Re: gpgme fails encrypting on 64bit debian
Thanks a lot Werner!
This was really helpful, not only for the (stupid) error I had but also on
how I can debug further problems on my own!
Cheers,
Simone
On Thu, Apr 18, 2013 at 4:40 PM, Werner Koch w...@gnupg.org wrote:
On Thu, 18 Apr 2013 09:33, simone.pagangr...@gmail.com said:
from the debug info is that the encryption is successful but then there's
an error right after(?). Thanks for your help, it's really appreciated!
Here is the interesing part (I removed the hex parts):
_gpgme_io_read (fd=0x4): enter: buffer=0xea2980, count=1024
_gpgme_io_read (fd=0x4): check: [...] [GNUPG:] INV_REC
_gpgme_io_read (fd=0x4): check: [...] P 10 CD6029E7DD3
_gpgme_io_read (fd=0x4): check: [...] 4991240FCFEE7D94
_gpgme_io_read (fd=0x4): check: [...] 1FEB9C37DBF71.
_gpgme_io_read (fd=0x4): leave: result=62
Or as one line:
[GNUPG:] INV_RECP 10 CD6029E7DD34991240FCFEE7D941FEB9C37DBF71
Now if you look into GnuPG's doc/DETAILS:
*** INV_RECP, INV_SGNR
The two similar status codes:
- INV_RECP reason requested_recipient
- INV_SGNR reason requested_sender
are issued for each unusable recipient/sender. The reasons codes
currently in use are:
- 0 :: No specific reason given
- 1 :: Not Found
- 2 :: Ambigious specification
- 3 :: Wrong key usage
- 4 :: Key revoked
- 5 :: Key expired
- 6 :: No CRL known
- 7 :: CRL too old
- 8 :: Policy mismatch
- 9 :: Not a secret key
- 10 :: Key not trusted
- 11 :: Missing certificate
- 12 :: Missing issuer certificate
Thus the key CD6029E7DD34991240FCFEE7D941FEB9C37DBF71 is not trusted.
You may either sign it locally using gpg, or use the encryption flags
GPGME_ENCRYPT_ALWAYS_TRUST:
flags = (GPGME_ENCRYPT_NO_ENCRYPT_TO
| GPGME_ENCRYPT_ALWAYS_TRUST);
err = gpgme_op_encrypt(ceofcontext, key, flags, source, dest);
To avoid checking the debnug log each time, you may want to add code
like:
err = gpgme_op_encrypt (ctx, key, GPGME_ENCRYPT_ALWAYS_TRUST, in, out);
fail_if_err (err);
result = gpgme_op_encrypt_result (ctx);
if (result-invalid_recipients)
{
fprintf (stderr, Invalid recipient encountered: %s\n,
result-invalid_recipients-fpr);
exit (1);
}
You may use gpgme_op_encrypt_result even if an error is return,ed but in
this case you first need to check that the returned value is not NULL.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgme fails encrypting on 64bit debian
Dear Werner, thanks for your answer and help (and sorry my late reply!). I've changed the test program according to your suggestions. In particular, to answer your question, the gpgme-config --libs --cflags gives me: -lgpgme -L/usr/lib/x86_64-linux-gnu -lgpg-error I've also left the default engine info and got the same error. Then I turned on the debug as you suggested. I attach the output I've got. I went through it trying to get any clue on the what is causing the error but got a bit lost: the impression I have from the debug info is that the encryption is successful but then there's an error right after(?). Thanks for your help, it's really appreciated! Cheers, Simone On Wed, Apr 10, 2013 at 9:32 PM, Werner Koch w...@gnupg.org wrote: On Wed, 10 Apr 2013 10:54, simone.pagangr...@gmail.com said: gcc -m64 -D_FILE_OFFSET_BITS=64 -g test2.c -lgpgme -L/usr/lib/x86_64-linux-gnu -lgpg-error -o test2 Why do you want to tweak gcc options if you are anyway on a 64 bit system? Also they seem to be harmelss, hast gpgme been build with the same options? What does gpgme-config --cflags --libs tell you? // test program #include stdio.h /* printf*/ #include unistd.h /* write */ #include errno.h /* errno */ #include locale.h /* locale support*/ #include string.h /* string support*/ #include stdlib.h /* memory management */ gpgme.h ist missing but below you are using constants defined by gpgme.h. char *pDest = malloc(65536); (please always check for malloc error!) p = (char *) gpgme_check_version(NULL); printf(version=%s\n,p); Don't cast without a good reason. p = (char *) gpgme_get_protocol_name(GPGME_PROTOCOL_OpenPGP); printf(Protocol name: %s\n,p); Ditto. err = gpgme_ctx_set_engine_info (ceofcontext, GPGME_PROTOCOL_OpenPGP, enginfo-file_name,enginfo-home_dir); if(err != GPG_ERR_NO_ERROR) return 5; Try first without setting a non default engine info. To debug your problem, I suggest to run the program like this: GPGME_DEBUG=9:/tmp/gpgme.log: and check the log file. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. gpgme.log Description: Binary data ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgme fails encrypting on 64bit debian
On Thu, 18 Apr 2013 09:33, simone.pagangr...@gmail.com said:
from the debug info is that the encryption is successful but then there's
an error right after(?). Thanks for your help, it's really appreciated!
Here is the interesing part (I removed the hex parts):
_gpgme_io_read (fd=0x4): enter: buffer=0xea2980, count=1024
_gpgme_io_read (fd=0x4): check: [...] [GNUPG:] INV_REC
_gpgme_io_read (fd=0x4): check: [...] P 10 CD6029E7DD3
_gpgme_io_read (fd=0x4): check: [...] 4991240FCFEE7D94
_gpgme_io_read (fd=0x4): check: [...] 1FEB9C37DBF71.
_gpgme_io_read (fd=0x4): leave: result=62
Or as one line:
[GNUPG:] INV_RECP 10 CD6029E7DD34991240FCFEE7D941FEB9C37DBF71
Now if you look into GnuPG's doc/DETAILS:
*** INV_RECP, INV_SGNR
The two similar status codes:
- INV_RECP reason requested_recipient
- INV_SGNR reason requested_sender
are issued for each unusable recipient/sender. The reasons codes
currently in use are:
- 0 :: No specific reason given
- 1 :: Not Found
- 2 :: Ambigious specification
- 3 :: Wrong key usage
- 4 :: Key revoked
- 5 :: Key expired
- 6 :: No CRL known
- 7 :: CRL too old
- 8 :: Policy mismatch
- 9 :: Not a secret key
- 10 :: Key not trusted
- 11 :: Missing certificate
- 12 :: Missing issuer certificate
Thus the key CD6029E7DD34991240FCFEE7D941FEB9C37DBF71 is not trusted.
You may either sign it locally using gpg, or use the encryption flags
GPGME_ENCRYPT_ALWAYS_TRUST:
flags = (GPGME_ENCRYPT_NO_ENCRYPT_TO
| GPGME_ENCRYPT_ALWAYS_TRUST);
err = gpgme_op_encrypt(ceofcontext, key, flags, source, dest);
To avoid checking the debnug log each time, you may want to add code
like:
err = gpgme_op_encrypt (ctx, key, GPGME_ENCRYPT_ALWAYS_TRUST, in, out);
fail_if_err (err);
result = gpgme_op_encrypt_result (ctx);
if (result-invalid_recipients)
{
fprintf (stderr, Invalid recipient encountered: %s\n,
result-invalid_recipients-fpr);
exit (1);
}
You may use gpgme_op_encrypt_result even if an error is return,ed but in
this case you first need to check that the returned value is not NULL.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpgme fails encrypting on 64bit debian
Hi,
I'm facing a problem which is giving me a bit of troubles to trace with
gpgme. I've reproduced it with a simple test program (starting from another
simple example I found) which I paste below. This works on a 32-bit
debian-based system but fails on 64-bit one. In particular in the 64-bit
case I can successfully read and decrypt (not shown in the example) but I
get a rather cryptic error in the encryption:
$ ./test2 C37DBF71 Ciao!
version=1.2.0
Protocol name: OpenPGP
file=/usr/bin/gpg, home=(null)
Error in encrypting data. Error 1: General error (Unspecified source)
The version of libgpgme is shown above as well. GnuPG version 1.4.11
This is the output of uname, just to show you I'm running on 64 bit system:
$ uname -a
Linux spagan-laptop 3.2.0-39-generic #62-Ubuntu SMP Thu Feb 28 00:28:53 UTC
2013 x86_64 x86_64 x86_64 GNU/Linux
Yes, the first thing I've done was to extensively trying to make sure I was
defining _FILE_OFFSET_BITS=64; also I checked that off_t has effectively
size of 8. This is how I compile it:
gcc -m64 -D_FILE_OFFSET_BITS=64 -g test2.c -lgpgme
-L/usr/lib/x86_64-linux-gnu -lgpg-error -o test2
and finally below there's the test program I used.
Thanks a lot for any help you could give me! I haven't found anything much
useful around yet to help me debug this.. (including a rough search in this
mailing list archives).
Please let me know if you need additional info!
Cheers,
Simone
// test program
#include stdio.h /* printf*/
#include unistd.h /* write */
#include errno.h /* errno */
#include locale.h /* locale support*/
#include string.h /* string support*/
#include stdlib.h /* memory management */
#define SIZE 1024
int main(int argc, char **argv)
{
if (argc 2) {
printf(ERROR. Usage: %s key message\n, argv[0]);
return -1;
}
char *m_key = argv[1];
char *pSource = argv[2];
char *pDest = malloc(65536);
char *p;
char buf[SIZE];
size_t read_bytes;
int tmp;
gpgme_ctx_t ceofcontext;
gpgme_error_t err;
gpgme_data_t data;
gpgme_engine_info_t enginfo;
/* The function `gpgme_check_version' must be called before any other
* function in the library, because it initializes the thread support
* subsystem in GPGME. (from the info page) */
setlocale (LC_ALL, );
p = (char *) gpgme_check_version(NULL);
printf(version=%s\n,p);
/* set locale, because tests do also */
gpgme_set_locale(NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));
/* check for OpenPGP support */
err = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
if(err != GPG_ERR_NO_ERROR) return 1;
p = (char *) gpgme_get_protocol_name(GPGME_PROTOCOL_OpenPGP);
printf(Protocol name: %s\n,p);
/* get engine information */
err = gpgme_get_engine_info(enginfo);
if(err != GPG_ERR_NO_ERROR) return 2;
printf(file=%s, home=%s\n,enginfo-file_name,enginfo-home_dir);
/* create our own context */
err = gpgme_new(ceofcontext);
if(err != GPG_ERR_NO_ERROR) return 3;
/* set protocol to use in our context */
err = gpgme_set_protocol(ceofcontext,GPGME_PROTOCOL_OpenPGP);
if(err != GPG_ERR_NO_ERROR) return 4;
/* set engine info in our context; I changed it for ceof like this:
err = gpgme_ctx_set_engine_info (ceofcontext, GPGME_PROTOCOL_OpenPGP,
/usr/bin/gpg,/home/user/nico/.ceof/gpg/);
but I'll use standard values for this example: */
err = gpgme_ctx_set_engine_info (ceofcontext, GPGME_PROTOCOL_OpenPGP,
enginfo-file_name,enginfo-home_dir);
if(err != GPG_ERR_NO_ERROR) return 5;
/* do ascii armor data, so output is readable in console */
gpgme_set_armor(ceofcontext, 1);
gpgme_data_t source;
gpgme_data_t dest;
//get key to encrypt, get the first key
gpgme_key_t key[2];
err = gpgme_op_keylist_start(ceofcontext, m_key, 0);
err = gpgme_op_keylist_next (ceofcontext, key);
if (err) {
printf(Key not found in current key-ring: %s\n, m_key);
return 1;
}
key[1] = 0; //set to NULL the second entry
//point to source buffer
err = gpgme_data_new_from_mem(source, pSource, strlen(pSource), 0);
if (err != GPG_ERR_NO_ERROR) {
printf(Error in reading data to encrypt. Error %d: %s (%s)\n,
gpgme_err_code(err), gpgme_strerror(err), gpgme_strsource(err));
return 2;
}
//create dest buffer
err = gpgme_data_new(dest);
if (err != GPG_ERR_NO_ERROR) {
printf(Error in creating output data buffer to encrypt. Error %d: %s
(%s)\n,
gpgme_err_code(err), gpgme_strerror(err), gpgme_strsource(err));
return 3;
}
//encrypt text
gpgme_encrypt_flags_t flags;
flags = GPGME_ENCRYPT_NO_ENCRYPT_TO; //only specified recipient, no
defaults please
err = gpgme_op_encrypt(ceofcontext, key, flags, source, dest);
if (err != GPG_ERR_NO_ERROR) {
printf(Error in encrypting data. Error %d: %s (%s)\n,
gpgme_err_code(err), gpgme_strerror(err), gpgme_strsource(err));
return 4;
}
//retrieve result
Re: gpgme fails encrypting on 64bit debian
On Wed, 10 Apr 2013 10:54, simone.pagangr...@gmail.com said: gcc -m64 -D_FILE_OFFSET_BITS=64 -g test2.c -lgpgme -L/usr/lib/x86_64-linux-gnu -lgpg-error -o test2 Why do you want to tweak gcc options if you are anyway on a 64 bit system? Also they seem to be harmelss, hast gpgme been build with the same options? What does gpgme-config --cflags --libs tell you? // test program #include stdio.h /* printf*/ #include unistd.h /* write */ #include errno.h /* errno */ #include locale.h /* locale support*/ #include string.h /* string support*/ #include stdlib.h /* memory management */ gpgme.h ist missing but below you are using constants defined by gpgme.h. char *pDest = malloc(65536); (please always check for malloc error!) p = (char *) gpgme_check_version(NULL); printf(version=%s\n,p); Don't cast without a good reason. p = (char *) gpgme_get_protocol_name(GPGME_PROTOCOL_OpenPGP); printf(Protocol name: %s\n,p); Ditto. err = gpgme_ctx_set_engine_info (ceofcontext, GPGME_PROTOCOL_OpenPGP, enginfo-file_name,enginfo-home_dir); if(err != GPG_ERR_NO_ERROR) return 5; Try first without setting a non default engine info. To debug your problem, I suggest to run the program like this: GPGME_DEBUG=9:/tmp/gpgme.log: and check the log file. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
