subject:"\[EasyPG \(epa\)\] Emacs can't save modified encrypted file"

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-05 Thread Christopher M. Miles


Ihor Radchenko  writes:

> "Christopher M. Miles"  writes:
>
>> - [X] Then I check out Emacs source code file "epg.el" & "epa.el" file
>>   git log. -> have not found obvious gpg command-line options related to
>>   the problem. One small possible commit might be
>>   "82388dff8ed006cecb65ea7a4afd8667ec44b5e3".
>
> One of the reddit comments mentioned that the newer gpg hangs when not
> provided input. If this is true, I notice that `epg-start-encrypt' first
> calls (epg-wait-for-status context '("BEGIN_SIGNING")) and only then
> sends the buffer string for encryption (process-send-string).

In order to connect this mail list thread with the Emacs bug report.
Put bug report link here:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=63256

-- 

[ stardiviner ]
I try to make every word tell the meaning that I want to express without 
misunderstanding.

Blog: https://stardiviner.github.io/
IRC(libera.chat, freenode): stardiviner, Matrix: stardiviner
GPG: F09F650D7D674819892591401B5DF1C95AE89AC3


signature.asc
Description: PGP signature

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-05 Thread Ihor Radchenko

"Christopher M. Miles"  writes:

> - [X] Then I check out Emacs source code file "epg.el" & "epa.el" file
>   git log. -> have not found obvious gpg command-line options related to
>   the problem. One small possible commit might be
>   "82388dff8ed006cecb65ea7a4afd8667ec44b5e3".

One of the reddit comments mentioned that the newer gpg hangs when not
provided input. If this is true, I notice that `epg-start-encrypt' first
calls (epg-wait-for-status context '("BEGIN_SIGNING")) and only then
sends the buffer string for encryption (process-send-string).

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at .
Support Org development at ,
or support my work at

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-05 Thread Christopher M. Miles


Ihor Radchenko  writes:

> Some more info: 
> https://old.reddit.com/r/emacs/comments/137r7j7/gnupg_241_encryption_issues_with_emacs_orgmode/

Indeed same problem as mine. Thanks Ihor

- [X] *downgrade* GnuPG from 2.4.1 -> 2.4.0 temporary get around the problem.

  #+begin_src sh
  brew info gnupg | grep "From:" | cut -d " " -f 2
  #+end_src

  #+RESULTS[(2023-05-05 14:19:54) 0e3dbbad14b66a4f05d2d70fb5cfd59db46f49bc]:
  : https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/gnupg.rb

  #+begin_src sh
  
URL=https://raw.githubusercontent.com/Homebrew/homebrew-core/59edfe598541186430d49cc34f42671e849e2fc9/Formula/gnupg.rb
  wget $URL
  brew uninstall gnupg
  brew install -s gnupg.rb
  #+end_src

- [X] Check out GnuPG homepage changelog, Found new feature "ADSK: The 
Additional Decryption Subkey" for the problem gnupg version "2.4.1".
  After I executed bellowing command, -->> I still has problem.
  https://www.gnupg.org/blog/20230321-adsk.html

  #+begin_src sh
  gpg -K --with-subkey-fingerprint stardiviner
  #+end_src

  #+RESULTS[(2023-05-05 14:44:34) bc8e7497ce39ff0a8ae3fc45c332d64685e8da46]:
  : sec   rsa2048 2015-01-31 [SC]
  :   F09F650D7D674819892591401B5DF1C95AE89AC3
  : uid   [ultimate] stardiviner (numbch...@gmail.com) 

  : uid   [ultimate] stardiviner (Christopher Miles) 

  : uid   [ultimate] [jpeg image of size 3384]
  : ssb   rsa2048 2015-01-31 [E]
  :   32A8581A6E137ABD26DA2F570251FA6886EB6B77
  : 

  #+begin_src sh
  gpg --quick-add-adsk F09F650D7D674819892591401B5DF1C95AE89AC3 
32A8581A6E137ABD26DA2F570251FA6886EB6B77
  #+end_src

- [X] Then I check out Emacs source code file "epg.el" & "epa.el" file
  git log. -> have not found obvious gpg command-line options related to
  the problem. One small possible commit might be
  "82388dff8ed006cecb65ea7a4afd8667ec44b5e3".

-- 

[ stardiviner ]
I try to make every word tell the meaning that I want to express without 
misunderstanding.

Blog: https://stardiviner.github.io/
IRC(libera.chat, freenode): stardiviner, Matrix: stardiviner
GPG: F09F650D7D674819892591401B5DF1C95AE89AC3


signature.asc
Description: PGP signature

Re: [Uploaded Edebug video] Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-04 Thread Ihor Radchenko



Some more info: 
https://old.reddit.com/r/emacs/comments/137r7j7/gnupg_241_encryption_issues_with_emacs_orgmode/

Re: [Uploaded Edebug video] Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-03 Thread Christopher M. Miles

Ihor Radchenko  writes:

> "Christopher M. Miles"  writes:
>
>> Ok, I upload on Disroot website:
>>
>> https://upload.disroot.org/r/7skmXw7a#zt0jISsPuV0f3LkY9aRyz77X3iAOyD3cuue1Fbi9zy0=
>
> So, the hang happens on `epg-wait-for-status'.
> So, again, may you try to run the exact command line (including absence
> of input file) manually in terminal?
>
> Basically, `epg-wait-for-status' is looking at the output of gpg,
> waiting for "[GNUPG:] BEGIN_ENCRYPTION" and never gets that status from
> gpg. AFAIU.

I executed bellowing command in terminal without input file. (I added
aside comment using marker "|<--")

#+begin_src sh :eval no
$ gpg --no-tty --status-fd 1 --yes --enable-progress-filter --command-fd 0 
--pinentry-mode loopback --encrypt -r 1B5DF1C95AE89AC3 -r B8C4B8E547C32433

[GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
[GNUPG:] KEY_CONSIDERED 9BAA92BCCDDDB9EF3B36CB99B8C4B8E547C32433 0
[GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
gpg: 1B5DF1C95AE89AC3: skipped: public key already present   |<-- gpg wait for 
input and stopped here.
[GNUPG:] BEGIN_ENCRYPTION|<-- followed your 
hints, I input "[GNUPG:] BEGIN_ENCRYPTION" manually here.
hello|<-- I input text 
manually here.
[GNUPG:] PROGRESS stdin ? 0 0 B  |<-- gpg start to 
encrypting

=9I'iz^z=Ⱥ*pD>n̯dCj.:wD"zCy
  8$|
xMIiEXM{q2]"k1vx_$xIc3^L!L' $_уp
 T%QC a^i
WۄSuڅk?#\T}7
QhkwvUI#>^xNg{
#v/jͽrW[q9,W'%ϽVZ53BJGm_0VL`*vgT}[eQA:amRs?+z}6A/"b(?QU5*>ɨWQD$ih@ep^9<~[=5https://stardiviner.github.io/
IRC(libera.chat, freenode): stardiviner, Matrix: stardiviner
GPG: F09F650D7D674819892591401B5DF1C95AE89AC3

signature.asc
Description: PGP signature

Re: [Uploaded Edebug video] Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-03 Thread Ihor Radchenko

"Christopher M. Miles"  writes:

> Ok, I upload on Disroot website:
>
> https://upload.disroot.org/r/7skmXw7a#zt0jISsPuV0f3LkY9aRyz77X3iAOyD3cuue1Fbi9zy0=

So, the hang happens on `epg-wait-for-status'.
So, again, may you try to run the exact command line (including absence
of input file) manually in terminal?

Basically, `epg-wait-for-status' is looking at the output of gpg,
waiting for "[GNUPG:] BEGIN_ENCRYPTION" and never gets that status from
gpg. AFAIU.

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at .
Support Org development at ,
or support my work at

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-03 Thread Christopher M. Miles


Ihor Radchenko  writes:

> "Christopher M. Miles"  writes:
>
>>   GPG_AGENT_INFO is not set
>>   /opt/homebrew/bin/gpg --no-tty --status-fd 1 --yes 
>> --enable-progress-filter --command-fd 0
>> --output /var/folders/ym/f3v5_yk1279g5ls70x3hzblhgn/T/epg-outputxPZRrb 
>> --pinentry-mode
>> loopback --encrypt -r 1B5DF1C95AE89AC3 -r B8C4B8E547C32433
>>   [GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
>>   [GNUPG:] KEY_CONSIDERED 9BAA92BCCDDDB9EF3B36CB99B8C4B8E547C32433 0
>>   [GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
>>   #+end_example
>>
>> ...
>>   The encrypt command seems missing input file.
>
> Which is clearly wrong, AFAIU. I guess it is then time to report bug to
> Emacs? You may also try to find where the input file gets lost from the
> argument list.
>

Thanks for checking out, Ihor.

I tried to figure it out in the Edebug process, but don't know where
data is wrong. May you can check out my uploaded video.

I also will report bug to Emacs.

>> - [X] record screen record for edebug process (430M), then compress big 
>> recorded video (~170M).
>>
>>   I uploaded to here: https://file.io/5fvOAbW5DPi6
>
> No longer available.

I uploaded again, don't know why the file expired not available.

https://file.io/j17OelAJFVVi

-- 

[ stardiviner ]
I try to make every word tell the meaning that I want to express without 
misunderstanding.

Blog: https://stardiviner.github.io/
IRC(libera.chat, freenode): stardiviner, Matrix: stardiviner
GPG: F09F650D7D674819892591401B5DF1C95AE89AC3


signature.asc
Description: PGP signature

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-03 Thread Ihor Radchenko

"Christopher M. Miles"  writes:

>   GPG_AGENT_INFO is not set
>   /opt/homebrew/bin/gpg --no-tty --status-fd 1 --yes --enable-progress-filter 
> --command-fd 0 --output 
> /var/folders/ym/f3v5_yk1279g5ls70x3hzblhgn/T/epg-outputxPZRrb 
> --pinentry-mode loopback --encrypt -r 1B5DF1C95AE89AC3 -r B8C4B8E547C32433
>   [GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
>   [GNUPG:] KEY_CONSIDERED 9BAA92BCCDDDB9EF3B36CB99B8C4B8E547C32433 0
>   [GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
>   #+end_example
>
> ...
>   The encrypt command seems missing input file.

Which is clearly wrong, AFAIU. I guess it is then time to report bug to
Emacs? You may also try to find where the input file gets lost from the
argument list.

> - [X] record screen record for edebug process (430M), then compress big 
> recorded video (~170M).
>
>   I uploaded to here: https://file.io/5fvOAbW5DPi6

No longer available.

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at .
Support Org development at ,
or support my work at

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-03 Thread Christopher M. Miles


Ihor Radchenko  writes:

> "Christopher M. Miles"  writes:
>
>>> Do you have any issues decrypting and encrypting files from command
>>> line? If no, what about from M-x shell? If yet no, what if you call gpg
>>> via `start-process'?
>>>
>>
>> - [X] test decrypt & encrypt in terminal with gpg command. -> works fine.
>>
>> - [X] test decrypt & encrypt in Emacs =[M-x shell]= with gpg command. -> 
>> works fine.
>> ...
>> - [X] test decrypt & encrypt in Emacs with ~start-process~ -> works fine
>
> Ok. The further step we can try is following what epg does.
> I am now looking into `epg--start' source code and I note
> `epg-debug' variable, which might provide some more info to think about.
> Also, note the `make-process' call in `epg--start' - you may try to run
> it manually, similar to `start-process' and check if it fails. (For me,
> :connection-type 'pipe part is a bit fishy - I recall there were some
> quirks related to it;
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=44824 ... but it was the
> opposite to having 'pipe AFAIR).

Ok, I followed your suggestions, did following steps.

- [X] toggle option ~epg-debug~

  #+begin_src emacs-lisp
  (setq epg-debug t)
  #+end_src

  #+begin_example :file "*epg-debug*"
  GPG_AGENT_INFO is not set
  /opt/homebrew/bin/gpg --no-tty --status-fd 1 --yes --enable-progress-filter 
--command-fd 0 --output 
/var/folders/ym/f3v5_yk1279g5ls70x3hzblhgn/T/epg-outputMMP3Zp 
--pinentry-mode loopback --decrypt -- 
/Users/stardiviner/.config/emacs/secrets/authinfo.gpg
  [GNUPG:] PROGRESS /Users/stardiviner/. ? 0 1204 B
  [GNUPG:] ENC_TO AEDA8A17BB08B786 1 0
  [GNUPG:] ENC_TO 0251FA6886EB6B77 1 0
  [GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
  [GNUPG:] KEY_CONSIDERED 9BAA92BCCDDDB9EF3B36CB99B8C4B8E547C32433 0
  [GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
  [GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
  [GNUPG:] DECRYPTION_KEY 32A8581A6E137ABD26DA2F570251FA6886EB6B77 
F09F650D7D674819892591401B5DF1C95AE89AC3 u
  [GNUPG:] NO_SECKEY AEDA8A17BB08B786
  [GNUPG:] BEGIN_DECRYPTION
  [GNUPG:] DECRYPTION_INFO 2 7 0
  [GNUPG:] PROGRESS /Users/stardiviner/. ? 1204 1204 B
  [GNUPG:] PLAINTEXT 62 1682998161 
  [GNUPG:] DECRYPTION_OKAY
  [GNUPG:] GOODMDC
  [GNUPG:] END_DECRYPTION
  GPG_AGENT_INFO is not set
  /opt/homebrew/bin/gpg --no-tty --status-fd 1 --yes --enable-progress-filter 
--command-fd 0 --output 
/var/folders/ym/f3v5_yk1279g5ls70x3hzblhgn/T/epg-outputE3zoeh 
--pinentry-mode loopback --encrypt -r 1B5DF1C95AE89AC3 -r B8C4B8E547C32433
  [GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
  [GNUPG:] KEY_CONSIDERED 9BAA92BCCDDDB9EF3B36CB99B8C4B8E547C32433 0
  [GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
  GPG_AGENT_INFO is not set
  /opt/homebrew/bin/gpg --no-tty --status-fd 1 --yes --enable-progress-filter 
--command-fd 0 --output 
/var/folders/ym/f3v5_yk1279g5ls70x3hzblhgn/T/epg-outputxPZRrb 
--pinentry-mode loopback --encrypt -r 1B5DF1C95AE89AC3 -r B8C4B8E547C32433
  [GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
  [GNUPG:] KEY_CONSIDERED 9BAA92BCCDDDB9EF3B36CB99B8C4B8E547C32433 0
  [GNUPG:] KEY_CONSIDERED F09F650D7D674819892591401B5DF1C95AE89AC3 0
  #+end_example

- [X] test the debug output buffer printed full command in terminal. (remove 
=--output= option to see the output)

  #+begin_src sh :eval no
  gpg --no-tty --status-fd 1 --yes --enable-progress-filter --command-fd 0 
--pinentry-mode loopback --decrypt -- 
/Users/stardiviner/.config/emacs/secrets/authinfo.gpg
  # after input password, it decrypted success
  #+end_src

  The encrypt command seems missing input file.

  #+begin_src sh :eval no
  gpg --no-tty --status-fd 1 --yes --enable-progress-filter --command-fd 0 
--pinentry-mode loopback --encrypt -r 1B5DF1C95AE89AC3 -r B8C4B8E547C32433
  #+end_src

- [X] I look into ~epg--start~ source code. note the ~make-process~ call in 
~epg--start~ - you may try to
  run it manually, similar to ~start-process~ and check if it fails. (For me, 
~:connection-type 'pipe~
  part is a bit fishy.)

  #+begin_src emacs-lisp :eval no
  ;;; `epg-start-encrypt' -> `epg--start'
  (let ((context
 #s(epg-context :protocol OpenPGP :program "/opt/homebrew/bin/gpg" 
:home-directory nil :armor nil :textmode nil :include-certs nil 
:cipher-algorithm nil :digest-algorithm nil :compress-algorithm nil 
:passphrase-callback (epa-file-passphrase-callback-function . 
"/Users/stardiviner/.config/emacs/secrets/authinfo.gpg") :progress-callback 
(epa-progress-callback-function . "Encrypting 
/Users/stardiviner/.config/emacs/secrets/authinfo.gpg") :edit-callback nil 
:signers nil :sender nil :sig-notations nil :process nil :output-file 
"/var/folders/ym/f3v5_yk1279g5ls70x3hzblhgn/T/epg-outputsyLCLb" :result nil 
:operation encrypt :pinentry-mode loopback :error-output "" :error-buffer nil))
(args '("--encrypt" #1="-r" "1B5DF1C95AE89AC3" #1# "B8C4B8E

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-02 Thread Ihor Radchenko

"Christopher M. Miles"  writes:

>> Do you have any issues decrypting and encrypting files from command
>> line? If no, what about from M-x shell? If yet no, what if you call gpg
>> via `start-process'?
>>
>
> - [X] test decrypt & encrypt in terminal with gpg command. -> works fine.
>
> - [X] test decrypt & encrypt in Emacs =[M-x shell]= with gpg command. -> 
> works fine.
> ...
> - [X] test decrypt & encrypt in Emacs with ~start-process~ -> works fine

Ok. The further step we can try is following what epg does.
I am now looking into `epg--start' source code and I note
`epg-debug' variable, which might provide some more info to think about.
Also, note the `make-process' call in `epg--start' - you may try to run
it manually, similar to `start-process' and check if it fails. (For me,
:connection-type 'pipe part is a bit fishy - I recall there were some
quirks related to it;
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=44824 ... but it was the
opposite to having 'pipe AFAIR).

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at .
Support Org development at ,
or support my work at

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-02 Thread Christopher M. Miles


Ihor Radchenko  writes:

> "Christopher M. Miles"  writes:
>
>> I downgrade gnupg, then the problem solved. But the downgrade version is
>> very old (gnupg@2.4.1 -> gnupg@2.2.41). I suspend problem is somewhere
>> else, like Emacs interaction with GnuPG process.
>
> Do you have any issues decrypting and encrypting files from command
> line? If no, what about from M-x shell? If yet no, what if you call gpg
> via `start-process'?
>

- [X] test decrypt & encrypt in terminal with gpg command. -> works fine.

- [X] test decrypt & encrypt in Emacs =[M-x shell]= with gpg command. -> works 
fine.

  #+begin_example
  bash-5.2$ bash-5.2$ 
  bash-5.2$ pwd 
  /Users/stardiviner/.config/emacs/secrets
  bash-5.2$ gpg -d authinfo.gpg > authinfo 
  gpg: encrypted with rsa2048 key, ID 0251FA6886EB6B77, created 2015-01-31
"stardiviner (numbch...@gmail.com) "
  gpg: encrypted with rsa2048 key, ID AEDA8A17BB08B786, created 2012-03-02
"Christopher Miles (stardiviner, numbchild) "
  gpg: using "F09F650D7D674819892591401B5DF1C95AE89AC3" as default secret key 
for signing
  bash-5.2$ ls 
  accounts.json.gpg authinfoauthinfo.gpg
  bash-5.2$ 
  #+end_example

- [X] test decrypt & encrypt in Emacs with ~start-process~ -> works fine

  #+begin_src emacs-lisp :dir "~/.config/emacs/secrets/" :results output
  (let ((output-buffer "*gnupg-decrypt*"))
(pwd)
(when (get-buffer output-buffer)
  (with-current-buffer (get-buffer output-buffer)
(erase-buffer)))
(start-process
 "gnupg-testing"
 output-buffer
 "gpg"
 "--decrypt" "authinfo.gpg"
 ;; ">" "authinfo"
 )
(sleep-for 2)
(print
 (with-current-buffer (get-buffer output-buffer)
   (buffer-substring-no-properties (point-min) (point-max)
  #+end_src

>> 4. I press =[C-g]= to quit got following stacktrace:
>>
>> #+begin_example
>> Debugger entered--Lisp error: (quit)
>>   accept-process-output(# 1)
>
> This certainly looks like gpg itself is waiting for something and Emacs
> is waiting for gpg...
>
>> When I save modified "=~/.config/emacs/secrets/authinfo.gpg=", got prompt:
>>
>> #+begin_example
>> Untrusted key AEDA8A17BB08B786 Christopher Miles (stardiviner, numbchild) 
>> .  Use anyway? (y or n)
>> #+end_example
>
>> If I input "n" for prompt:
>>
>> #+begin_example
>> Debugger entered--Lisp error: (file-error "Opening output file" "Encrypt 
>> failed" "Unusable public key: B8C4B8E547C32433 (key not tru...")
>
> This reminds me of 
> https://orgmode.org/list/2023-01-22t18-32...@devnull.karl-voit.at
> CC-ing Karl as he might be interested to join this discussion.
>

His error indeed same with mine. I have read email and check my private
key. Here is my private key info:

Check out my private key info:

#+begin_src sh
# gpg -K
gpg --list-secret-keys --verbose --with-subkey-fingerprints
#+end_src

#+RESULTS[(2023-05-03 01:41:09) 80ae7b09060704481af2e01ae6f6086262d4a05c]:
#+begin_example
/Users/stardiviner/.gnupg/pubring.kbx
-
sec   rsa2048 2015-01-31 [SC]
  F09F650D7D674819892591401B5DF1C95AE89AC3
uid   [ultimate] stardiviner (numbch...@gmail.com) 
uid   [ultimate] stardiviner (Christopher Miles) 
uid   [ultimate] [jpeg image of size 3384]
ssb   rsa2048 2015-01-31 [E]
  32A8581A6E137ABD26DA2F570251FA6886EB6B77

#+end_example

>> - [X] find bellowing two key ID belongs where
>>
>> Untrusted key "AEDA8A17BB08B786" ---> fingerprint 
>> "0DEF7425E79FE2E0090B424BAEDA8A17BB08B786" --> my old key
>> ((invalid-recipient (reason . 10) (requested . "B8C4B8E547C32433"))) --> 
>> "F09F650D7D674819892591401B5DF1C95AE89AC3" --> my current new gnupg key
>>
>> Question: I don't know why my current gnupg key and old gnupg key are 
>> together.
>>
>> Here is my Emacs EasyPG (epa) config:
>>
>> #+begin_src emacs-lisp
>> (use-package epa
>>   ;; force Emacs to use its own internal password prompt instead of an 
>> external
>>   ;; pinentry program.
>>   :preface (setenv "GPG_AGENT_INFO" nil)
>
> I do not use this setting on my side and simply stick to gtk password
> prompt.
>

I check my pinentry on macOS. Found package "pinentry-mac" installed by
Homebrew. Then I use it as pinentry-program in "gpg-agent.conf" config file.

Then I tested by remove upper (setenv "GPG_AGENT_INFO" nil) line.
Restart Emacs still same problem.

Then I disable my "epa" config, restart Emacs, still same problem.

> Not sure if it is of any help, but on my side I used
> https://wiki.gentoo.org/wiki/GnuPG for GPG configuration. That wiki
> page is rather detailed - you might find some clues.
>
> Also, my gpg config, for reference
> https://github.com/yantar92/emacs-config/blob/master/system-config.org#gpg

Thanks for sharing helpful links.

I read whole page of Gentoo wiki of GnuPG. I have not found clue about
my problem. I Googled more similar search query keywords. Still no clue.

Paste my gpg.conf here for reference:

#+begin_src conf
default-recipient stardiviner

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

2023-05-02 Thread Ihor Radchenko

"Christopher M. Miles"  writes:

> I downgrade gnupg, then the problem solved. But the downgrade version is
> very old (gnupg@2.4.1 -> gnupg@2.2.41). I suspend problem is somewhere
> else, like Emacs interaction with GnuPG process.

Do you have any issues decrypting and encrypting files from command
line? If no, what about from M-x shell? If yet no, what if you call gpg
via `start-process'?

> 4. I press =[C-g]= to quit got following stacktrace:
>
> #+begin_example
> Debugger entered--Lisp error: (quit)
>   accept-process-output(# 1)

This certainly looks like gpg itself is waiting for something and Emacs
is waiting for gpg...

> When I save modified "=~/.config/emacs/secrets/authinfo.gpg=", got prompt:
>
> #+begin_example
> Untrusted key AEDA8A17BB08B786 Christopher Miles (stardiviner, numbchild) 
> .  Use anyway? (y or n)
> #+end_example

> If I input "n" for prompt:
>
> #+begin_example
> Debugger entered--Lisp error: (file-error "Opening output file" "Encrypt 
> failed" "Unusable public key: B8C4B8E547C32433 (key not tru...")

This reminds me of 
https://orgmode.org/list/2023-01-22t18-32...@devnull.karl-voit.at
CC-ing Karl as he might be interested to join this discussion.

> - [X] find bellowing two key ID belongs where
>
> Untrusted key "AEDA8A17BB08B786" ---> fingerprint 
> "0DEF7425E79FE2E0090B424BAEDA8A17BB08B786" --> my old key
> ((invalid-recipient (reason . 10) (requested . "B8C4B8E547C32433"))) --> 
> "F09F650D7D674819892591401B5DF1C95AE89AC3" --> my current new gnupg key
>
> Question: I don't know why my current gnupg key and old gnupg key are 
> together.
>
> Here is my Emacs EasyPG (epa) config:
>
> #+begin_src emacs-lisp
> (use-package epa
>   ;; force Emacs to use its own internal password prompt instead of an 
> external
>   ;; pinentry program.
>   :preface (setenv "GPG_AGENT_INFO" nil)

I do not use this setting on my side and simply stick to gtk password
prompt.

Not sure if it is of any help, but on my side I used
https://wiki.gentoo.org/wiki/GnuPG for GPG configuration. That wiki
page is rather detailed - you might find some clues.

Also, my gpg config, for reference
https://github.com/yantar92/emacs-config/blob/master/system-config.org#gpg

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at .
Support Org development at ,
or support my work at

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

Re: [Uploaded Edebug video] Re: [EasyPG (epa)] Emacs can't save modified encrypted file

Re: [Uploaded Edebug video] Re: [EasyPG (epa)] Emacs can't save modified encrypted file

Re: [Uploaded Edebug video] Re: [EasyPG (epa)] Emacs can't save modified encrypted file

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

Re: [EasyPG (epa)] Emacs can't save modified encrypted file

12 matches

Site Navigation

Mail list logo

Footer information