Bug#839547: gnupg: unable to decrypt file

2016-10-17 Thread Paul Rogé 
Hi Werner and Daniel, the upgrade to pinentry-gnome3 0.9.7-6 seems to 
have solved the problem. I suppose the bug entry can be marked as resolved.


thanks for the help!
Paul

Bug#839547: gnupg: unable to decrypt file

2016-10-05 Thread Paul Rogé 
For the moment, I've resolved the issue by downgrading to the stable 
version of gnupg. I activated the stable release and modified 
/etc/preferences as such:


  Package: gnupg*
  Pin: release a=stable
  Pin-Priority: 991

I also had to replace my directory of gnupg keys with a backed up 
version from before the upgrade to make it work.


- Paul

Bug#839547: gnupg: unable to decrypt file

2016-10-04 Thread Paul Rogé 
Hi Daniel,

> how are you running this?  you said earlier this is rxvt-unicode,
> but inside of what kind of graphical environment?  Can do you know
> how gpg-agent was started?

I'm using  dwm (6.1-3 amd64)

> How is gpg-agent started?  What happens if you kill gpg-agent and
> then try the decryption command again immediately?
> 
> gpgconf --kill gpg-agent
> gpg --decrypt FILENAME

gpgconf --kill gpg-agent
gpg --decrypt file.gpg
gpg: encrypted with 2048-bit RSA key, ID 3A2B8EB7865452A1, created
2014-02-28
  "Paul Rogé "
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key

Bug#839547: gnupg: unable to decrypt file

2016-10-04 Thread Daniel Kahn Gillmor 
Hi Paul--

hope it's ok that i'm responding to the public BTS as well.  i've
removed your trace below.

On Tue 2016-10-04 14:48:59 -0400, Paul Rogé wrote:

> I'm sending you another log file (I sent Daniel one earlier). The
> numbers that seem like they might be sensitive are replaced by Xs. And I
> am not posting it to the bug report system in case I missed something.
> This is an attempt to export my secret key using:
>
> $ gpg --export-secret-keys 40E25F025E23DE01 > ~/Desktop/private.key
> gpg: key : error receiving
> key from agent: Operation cancelled - skipped
> gpg: key : error receiving
> key from agent: Operation cancelled - skipped
> gpg: WARNING: nothing exported

how are you running this?  you said earlier this is rxvt-unicode, but
inside of what kind of graphical environment?  Can do you know how
gpg-agent was started?

Let's stick with the --decrypt use case instead of the
--export-secret-keys use case for now.

How is gpg-agent started?  What happens if you kill gpg-agent and then
try the decryption command again immediately?

gpgconf --kill gpg-agent
gpg --decrypt FILENAME

regards,

--dkg

Bug#839547: gnupg: unable to decrypt file

2016-10-04 Thread Paul Rogé 
> I have tried that with the lates development version and on my non-gnome
> desktop it shows this error message:
> 
>   $ gnome3/pinentry-gnome3 
>   OK Pleased to meet you
>   getpin
> 
>   ** (pinentry-gnome3:29667): WARNING **: couldn't create prompt for
>  gnupg passphrase:
>  GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name
>  org.gnome.keyring.SystemPrompter was not provided by any .service
>  files
> 
> May it be that you have a similar problem?

Hi Werner, my version does not produce this error. I get:

$ pinentry-gnome3
OK Pleased to meet you
getpin
D asg
OK
bye
OK closing connection

Bug#839547: [pkg-gnupg-maint] Bug#839547: Bug#839547: gnupg: unable to decrypt file

2016-10-04 Thread Werner Koch 
On Sun,  2 Oct 2016 01:16, pr...@riseup.net said:

> pinentry-gnome3: /usr/bin/pinentry-gnome3

I have tried that with the lates development version and on my non-gnome
desktop it shows this error message:

  $ gnome3/pinentry-gnome3 
  OK Pleased to meet you
  getpin

  ** (pinentry-gnome3:29667): WARNING **: couldn't create prompt for
 gnupg passphrase:
 GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name
 org.gnome.keyring.SystemPrompter was not provided by any .service
 files

May it be that you have a similar problem?  Given that you won't stderr
output when Pinentry is called by gpg-agent, I added some debug code to
Pinentry.  In case it fails at this place, the debug-pinentry
gpg-agent.conf file setting will now produce this error:

  S ERROR gnome3.gcr_prompt 83886195 GDBus.Error:org.freedesktop.DBus.\
Error.ServiceUnknown: The name org.gnome.keyring.SystemPrompter \
was not provided by any .service files
  ERR 83886195 Configuration error 

Note that the final error message will be "configuration error".

The changes are in the Pinentry repo but we had no more release in the
last 9 months - thus porting this patch won't be easy.  I will do a new
release as soon as we have sorted out your problem.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp5zU1JU8XY6.pgp
Description: PGP signature

Bug#839547: [pkg-gnupg-maint] Bug#839547: gnupg: unable to decrypt file

2016-10-02 Thread Daniel Kahn Gillmor 
Hi Paul--

On Sat 2016-10-01 16:16:39 -0700, Paul Rogé wrote:
>
>>   dpkg -l 'pinentry-*'
>
> pinentry-gnome3 0.9.7-5 amd64
> pinentry-gtk2 0.9.7-5 amd64
>
>>   dpkg -S $(readlink -f $(which pinentry))
>
> pinentry-gnome3: /usr/bin/pinentry-gnome3
>
>> are you running this from a graphical environment (e.g. in an Xterm or
>> something), from a virtual terminal, or somewhere else?
>> 
> I am running this from a graphical environment (rxvt-unicode [9.22-1+b1
> amd64]), but the same problem occurs from the console.
>
>> If you do have pinentry installed, does it show you a prompt if you run
>> it directly?
>
> This is what I get following your instructions:
>
> OK Pleased to meet you
> getpin
> D asd
> OK
> bye
> OK closing connection

great, this all sounds reasonable and correct, so pinentry is *not* the
problem here.

the next step for debugging might be to see what's going on with your
gpg-agent, which is where the secret key gets used.

Please try increasing the logging in gpg-agent and seeing if there's a
clue in there.  You can do this by adding the following lines to
~/.gnupg/gpg-agent.conf (note that you should replace the "1000" below
with whatever your user id number is):

debug-level advanced
debug-pinentry
log-file /run/user/1000/gpg-agent.log

and then restarting the agent with this command:

gpg-connect-agent reloadagent /bye

Then retry the decryption operation:

gpg --decrypt file.gpg

and see what ends up in that log.  Feel free to send it to me privately
if you aren't sure if there's anything troubling in it, or to redact any
parts you don't want public (e.g. replace any string of
arbitrary-looking hexadecimal with XXX) and send it to this bug
report.

Thanks for bearing with this debugging process!

   --dkg




signature.asc
Description: PGP signature

Bug#839547: [pkg-gnupg-maint] Bug#839547: gnupg: unable to decrypt file

2016-10-01 Thread Paul Rogé 
Hi Daniel,

>   dpkg -l 'pinentry-*'

pinentry-gnome3 0.9.7-5 amd64
pinentry-gtk2 0.9.7-5 amd64

>   dpkg -S $(readlink -f $(which pinentry))

pinentry-gnome3: /usr/bin/pinentry-gnome3

> are you running this from a graphical environment (e.g. in an Xterm or
> something), from a virtual terminal, or somewhere else?
> 
I am running this from a graphical environment (rxvt-unicode [9.22-1+b1
amd64]), but the same problem occurs from the console.

> If you do have pinentry installed, does it show you a prompt if you run
> it directly?

This is what I get following your instructions:

OK Pleased to meet you
getpin
D asd
OK
bye
OK closing connection

Bug#839547: [pkg-gnupg-maint] Bug#839547: gnupg: unable to decrypt file

2016-10-01 Thread Daniel Kahn Gillmor 
Hi Paul--

On Sat 2016-10-01 13:33:20 -0700, Paul Roge wrote:
> After updated gnupg, I am unable to decrypt files with "gpg --decrypt 
> [file].gpg". The following error is generated:
>
>> gpg: encrypted with 2048-bit RSA key, ID 3A2B8EB7865452A1, created 2014-02-28
>>   "Paul Rogé "
>> gpg: public key decryption failed: Operation cancelled
>> gpg: decryption failed: No secret key
>
> I have checked that a secret key exists by "gpg --edit-key 3A2B8EB7865452A1", 
> which states:
>
>> Secret key is available.
>> 
>> sec  rsa2048/40E25F025E23DE01
>>  created: 2014-02-28  expires: 2017-03-14  usage: SC  
>>  trust: ultimate  validity: ultimate
>> ssb  rsa2048/3A2B8EB7865452A1
>>  created: 2014-02-28  expires: 2017-03-14  usage: E   
>> [ultimate] (1). Paul Rogé 
>> [ultimate] (2)  Paul Rogé 
>> [ultimate] (3)  Paul Rogé 
>> [ultimate] (4)  Paul Rogé 
>
> I also ran the script "/usr/bin/migrate-pubring-from-classic-gpg --default", 
> but the same problem persists.

Thanks for the report!  it sounds like maybe the problem is with
pinentry, which is what gpg-agent uses to get permission for use of the
secret key -- what version of pinentry do you have installed?

  dpkg -l 'pinentry-*'
  dpkg -S $(readlink -f $(which pinentry))

are you running this from a graphical environment (e.g. in an Xterm or
something), from a virtual terminal, or somewhere else?

If you do have pinentry installed, does it show you a prompt if you run
it directly?  If you run it directly (as "pinentry") it should print out
"OK pleased to meet you".  at that point, you can type "getpin" and hit
enter, and it should prompt you for a passphrase.  enter a dummy
passphrase into whatever dialog you get, and then pinentry should write
it (prefixed with "D ") and then will write "OK".  after that "OK", you
can type "bye" to terminate.

does that work for you?

 --dkg


signature.asc
Description: PGP signature

Bug#839547: gnupg: unable to decrypt file

2016-10-01 Thread Paul Roge 
Package: gnupg
Version: 2.1.15-3
Severity: normal

Dear Maintainer,

After updated gnupg, I am unable to decrypt files with "gpg --decrypt 
[file].gpg". The following error is generated:

> gpg: encrypted with 2048-bit RSA key, ID 3A2B8EB7865452A1, created 2014-02-28
>   "Paul Rogé "
> gpg: public key decryption failed: Operation cancelled
> gpg: decryption failed: No secret key

I have checked that a secret key exists by "gpg --edit-key 3A2B8EB7865452A1", 
which states:

> Secret key is available.
> 
> sec  rsa2048/40E25F025E23DE01
>  created: 2014-02-28  expires: 2017-03-14  usage: SC  
>  trust: ultimate  validity: ultimate
> ssb  rsa2048/3A2B8EB7865452A1
>  created: 2014-02-28  expires: 2017-03-14  usage: E   
> [ultimate] (1). Paul Rogé 
> [ultimate] (2)  Paul Rogé 
> [ultimate] (3)  Paul Rogé 
> [ultimate] (4)  Paul Rogé 

I also ran the script "/usr/bin/migrate-pubring-from-classic-gpg --default", 
but the same problem persists.

Thanks,
Paul

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg depends on:
ii  gnupg-agent2.1.15-3
ii  libassuan0 2.4.3-1
ii  libbz2-1.0 1.0.6-8
ii  libc6  2.24-3
ii  libgcrypt201.7.3-1
ii  libgpg-error0  1.24-1
ii  libksba8   1.3.5-2
ii  libreadline6   6.3-8+b4
ii  libsqlite3-0   3.14.2-1
ii  zlib1g 1:1.2.8.dfsg-2+b1

Versions of packages gnupg recommends:
ii  dirmngr 2.1.15-3
ii  gnupg-l10n  2.1.15-3

Versions of packages gnupg suggests:
pn  parcimonie  
pn  xloadimage  

-- no debconf information