subject:"gnupg 2.2.29 \-> 2.2.30 breaks symmetric decryption \(and gpg\-agent\?\)"

gnupg 2.2.29 -> 2.2.30 breaks symmetric decryption (and gpg-agent?)

2021-12-26 Thread Sergiu Ivanov

Hi,

I have just upgraded my Guix home on a Guix System, which took gnupg
from 2.2.29 to 2.2.30.  When I run gpg -v --decrypt on a file with
symmetric encryption, I get the following error:

scolobb@quark ~/tmp$ gpg -v --decrypt world.gpg 
gpg: AES.CFB encrypted data
gpg: no running gpg-agent - starting 
'/gnu/store/0snfzd41n430ddpq316j9v2z5fn2y62m-gnupg-2.2.30/bin/gpg-agent'
gpg: waiting for the agent to come up ... (5s)
gpg: connection to agent established
gpg: pinentry launched (3287 gtk2 1.1.1 /dev/pts/0 eterm-color :0 
20620/1000/996 1000/998 1)
gpg: problem with the agent: End of file
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key

After this procedure, gpg-agent is not running, for example:

scolobb@quark ~/tmp$ gpg-agent
gpg-agent[3513]: no gpg-agent running in this session

If I remove world.gpg, re-encrypt world, and rerun the above decryption
command, it works.  However, if I try decrypting another file, or if
I reboot and try decrypting the same world.gpg, I get back to the same
error.  gpg-agent is never running after I issue the decryption
commands, even if I explicitly start it before.

Does anyone experience similar issues?

I did look around the internet quite a bit, but people getting similar
error messages have different symptoms.

My current workaround is to boot into my latest configuration (system
and home), rollback home to the previous configuration, decrypt the
files I need in temporary Emacs buffers, then switch home to the
latest configuration.

For the record, here are the outputs of gpg --version in my latest and
previous home generations:

# Current generation
gpg (GnuPG) 2.2.30
libgcrypt 1.8.8
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/scolobb/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


# Previous generation
gpg (GnuPG) 2.2.29
libgcrypt 1.8.5
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/scolobb/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

-
Happy holidays :-)
Sergiu

Re: gnupg 2.2.29 -> 2.2.30 breaks symmetric decryption (and gpg-agent?)

2021-12-26 Thread Leo Famulari

On Sun, Dec 26, 2021 at 02:31:01PM +0100, Sergiu Ivanov wrote:
> Hi,
> 
> I have just upgraded my Guix home on a Guix System, which took gnupg
> from 2.2.29 to 2.2.30.  When I run gpg -v --decrypt on a file with
> symmetric encryption, I get the following error:
> 
> scolobb@quark ~/tmp$ gpg -v --decrypt world.gpg 
> gpg: AES.CFB encrypted data
> gpg: no running gpg-agent - starting 
> '/gnu/store/0snfzd41n430ddpq316j9v2z5fn2y62m-gnupg-2.2.30/bin/gpg-agent'
> gpg: waiting for the agent to come up ... (5s)
> gpg: connection to agent established
> gpg: pinentry launched (3287 gtk2 1.1.1 /dev/pts/0 eterm-color :0 
> 20620/1000/996 1000/998 1)
> gpg: problem with the agent: End of file
> gpg: encrypted with 1 passphrase
> gpg: decryption failed: No secret key

[...]

> Does anyone experience similar issues?

Yes, you're describing bug #52483, "GnuPG 2.2.30 cannot do symmetric
encryption":

https://issues.guix.gnu.org/52483

I just pushed commit d03aa942def0037cb32ff1d0cc2ac5d13f1a63df, which
allows you to upgrade your gnupg package to 2.2.32, which fixes this
bug.

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d03aa942def0037cb32ff1d0cc2ac5d13f1a63df

Re: gnupg 2.2.29 -> 2.2.30 breaks symmetric decryption (and gpg-agent?)

2021-12-27 Thread Sergiu Ivanov

Leo Famulari  [2021-12-26T23:45:23+0100]:
> On Sun, Dec 26, 2021 at 02:31:01PM +0100, Sergiu Ivanov wrote:
>> Hi,
>> 
>> I have just upgraded my Guix home on a Guix System, which took gnupg
>> from 2.2.29 to 2.2.30.  When I run gpg -v --decrypt on a file with
>> symmetric encryption, I get the following error:
>> 
>> scolobb@quark ~/tmp$ gpg -v --decrypt world.gpg 
>> gpg: AES.CFB encrypted data
>> gpg: no running gpg-agent - starting 
>> '/gnu/store/0snfzd41n430ddpq316j9v2z5fn2y62m-gnupg-2.2.30/bin/gpg-agent'
>> gpg: waiting for the agent to come up ... (5s)
>> gpg: connection to agent established
>> gpg: pinentry launched (3287 gtk2 1.1.1 /dev/pts/0 eterm-color :0 
>> 20620/1000/996 1000/998 1)
>> gpg: problem with the agent: End of file
>> gpg: encrypted with 1 passphrase
>> gpg: decryption failed: No secret key
>
> [...]
>
>> Does anyone experience similar issues?
>
> Yes, you're describing bug #52483, "GnuPG 2.2.30 cannot do symmetric
> encryption":
>
> https://issues.guix.gnu.org/52483

Oh!  Thanks for the reference, I'll subscribe to bug-guix so that I'm up
to date with bug reports.

> I just pushed commit d03aa942def0037cb32ff1d0cc2ac5d13f1a63df, which
> allows you to upgrade your gnupg package to 2.2.32, which fixes this
> bug.
>
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d03aa942def0037cb32ff1d0cc2ac5d13f1a63df

I confirm that symmetric decryption works in guix shell gnupg after
a guix pull.

Thanks a lot for the quick answer!

-
Sergiu

gnupg 2.2.29 -> 2.2.30 breaks symmetric decryption (and gpg-agent?)

Re: gnupg 2.2.29 -> 2.2.30 breaks symmetric decryption (and gpg-agent?)

Re: gnupg 2.2.29 -> 2.2.30 breaks symmetric decryption (and gpg-agent?)

3 matches

Site Navigation

Mail list logo

Footer information