Re: gpgsm: (pinentry:24664): GLib-GObject-CRITICAL **: Object class GtkSecureEntry doesn't implement property 'editing-canceled' from interface 'GtkCellEditable'
Werner Koch writes: >> gpgsm: (pinentry:24664): GLib-GObject-CRITICAL **: Object class >> GtkSecureEntry doesn't implement property 'editing-canceled' from >> interface 'GtkCellEditable' > > This warning is due to a newer version of Gtk+ (2.20). Pinentry uses a > replacement of GTK+'s standard text entry widget which was written many > years ago. It should will be simple to add this property and explicitly > return FALSE - this should silence the warning. And it seems you already fixed it in the git repo some time ago: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=671a1a70 Is there any chance of new release? :-) Regards, -- Daiki Ueno ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --list-secret-keys does not skip revoked keys
Daiki Ueno writes:
> BTW, I'm wondering if there is any reason why the validity field (Field
> 2 of --with-colons output) is not used for secret keys. It might be
> useful for the libraries which call gpg internally (epg.el I mean :) to
> check if a key is usable.
Actually, it looks that GPGME ignores the validity when listing keys
with SECRET_ONLY flag. Here is a sample program:
#include
#include
#include
#include
static gpgme_error_t
list_key_validity (const char *pattern)
{
gpgme_ctx_t ctx;
gpgme_key_t key;
gpgme_error_t err = gpgme_new (&ctx);
int secret_only;
if (err)
goto out;
for (secret_only = 0; secret_only < 2; secret_only++)
{
err = gpgme_op_keylist_start (ctx, pattern, secret_only);
if (err)
goto out;
while (!err)
{
err = gpgme_op_keylist_next (ctx, &key);
if (err)
break;
printf ("%s (%s) revoked = %d, expired = %d\n",
key->subkeys->keyid,
(secret_only ? "sec" : "pub"),
key->subkeys->revoked,
key->subkeys->expired);
gpgme_key_release (key);
}
gpgme_op_keylist_end (ctx);
}
out:
gpgme_release (ctx);
return err;
}
int
main (int argc, char **argv)
{
int i;
if (argc < 2)
{
fprintf (stderr, "Usage: %s pattern...\n", argv[0]);
exit (1);
}
setlocale (LC_ALL, "");
gpgme_check_version (NULL);
gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));
#ifdef LC_MESSAGES
gpgme_set_locale (NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL));
#endif
for (i = 0; i < argc; i++)
list_key_validity (argv[i]);
return 0;
}
/*
* Local variables:
* compile-command: "gcc -o list-key-validity list-key-validity.c `gpgme-config
--cflags --libs`"
* End:
*/
I get:
$ ./list-key-validity A6CC6651 D1458906
084B0E86A6CC6651 (pub) revoked = 0, expired = 1
892F1451D1458906 (pub) revoked = 1, expired = 0
892F1451D1458906 (sec) revoked = 0, expired = 0
Maybe I'm missing some points of the OpenPGP concept.
Regards,
--
Daiki Ueno
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg --list-secret-keys does not skip revoked keys
Hi, I noticed that gpg --list-secret-keys skips expired keys but not revoked keys. For example, when I have two keys (one is expired and another is revoked): $ gpg --list-keys A6CC6651 D1458906 pub 2048R/A6CC6651 2010-11-10 [expired: 2010-11-17] uid Daiki Ueno pub 2048R/D1458906 2010-12-22 [revoked: 2010-12-22] uid Daiki Ueno $ gpg --list-secret-keys A6CC6651 D1458906 sec 2048R/D1458906 2010-12-22 uid Daiki Ueno ssb 2048R/AE471CB5 2010-12-22 Is this an intended behavior? Also, if I supply the revoked key to say gpg --sign, it simply fails: $ gpg --sign -u D1458906 < /dev/null gpg: skipped "D1458906": unusable secret key gpg: signing failed: unusable secret key BTW, I'm wondering if there is any reason why the validity field (Field 2 of --with-colons output) is not used for secret keys. It might be useful for the libraries which call gpg internally (epg.el I mean :) to check if a key is usable. Currently we need to run gpg --list-keys followed by gpg --list-secret-keys. Regards, -- Daiki Ueno ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: EncFS patch
Werner Koch writes: > find below a pacth agains EncFS 1.5.2 - this is the one I used for > testing. Thanks. It now basically works (I used encfs-1.7.3_annotate.diff you posted to gnupg-devel), though the usage was a bit unclear to me :) For anyone else who wants to try, here is my trial log: $ g13 -r A6CC6651 --create foo $ mkdir /tmp/x $ g13 --mount foo /tmp/x & $ echo aaa > /tmp/x/passwords $ pkill g13 $ ls /tmp/x # there are no files $ g13 --mount foo /tmp/x & $ ls /tmp/x passwords Regards, -- Daiki Ueno ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 beta released
Hi, Werner Koch writes: > We just released the first *beta version* of GnuPG 2.1. It has been > released to give you the opportunity to check out the new features. I just tried GnuPG 2.1 and the OpenPGP part seems to work fine. Now I started playing with the G13 tool. With the EncFS backend, I got the following error: $ g13 -v -r A6CC6651 --create foo g13: DBG: used keyblob size is 61 g13: no running gpg - starting `/usr/local/bin/gpg2' g13: running `/usr/bin/encfs' in the background g13: DBG: starting runner thread g13: encfs-1: encfs: unrecognized option '--annotate' I couldn't find --annotate option in EncFS versions from 1.4 to 1.7.3. Do I need some patch to EncFS for G13? Regards, -- Daiki Ueno ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I flush a bad symmetric password from gpg-agent?
>>>>> In
>>>>> <4a8c5344.4060701__17863.5451746688$1250713354$gmane$...@dougbarton.us>
>>>>> Doug Barton wrote:
> >> Today I mis-typed a passphrase for a symmetrically encrypted file and
> >> was surprised to discover that gpg-agent had stored the bad passphrase
> >> and would not let me access the file. I have occasionally in the past
> >
> > This is a new and probably not too well tested feature. I'll check whey
> > this is going wrong.
> Fair enough, thanks.
That's my fault, sorry. The attached patch should fix the problem.
Could you try it?
2009-08-20 Daiki Ueno
* mainproc.c (proc_encrypted): Clear passphrase cached with S2K
cache ID if decryption failed.
* passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid.
* gpgv.c (passphrase_clear_cache): New stub.
Index: g10/gpgv.c
===
--- g10/gpgv.c (revision 5124)
+++ g10/gpgv.c (working copy)
@@ -426,6 +426,14 @@
return NULL;
}
+void
+passphrase_clear_cache (u32 *keyid, const char *cacheid, int algo)
+{
+ (void)keyid;
+ (void)cacheid;
+ (void)algo;
+}
+
struct keyserver_spec *
parse_preferred_keyserver(PKT_signature *sig)
{
Index: g10/mainproc.c
===
--- g10/mainproc.c (revision 5124)
+++ g10/mainproc.c (working copy)
@@ -586,6 +586,13 @@
write_status( STATUS_DECRYPTION_FAILED );
}
else {
+if (gpg_err_code (result) == GPG_ERR_BAD_KEY
+ && *c->dek->s2k_cacheid != '\0')
+ {
+ log_debug(_("cleared passphrase cached with ID: %s\n"),
+ c->dek->s2k_cacheid);
+ passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0);
+ }
write_status( STATUS_DECRYPTION_FAILED );
log_error(_("decryption failed: %s\n"), g10_errstr(result));
/* Hmmm: does this work when we have encrypted using multiple
Index: g10/passphrase.c
===
--- g10/passphrase.c (revision 5124)
+++ g10/passphrase.c (working copy)
@@ -452,6 +452,7 @@
DEK *dek;
STRING2KEY help_s2k;
int dummy_canceled;
+ char s2k_cacheidbuf[1+16+1], *s2k_cacheid = NULL;
if (!canceled)
canceled = &dummy_canceled;
@@ -573,19 +574,16 @@
}
else
{
- char *cacheid = NULL;
- char buf[1+16+1];
-
if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
{
- memset (buf, 0, sizeof buf);
- *buf = 'S';
- bin2hex (s2k->salt, 8, buf + 1);
- cacheid = buf;
+ memset (s2k_cacheidbuf, 0, sizeof s2k_cacheidbuf);
+ *s2k_cacheidbuf = 'S';
+ bin2hex (s2k->salt, 8, s2k_cacheidbuf + 1);
+ s2k_cacheid = s2k_cacheidbuf;
}
/* Divert to the gpg-agent. */
- pw = passphrase_get (keyid, mode == 2, cacheid,
+ pw = passphrase_get (keyid, mode == 2, s2k_cacheid,
(mode == 2 || mode == 4)? opt.passwd_repeat : 0,
tryagain_text, custdesc, custprompt, canceled);
if (*canceled)
@@ -608,6 +606,8 @@
dek->keylen = 0;
else
hash_passphrase (dek, pw, s2k);
+ if (s2k_cacheid)
+memcpy (dek->s2k_cacheid, s2k_cacheid, sizeof dek->s2k_cacheid);
xfree(last_pw);
last_pw = pw;
return dek;
Index: include/cipher.h
===
--- include/cipher.h (revision 5124)
+++ include/cipher.h (working copy)
@@ -94,6 +94,7 @@
int use_mdc;
int symmetric;
byte key[32]; /* This is the largest used keylen (256 bit). */
+ char s2k_cacheid[1+16+1];
} DEK;
Regards,
--
Daiki Ueno
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
