Re: gpgsm: (pinentry:24664): GLib-GObject-CRITICAL **: Object class GtkSecureEntry doesn't implement property 'editing-canceled' from interface 'GtkCellEditable'
Werner Koch writes: >> gpgsm: (pinentry:24664): GLib-GObject-CRITICAL **: Object class >> GtkSecureEntry doesn't implement property 'editing-canceled' from >> interface 'GtkCellEditable' > > This warning is due to a newer version of Gtk+ (2.20). Pinentry uses a > replacement of GTK+'s standard text entry widget which was written many > years ago. It should will be simple to add this property and explicitly > return FALSE - this should silence the warning. And it seems you already fixed it in the git repo some time ago: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=671a1a70 Is there any chance of new release? :-) Regards, -- Daiki Ueno ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --list-secret-keys does not skip revoked keys
Daiki Ueno writes: > BTW, I'm wondering if there is any reason why the validity field (Field > 2 of --with-colons output) is not used for secret keys. It might be > useful for the libraries which call gpg internally (epg.el I mean :) to > check if a key is usable. Actually, it looks that GPGME ignores the validity when listing keys with SECRET_ONLY flag. Here is a sample program: #include #include #include #include static gpgme_error_t list_key_validity (const char *pattern) { gpgme_ctx_t ctx; gpgme_key_t key; gpgme_error_t err = gpgme_new (&ctx); int secret_only; if (err) goto out; for (secret_only = 0; secret_only < 2; secret_only++) { err = gpgme_op_keylist_start (ctx, pattern, secret_only); if (err) goto out; while (!err) { err = gpgme_op_keylist_next (ctx, &key); if (err) break; printf ("%s (%s) revoked = %d, expired = %d\n", key->subkeys->keyid, (secret_only ? "sec" : "pub"), key->subkeys->revoked, key->subkeys->expired); gpgme_key_release (key); } gpgme_op_keylist_end (ctx); } out: gpgme_release (ctx); return err; } int main (int argc, char **argv) { int i; if (argc < 2) { fprintf (stderr, "Usage: %s pattern...\n", argv[0]); exit (1); } setlocale (LC_ALL, ""); gpgme_check_version (NULL); gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL)); #ifdef LC_MESSAGES gpgme_set_locale (NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL)); #endif for (i = 0; i < argc; i++) list_key_validity (argv[i]); return 0; } /* * Local variables: * compile-command: "gcc -o list-key-validity list-key-validity.c `gpgme-config --cflags --libs`" * End: */ I get: $ ./list-key-validity A6CC6651 D1458906 084B0E86A6CC6651 (pub) revoked = 0, expired = 1 892F1451D1458906 (pub) revoked = 1, expired = 0 892F1451D1458906 (sec) revoked = 0, expired = 0 Maybe I'm missing some points of the OpenPGP concept. Regards, -- Daiki Ueno ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg --list-secret-keys does not skip revoked keys
Hi, I noticed that gpg --list-secret-keys skips expired keys but not revoked keys. For example, when I have two keys (one is expired and another is revoked): $ gpg --list-keys A6CC6651 D1458906 pub 2048R/A6CC6651 2010-11-10 [expired: 2010-11-17] uid Daiki Ueno pub 2048R/D1458906 2010-12-22 [revoked: 2010-12-22] uid Daiki Ueno $ gpg --list-secret-keys A6CC6651 D1458906 sec 2048R/D1458906 2010-12-22 uid Daiki Ueno ssb 2048R/AE471CB5 2010-12-22 Is this an intended behavior? Also, if I supply the revoked key to say gpg --sign, it simply fails: $ gpg --sign -u D1458906 < /dev/null gpg: skipped "D1458906": unusable secret key gpg: signing failed: unusable secret key BTW, I'm wondering if there is any reason why the validity field (Field 2 of --with-colons output) is not used for secret keys. It might be useful for the libraries which call gpg internally (epg.el I mean :) to check if a key is usable. Currently we need to run gpg --list-keys followed by gpg --list-secret-keys. Regards, -- Daiki Ueno ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: EncFS patch
Werner Koch writes: > find below a pacth agains EncFS 1.5.2 - this is the one I used for > testing. Thanks. It now basically works (I used encfs-1.7.3_annotate.diff you posted to gnupg-devel), though the usage was a bit unclear to me :) For anyone else who wants to try, here is my trial log: $ g13 -r A6CC6651 --create foo $ mkdir /tmp/x $ g13 --mount foo /tmp/x & $ echo aaa > /tmp/x/passwords $ pkill g13 $ ls /tmp/x # there are no files $ g13 --mount foo /tmp/x & $ ls /tmp/x passwords Regards, -- Daiki Ueno ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 beta released
Hi, Werner Koch writes: > We just released the first *beta version* of GnuPG 2.1. It has been > released to give you the opportunity to check out the new features. I just tried GnuPG 2.1 and the OpenPGP part seems to work fine. Now I started playing with the G13 tool. With the EncFS backend, I got the following error: $ g13 -v -r A6CC6651 --create foo g13: DBG: used keyblob size is 61 g13: no running gpg - starting `/usr/local/bin/gpg2' g13: running `/usr/bin/encfs' in the background g13: DBG: starting runner thread g13: encfs-1: encfs: unrecognized option '--annotate' I couldn't find --annotate option in EncFS versions from 1.4 to 1.7.3. Do I need some patch to EncFS for G13? Regards, -- Daiki Ueno ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I flush a bad symmetric password from gpg-agent?
>>>>> In >>>>> <4a8c5344.4060701__17863.5451746688$1250713354$gmane$...@dougbarton.us> >>>>> Doug Barton wrote: > >> Today I mis-typed a passphrase for a symmetrically encrypted file and > >> was surprised to discover that gpg-agent had stored the bad passphrase > >> and would not let me access the file. I have occasionally in the past > > > > This is a new and probably not too well tested feature. I'll check whey > > this is going wrong. > Fair enough, thanks. That's my fault, sorry. The attached patch should fix the problem. Could you try it? 2009-08-20 Daiki Ueno * mainproc.c (proc_encrypted): Clear passphrase cached with S2K cache ID if decryption failed. * passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid. * gpgv.c (passphrase_clear_cache): New stub. Index: g10/gpgv.c === --- g10/gpgv.c (revision 5124) +++ g10/gpgv.c (working copy) @@ -426,6 +426,14 @@ return NULL; } +void +passphrase_clear_cache (u32 *keyid, const char *cacheid, int algo) +{ + (void)keyid; + (void)cacheid; + (void)algo; +} + struct keyserver_spec * parse_preferred_keyserver(PKT_signature *sig) { Index: g10/mainproc.c === --- g10/mainproc.c (revision 5124) +++ g10/mainproc.c (working copy) @@ -586,6 +586,13 @@ write_status( STATUS_DECRYPTION_FAILED ); } else { +if (gpg_err_code (result) == GPG_ERR_BAD_KEY + && *c->dek->s2k_cacheid != '\0') + { + log_debug(_("cleared passphrase cached with ID: %s\n"), + c->dek->s2k_cacheid); + passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0); + } write_status( STATUS_DECRYPTION_FAILED ); log_error(_("decryption failed: %s\n"), g10_errstr(result)); /* Hmmm: does this work when we have encrypted using multiple Index: g10/passphrase.c === --- g10/passphrase.c (revision 5124) +++ g10/passphrase.c (working copy) @@ -452,6 +452,7 @@ DEK *dek; STRING2KEY help_s2k; int dummy_canceled; + char s2k_cacheidbuf[1+16+1], *s2k_cacheid = NULL; if (!canceled) canceled = &dummy_canceled; @@ -573,19 +574,16 @@ } else { - char *cacheid = NULL; - char buf[1+16+1]; - if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3)) { - memset (buf, 0, sizeof buf); - *buf = 'S'; - bin2hex (s2k->salt, 8, buf + 1); - cacheid = buf; + memset (s2k_cacheidbuf, 0, sizeof s2k_cacheidbuf); + *s2k_cacheidbuf = 'S'; + bin2hex (s2k->salt, 8, s2k_cacheidbuf + 1); + s2k_cacheid = s2k_cacheidbuf; } /* Divert to the gpg-agent. */ - pw = passphrase_get (keyid, mode == 2, cacheid, + pw = passphrase_get (keyid, mode == 2, s2k_cacheid, (mode == 2 || mode == 4)? opt.passwd_repeat : 0, tryagain_text, custdesc, custprompt, canceled); if (*canceled) @@ -608,6 +606,8 @@ dek->keylen = 0; else hash_passphrase (dek, pw, s2k); + if (s2k_cacheid) +memcpy (dek->s2k_cacheid, s2k_cacheid, sizeof dek->s2k_cacheid); xfree(last_pw); last_pw = pw; return dek; Index: include/cipher.h === --- include/cipher.h (revision 5124) +++ include/cipher.h (working copy) @@ -94,6 +94,7 @@ int use_mdc; int symmetric; byte key[32]; /* This is the largest used keylen (256 bit). */ + char s2k_cacheid[1+16+1]; } DEK; Regards, -- Daiki Ueno ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users