Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Andrey Utkin]

Just for note.
This can be worked around the following way (works in both 1.4 and 2.1,
didn't test in 2.0).
1. Export key, giving any non-empty passphrase.
2. Import key on new location supposed for automated key usage.
3. `gpg --edit-key `, there type "passwd", enter old passphrase,
enter empty line twice, strike Ctrl+D, confirm changes saving. This
works identically in both 1.4 and 2.1.

If importing location has no capability of passphrase changing
(--edit-key) - e.g. Android Open Keychain - import it to 1.4 keychain,
then export it, it will let you export it without passphrase (won't even
ask for it).

Thank you Peter for pointing out that this is solvable without fixing
the issue in code, but your suggested solution wasn't enough, so I had
to go a few steps further :)

I'd like to state this explicitly (due to rational point made by Peter)
that the link to my private GnuPG git fork with a patch is not supposed
a working solution - it is an experimental work in progress which is not
assured for being interoperable. It is a fruit of uneducated reckless
tinkering with original code.

-- 
OpenPGP usage is appreciated (it also helps your letter to bypass spam
filters). To email me with encryption easily, go
https://encrypt.to/0xC6FCDB11



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Peter Lebbing]

On 03/12/15 05:25, Andrey Utkin wrote:
> Is the approach of using "s2kmode = 0" and "protection sha1" together
> correct? Shouldn't "protection none" be used?

Why is all this hackery necessary? Why don't you just install GnuPG 1.4
next to your 2.1, instead of compiling a special hacked 2.1?

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Andrey Utkin]

Thank you for your hints Peter.

The following tiny changes allow exporting and importing to succeed

https://github.com/andrey-utkin/gnupg/commit/a3b539b6ef7c922b1f1f3f343fdc942086d96c4e

Is the approach of using "s2kmode = 0" and "protection sha1" together
correct? Shouldn't "protection none" be used?

-- 
OpenPGP usage is appreciated (it also helps your letter to bypass spam
filters). To email me with encryption easily, go
https://encrypt.to/0xC6FCDB11



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Peter Lebbing]

On 30/11/15 23:54, Andrey Utkin wrote:
> Could you please direct me to exact S2K-stuff modes for exporting it 
> which would be compliant with earlier GnuPG branches 1.4 and 2.0?
> [...]
> But for unattended processing cases, I'd like a mode that makes utils
> skip all passphrase entry prompts. I guess the no-encryption case
> ("trivially cracked by anyone") is needed here. Which of the
> mentioned modes was used in 1.4 and 2.0 for exporting without
> passphrase?

"Trivially cracked" implies that there is something to crack. That would
be the silly case with the empty string as the password. Instead, the
first octet in the secret part of the secret key packet indicates
whether to use an S2K or not:

>From [1]:
>  - One octet indicating string-to-key usage conventions.  Zero
>indicates that the secret-key data is not encrypted.  255 or 254
>indicates that a string-to-key specifier is being given.  Any
>other value is a symmetric-key encryption algorithm identifier.

The "any other" stuff is ancient legacy stuff, and MUST NOT be produced
by a conforming implementation. This byte is zero when there is no
encryption, and the following bytes are just the plaintext version of
the secret parts:

>  - Plain or encrypted multiprecision integers comprising the secret
>key data.  These algorithm-specific fields are as described
>below.

In this case, read it as "plain multiprecision integers ...".

HTH,

Peter.

[1] http://tools.ietf.org/html/rfc4880#section-5.5.3

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Andrey Utkin]

On 30.11.2015 21:53, Peter Lebbing wrote:
> On 30/11/15 20:10, Andrey Utkin wrote:
>> Is it impossible straight from RFC 4880 in any defined mode, or is
>> it just a wrong behaviour in GnuPG/Libgcrypt?
> 
> It is a specific bug of GnuPG 2.1, and Werner's comment on the bug entry
> mentioned here makes me believe he intends to fix it eventually.
> 
> GnuPG 1.4 and 2.0 can export keys without passphrases, and this is fully
> defined in RFC 4880.

Thanks for clarification. I'd be glad to help Werner to fix it if he has
no time.
Could you please direct me to exact S2K-stuff modes for exporting it
which would be compliant with earlier GnuPG branches 1.4 and 2.0? Then I
would have a chance to accomplish the fix in finite time.

>> Empty passphrases are banned in several places in this software:
> 
> Yes; that's because there is a difference between not encrypting stuff
> and encrypting it with an empty passphrase :). The latter is just silly.
> The only purpose of doing that is to be able to tell your client that
> you "encrypted it" without technically lying. And I'm not making stuff
> up. This actually happens (I'm looking at you, DropBox!).
> 
> When a private key is stored without a passphrase, it is stored without
> encryption. The actual packet looks different: it clearly indicates that
> what follows is plaintext. If you were to encrypt it with an empty
> passphrase, it would actually be encrypted, but with a key that
> corresponds to an empty passphrase and hence would be trivially cracked
> by anyone.

Surely these two ways are distinguishable. But for unattended processing
cases, I'd like a mode that makes utils skip all passphrase entry
prompts. I guess the no-encryption case ("trivially cracked by anyone")
is needed here.
Which of the mentioned modes was used in 1.4 and 2.0 for exporting
without passphrase?




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Peter Lebbing]

On 30/11/15 20:10, Andrey Utkin wrote:
> Is it impossible straight from RFC 4880 in any defined mode, or is
> it just a wrong behaviour in GnuPG/Libgcrypt?

It is a specific bug of GnuPG 2.1, and Werner's comment on the bug entry
mentioned here makes me believe he intends to fix it eventually.

GnuPG 1.4 and 2.0 can export keys without passphrases, and this is fully
defined in RFC 4880.

> Empty passphrases are banned in several places in this software:

Yes; that's because there is a difference between not encrypting stuff
and encrypting it with an empty passphrase :). The latter is just silly.
The only purpose of doing that is to be able to tell your client that
you "encrypted it" without technically lying. And I'm not making stuff
up. This actually happens (I'm looking at you, DropBox!).

When a private key is stored without a passphrase, it is stored without
encryption. The actual packet looks different: it clearly indicates that
what follows is plaintext. If you were to encrypt it with an empty
passphrase, it would actually be encrypted, but with a key that
corresponds to an empty passphrase and hence would be trivially cracked
by anyone.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Andrey Utkin]

On 27.11.2015 13:28, Peter Lebbing wrote:
> I think it makes sense to be able to store a private key without a passphrase 
> in
> a safe place (as in: an actual safe), so you don't run the risk that you 
> forgot
> the passphrase. Currently, this is not possible

Is it impossible straight from RFC 4880 in any defined mode, or is it
just a wrong behaviour in GnuPG/Libgcrypt? Empty passphrases are banned
in several places in this software:

gnupg: agent/protect.c: 1218 (hash_passphrase())
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/protect.c;h=cdb39fd1310dd539b3fa88f55e117a9aeecdb1e9;hb=refs/heads/master#l1218
libgcrypt: cipher/kdf.c: 245 (_gcry_kdf_derive())
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=cipher/kdf.c;h=ad5c46efdce696896f60521f8fe856ea102e6950;hb=refs/heads/master#l245

I haven't learned the RFC yet, so any quick tips are very appreciated.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Andrey Utkin]

Thanks to everybody for caring about my issue, and for showing that I'm
not alone with it.
So this already has been reported in
https://bugs.gnupg.org/gnupg/issue2070 and has been discussed in
https://lists.gnupg.org/pipermail/gnupg-devel/2014-October/028919.html.
So it just needs to be patched. Does anybody knows what works well if I
am ready to donate (not a ton) and want to have it done soon?

P. S. I haven't received 2 of 3 replies to my gmail mailbox, had to go
to maillist archive to review the thread. Have this happened to anybody
else, is this a known issue?

-- 
OpenPGP usage is appreciated (it also helps your letter to bypass spam
filters). To email me with encryption easily, go
https://encrypt.to/0xC6FCDB11



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Dmitrii Tcvetkov]

On Fri, 27 Nov 2015 12:05:36 +0100
Guilhem Moulin  wrote:
>I think this is incorrect.  gpg --export's output is always in the
>OpenPGP format (possibly armored), while as of 2.1 private material is
>stored in another format (in ~/.gnupg/private-keys-v1.d/$KEYGRIP.key).
>Thus the agent asks for the passphrase to decrypt the private key, and
>gpg reencrypts it on the fly (using the same passphrase).
Yes, I confused it with OpenSSH key output, sorry.

On Fri, 27 Nov 2015 14:58:01 +0200
Andrey Utkin  wrote:
> P. S. I haven't received 2 of 3 replies to my gmail mailbox, had to go
> to maillist archive to review the thread. Have this happened to
> anybody else, is this a known issue?
> 
I'm sorry, reason is I replied only to mailing list without sending
message directly to your address.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Guilhem Moulin]

On Fri, 27 Nov 2015 at 12:39:30 +0300, Dmitrii Tcvetkov wrote:
> In this case passphrase is needed to decrypt private key from keyring.
> Becuase of passphrase is not provided gpg-agent can't give gpg the
> private key. 

Or perhaps Andrey tries to export an *unprotected* private key using
GnuPG 2.1.  In that case this seems to be a known issue [0].

> Private key exports in cleartext.

I think this is incorrect.  gpg --export's output is always in the
OpenPGP format (possibly armored), while as of 2.1 private material is
stored in another format (in ~/.gnupg/private-keys-v1.d/$KEYGRIP.key).
Thus the agent asks for the passphrase to decrypt the private key, and
gpg reencrypts it on the fly (using the same passphrase).  gpg2(1) also
says:

  --export-secret-keys

  GnuPG may ask you to enter the passphrase for the key.  This is
  required because the internal protection method of the secret key is
  different from the one specified by the OpenPGP protocol.

Indeed ‘gpg2 --export-secret-keys $KEYID | gpg --list-only --list-packets’
tells me that the secret material is protected.

-- 
Guilhem.

[0] https://bugs.gnupg.org/gnupg/issue2070


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Peter Lebbing]

On 27/11/15 10:39, Dmitrii Tcvetkov wrote:
> Private key exports in cleartext.

Are you sure? I can't export an unprotected private key. The topic has come up
earlier on this mailing list, in [1].

If I have a passphrase on a private key, and I export it, it prompts me for the
passphrase and the exported key is protected by the passphrase.

If I don't have a passphrase set for a key and I export it, it prompts me as
follows:

> This key (or subkey) is not protected with a passphrase. Please enter a new 
> passphrase to export it.

If I don't enter a passphrase, it prompts me again warning me this is a bad
idea, I stubbornly choose "Yes, protection is not needed". Then the terminal
prompts:

> gpg: key DCDFDFA4: error receiving key from agent: No passphrase given - 
> skipped

And it fails.

I think it makes sense to be able to store a private key without a passphrase in
a safe place (as in: an actual safe), so you don't run the risk that you forgot
the passphrase. Currently, this is not possible, but of course you can use the
passphrase "passphrase", make a note that that is your passphrase and store the
note in the same safe.

HTH,

Peter.

[1] https://lists.gnupg.org/pipermail/gnupg-devel/2014-October/028919.html

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why gpg 2.1.9 cannot export secret key without passphrase?

[Dmitrii Tcvetkov]

On Tue, 24 Nov 2015 03:16:31 +0200
Andrey Utkin  wrote:

>  $ gpg --export-secret-keys
> (pops a Xorg dialog window from my console, driving me nuts)
> (i give empty passphrase)
> (it asks me whether i am sure I want no passphrase)
> (I say yes)
> gpg: key : error receiving key from agent: No passphrase
> given - skipped
> 
> Why is there such a _policy_?
> Maybe I am lost and I am using Windows which re-asks everything and
> still refuses to do what I want?
> 

Hello.

In this case passphrase is needed to decrypt private key from keyring.
Becuase of passphrase is not provided gpg-agent can't give gpg the
private key. 

Private key exports in cleartext.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Why gpg 2.1.9 cannot export secret key without passphrase?

[Andrey Utkin]

 $ gpg --export-secret-keys
(pops a Xorg dialog window from my console, driving me nuts)
(i give empty passphrase)
(it asks me whether i am sure I want no passphrase)
(I say yes)
gpg: key : error receiving key from agent: No passphrase given -
skipped

Why is there such a _policy_?
Maybe I am lost and I am using Windows which re-asks everything and
still refuses to do what I want?

-- 
OpenPGP usage is appreciated (it also helps your letter to bypass spam
filters). To email me with encryption easily, go
https://encrypt.to/0xC6FCDB11



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users