When creating a signed message (whether encrypted or not), if gpg-agent fails to sign the message, gpg 2.1.0 emits the first part of the message, but then terminates with a non-zero error code.
gpg 1.4.x (and i think 2.0.x, but haven't tested today) both terminate with a non-zero error code but produce no output on stdout. This change in behavior causes problems with enigmail in particular, which appears to send the truncated results when producing a PGP/MIME encrypted+signed message if the agent fails to sign. I believe this is two distinct issues, and maybe we want to address them both: * gnupg 2.1.x might want to buffer data before the signature is made, and decline to emit anything if the signature fails * enigmail probably should detect that its invocation of gpg returns a non-zero error code and raise an error in the message creation step. I note that it appears to do so properly for when generating non-encrypted PGP/MIME-signed messages, it's just failing at PGP/MIME encrypted+signed messages. Below is a transcript showing the different behaviors between 1.4.18 (with --use-agent) and 2.1.0 when the agent fails to produce a signature. Regards, --dkg 0 dkg@alice:~$ gpg --version gpg (GnuPG) 1.4.18 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 0 dkg@alice:~$ gpg2 --version gpg (GnuPG) 2.1.0 libgcrypt 1.6.2 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 0 dkg@alice:~$ gpgconf --kill gpg-agent 0 dkg@alice:~$ gpgconf --launch gpg-agent 0 dkg@alice:~$ echo test | gpg --clearsign You need a passphrase to unlock the secret key for user: "Daniel Kahn Gillmor <[email protected]>" 4096-bit RSA key, ID 0xA52401B11BFDFA5C, created 2013-03-12 (subkey on main key ID 0xCCD2ED94D21739E9) gpg: cancelled by user gpg: no default secret key: bad passphrase gpg: [stdin]: clearsign failed: bad passphrase 2 dkg@alice:~$ echo test | gpg2 --clearsign -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 test gpg: signing failed: Operation cancelled gpg: [stdin]: clearsign failed: Operation cancelled 2 dkg@alice:~$ echo test | gpg2 --sign --encrypt --armor -r $PGPID gpg: signing failed: Operation cancelled -----BEGIN PGP MESSAGE----- Version: GnuPG v2 hQIMA8Yb0+whSEz/ARAAnJCOUKoXQu0T0JCX3VmHzGW0HL5kvoZgrzYNzqfl2+0k HxKxZzic6sOuiXQ7GcZ6v6OuZy79brPU4vnpzy5DeeaVBE/6UKGhLVRQbaqFD74t PBVnwRdVKY7MHLeOn3H5H/CJRAqwXfYPBPTLEVb4HoJxtwR8GQcToqXTme42OHkd Vttfg6tUbfzwaqGuUHLVH12JP1g5Usq1RzhSbdrPBdB5bs4RNFkXYSW4hL2BWbvX ZoujMTXC+JwQJh5Edjav79rPXpCNuXZr6QS05FaDOfmDYRCSv+t1F1Yh0dIXwXcd h+TwJFGP27T/d2mE3o2uA1P1iZOh1V5czcNa2EwsE/My4/ou3kvSHMt8QhNIBJvB qENaQWM0hZKmPzlItc/J1oQW4BHvoOz5qNJxfxDw6aZrL7qP5+vgXD24JpR2DHzd 8/fi2QHsVnA7upMtfzaZ3x1jwbYxgM+/A3N8PdsKbyXu4SQwcvTmbRKgMx0L8DOJ hgsM/LrpuEJvpYAU7YSy2h5jANlNebhjGwfCDDmyR97BjXMcVt6BuJOS6JjN5plS RF6vrvdUD0NpJsPUkyVGD7RP6ofOScQ7oD8UfpegOldpK89U/3yJfk7yw2AYA0AI FZicmDyzWb/aKFbHzIMCi14u3x8BPSANfqnWv+/5yDsGkrydLWRMZeaeDZ9mgpg: [stdin]: sign+encrypt failed: Operation cancelled 2 dkg@alice:~$ echo test | gpg --sign --encrypt --armor -r $PGPID You need a passphrase to unlock the secret key for user: "Daniel Kahn Gillmor <[email protected]>" 4096-bit RSA key, ID 0xA52401B11BFDFA5C, created 2013-03-12 (subkey on main key ID 0xCCD2ED94D21739E9) gpg: cancelled by user gpg: no default secret key: bad passphrase gpg: [stdin]: sign+encrypt failed: bad passphrase 2 dkg@alice:~$
signature.asc
Description: PGP signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
