Re: [gmime-devel] Using GMimeDecryptResult - certificate information?

From: Gaute Hope <eg gaute vetsj com>
To: Daniel Kahn Gillmor <dkg fifthhorseman net>, Jeffrey Stedfast <fejj gnome org>, gmime development <gmime-devel-list gnome org>
Subject: Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
Date: Sat, 10 Dec 2016 16:14:07 +0000

I think newer gpg needs an agent.

Regards, Gaute

lør. 10. des. 2016 kl. 15.44 skrev Jeffrey Stedfast <fejj gnome org>:

I just went back and re-read the entire thread.

It's clear to me based on the unit tests that if use_agent = FALSE, then

we cannot use --batch when signing or decrypting because we need to

interactively supply a passphrase to gpg.

Since you were setting use_agent = TRUE, perhaps the solution to this

problem is to use --batch for sign/decrypt if use_agent = TRUE.

Unfortunately I'm having trouble getting use_agent = TRUE to work, it

seems that the gpg-agent always immediately fails with an error about

invalid ioctl for device.

I'm guessing that I need to configure a gpg-agent or something, but I'm

not entirely sure how.

Jeff

On 12/10/2016 6:18 AM, Gaute Hope wrote:

> I have never been able to get the query passphrase part to work.

>

> Regards, Gaute

>

> Jeffrey Stedfast writes on desember 10, 2016 2:20:

>> I'm actually getting errors due to --batch in the unit tests (just

>> got a Linux VM up and running in order to make a new release):

>>

>> [fejj@localhost tests]$ ./test-pgp -vvvv

>> Checking GMimeGpgContext::import... PASSED

>> Checking GMimeGpgContext::export... PASSED

>> GMimeGpgContext::sign failed: gpg: can't query passphrase in batch mode

>> gpg: skipped "no.user@no.domain": bad passphrase

>> gpg: signing failed: bad passphrase

>>

>> Checking GMimeGpgContext::sign... FAILED

>> ciphertext:

>> -----BEGIN PGP MESSAGE-----

>>

>> hQIOAwTJ0obO8knpEAgAi/FMe5qmWFch4IDiZK87P3RU4rVj5OQwGXTUI/gkBx8Z

>> 2IwuodPir6osQplzs+R6w3rzpe2ah2wm9XlXCuaqMoPmWLzKbnDEbl6RLGYLLPbW

>> tqjjI/GJ5QH1m4s5oQlUm5K3jamXDIdb/NsHQhZF4Je9708os6MjjAf8lpapUu+B

>> AKnEAi8XBbCRUJLwOtFGAbeuCNxmdmLDiNd/sHqc5jl4C2FlZIhLZnTnAuC5aT7Z

>> plEG8HTKA0ffpJI87qBoZOCLZ6fDFRVBkhHvr1yfMYyzXW8liqXHB88HntRLx2uq

>> JW9KvnlLn0vnSrirDFxKjMIaOgYnR6bby6VGlPWO1wf+K9yizOrkL+VADnDeic+6

>> 9e1Fa0/9S8O5aIAMmJWAFBlKVXV91HP1bjqeW9OKKuXKpKBi/Lk6ieolsLa53+VZ

>> yApXf9XgmQ+f2F0AcK1zCX5a1q1GjwyE0pTx1+UFQoWQUItrwu+/6+xec99sVefE

>> h14zfycc7kNkF1axB6T+65w9f5P/QIrIjGPeC/Ltw9Q/rBfRMdOBbz0xW+quLWih

>> fY/R/2Mv44G/h3tjh3P9zpEjJltFl1cjrSv6fudmtoqJvwMNUTyRsZ4hf/kHNJIQ

>> TBdaSfDvBuT3OfRbZxRyww5VC+s6nP/SBWQbN7FrOTHTF8jFCgxqaFMbBozex9q3

>> GtJRAdFfj69qNJl/Z9jDbILiKpIoU1rSmXFNfnuTEeGPbWtCkfDm5EeIUrzSuEZs

>> B8lBfN8G6zubUesZ5fjh63EC5zIOUzHEli1NDuxcnp6qZvXd

>> =9sx6

>> -----END PGP MESSAGE-----

>>

>> Checking GMimeGpgContext::encrypt... PASSED

>> GMimeGpgContext::encrypt failed: gpg: public key is CEF249E9

>> gpg: using subkey CEF249E9 instead of primary key 5182C200

>> gpg: can't query passphrase in batch mode

>> gpg: using subkey CEF249E9 instead of primary key 5182C200

>> gpg: encrypted with 2048-bit ELG-E key, ID CEF249E9, created 2007-03-24

>> "no.user (no.comment) <no.user@no.domain>"

>> gpg: public key decryption failed: bad passphrase

>> gpg: decryption failed: secret key not available

>>

>> Checking GMimeGpgContext::decrypt... FAILED

>> GMimeGpgContext::encrypt+sign failed: gpg: can't query passphrase in

>> batch mode

>> gpg: skipped "no.user@no.domain": bad passphrase

>> gpg: [stdin]: sign+encrypt failed: bad passphrase

>>

>> Checking GMimeGpgContext::encrypt+sign... FAILED

>> Testing GnuPG crypto context: failed (3 errors, 0 warnings)

>>

>>

>>

>> If I remove the --batch, they all pass.

>>

>> Jeff

>>

>> On 7/18/2016 4:26 PM, Gaute Hope wrote:

>>> Daniel Kahn Gillmor writes on juli 14, 2016 9:25:

>>>> On Thu 2016-07-14 04:42:40 +0200, Jeffrey Stedfast wrote:

>>>> [...]

>>>>

>>>> In any case, i recommend "--batch" by default at least.

>>>

>>> It seems that the '--batch' and '--yes' arguments are only added if a

>>> password is requrired, which are all operations except decryption.

>>>

>>> The '--yes' option should not be used.

>>>

>>> Also, the '--use-agent' option is no longer supported with newer gpg

>>> ('--no-use-agent') is neither needed.

>>>

>>> I can neither get the request_passwd function to work since newer gpg

>>> needs the agent. This might work better with the passphrase-fd arg.

>>>

>>> Regards, gaute

>>

>>

>>

>

Follow-Ups:
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Jeffrey Stedfast

References:
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Jeffrey Stedfast
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Gaute Hope
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Jeffrey Stedfast

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]