature, I would like to know whether this is really needed. - If you imported a p12 file you may simply re-import that file after deleting the old file. To find the respective file with the private key, you use this command gpgsm --dump-cert KEYID | grep keygrip: The hex-string you see is the basename of private key. For example: $ gpgsm --dump-cert 0x036A1456 | grep keygrip: keygrip: 25268070E915E1E3DCCBD9EBEF18BCEF9B0AB289 $ ls -l private-keys-v1.d/25268070E915E1E3DCCBD9EBEF18BCEF9B0AB289.key You better delete this file before importing the p12 file again: $ rm private-keys-v1.d/25268070E915E1E3DCCBD9EBEF18BCEF9B0AB289.key - If you changed the passphrase and you have a backup of the private key, it will be easier to use the backup. - If you did not changed the passphrase, you don't have any problem. - If there is no other way to restore it, please complain and I will write a tool to fixup the mess. I am sorry for the possible trouble. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. #! /bin/sh patch -p0 -f $* $0 exit $? agent/ 2010-01-26 Werner Koch w...@g10code.com * protect.c (do_encryption): Encode the s2kcount and do not use a static value of 96. --- agent/protect.c (revision 5231) +++ agent/protect.c (working copy) @@ -360,19 +360,25 @@ in canoncical format of course. We use asprintf and %n modifier and dummy values as placeholders. */ - p = xtryasprintf -((9:protected%d:%s((4:sha18:%n_8bytes_2:96)%d:%n%*s)%d:%n%*s), - (int)strlen (modestr), modestr, - saltpos, - blklen, ivpos, blklen, , - enclen, encpos, enclen, ); - if (!p) -{ - gpg_error_t tmperr = out_of_core (); - xfree (iv); - xfree (outbuf); - return tmperr; -} + { +char countbuf[35]; + +snprintf (countbuf, sizeof countbuf, %lu, get_standard_s2k_count ()); +p = xtryasprintf + ((9:protected%d:%s((4:sha18:%n_8bytes_%u:%s)%d:%n%*s)%d:%n%*s), + (int)strlen (modestr), modestr, + saltpos, + (unsigned int)strlen (countbuf), countbuf, + blklen, ivpos, blklen, , + enclen, encpos, enclen, ); +if (!p) + { +gpg_error_t tmperr = out_of_core (); +xfree (iv); +xfree (outbuf); +return tmperr; + } + } *resultlen = strlen (p); *result = (unsigned char*)p; memcpy (p+saltpos, iv+2*blklen, 8); pgpgkzVtzfpxh.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
OpenPGP SmartCard v2.0 w/OmniKey 6121
Hi, I've been researching the archives for the past week after receiving my OpenPGP v2.0 smartcard from Kernelconcepts. Problem seems to revolve around signing, but between by two systems OpenSUSE 11.2 (gnupg 2.0.13) and Mac OS X 10.5.8 (MacGPG/gnupg 2.0.14) I have slightly different results. First I was only able to create the 3 2048-bit keys on the linux laptop but would fail to create a 3072/2048/2048 set on the same system. On the Mac I couldn't create anything (tried all 1024 and 2048 keys). With the card now having 2048 keys I could successfully change all my card options (did this before key generation). On the linux system I could encrypt/decrypt but can not perform any signing/verify operation. On the Mac I can encrypt, but neither decrypt/sign/verify. Errors vary from general signing error to secret key not found (when trying to decrypt. I was unclear how to actually setup my new keys on the Mac so I performed an export and export/export-secret-keys over to the Mac from the linux system. Please let me know what types of debugs I can provide back for review or any other test information one would like performed or provided. Output of '--card-status' below. Thanks in advance. $ gpg --card-status Application ID ...: D2760001240102050374 Version ..: 2.0 Manufacturer .: ZeitControl Serial number : 0374 Name of cardholder: John Ruff Language prefs ...: en Sex ..: male URL of public key : [not set] Login data ...: techniq Signature PIN : forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 18 Signature key : 6530 8DA8 805C 707F 3611 9851 D057 FC41 052A 4FAD created : 2010-01-24 02:10:16 Encryption key: 0A2B BBEE 4B0D C392 A4E6 3673 ECCF B9FB 1488 8977 created : 2010-01-24 02:10:16 Authentication key: 735C 977A DFBA 72B2 CDF0 D5D9 F9E8 742E FC34 E962 created : 2010-01-24 02:10:16 General key info..: pub 2048R/052A4FAD 2010-01-24 John C. Ruff (Techniq) jcruff[at]gmail.com sec 2048R/052A4FAD created: 2010-01-24 expires: never card-no: 0005 0374 ssb 2048R/FC34E962 created: 2010-01-24 expires: never card-no: 0005 0374 ssb 2048R/14888977 created: 2010-01-24 expires: never card-no: 0005 0374 -- Chris Ruff jcruff[at]gmail.com No one can see past a choice they don't understand. --Oracle ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: Problem encrypting to a hushmail gpg key
Sean Rima sean () srima wrote on Date: 2010-01-17 17:23:31 : A friend on the pgpnet mailing list is using a hushmail.com gpg key but when I import it, I get gpg: key C4E23A82: public key -...@hushmail.com jefal...@hushmail.com imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) ... :public sub key packet: version 4, algo 2, created 1262830846, expires 0 unknown algorithm 2 - the above listed public subkey packet is the encryption key i imported it directly from hushmail (https://www.hushtools.com/hushtools2/index.php click on 'key management' then enter the hushmail email address and retrieve the key ) and encrypted to it without any problem. caveat: it is not a great idea to use hushmail keys for open pgp encryption or authentication (1) the keys are not updated, and can't be for the same email address, so, for example, i've been with hushmail since it started, and my key is a 1024 bit key and signs with SHA-1 (to be fair, i imagine that whenever this becomes a 'real' threat, hushmail will allow for modifications/new keys) (2) the hushmail user probably will not be able to decrypt a gnupg encrypted message in hushmail if the encryption algorithm chosen isn't currently being used by hushmail, which, depending on how old the key is, may not be the encryption algorithm listed on the key, and if the hushmail user uses gnupg (preferable ;-) ), then he/she would be better off generating a new key in gnupg, and just leave the hushmail key for hushmail users (i use my hushmail key only for hushmail/hushtools) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users