On Fri, Dec 27, 2019 at 12:12:32PM +0100, Claus Assmann wrote:
on the system?). However, I can no longer decrypt mails (using gpg
1.4.23)
"Could not decrypt ..."
Try refreshing your pgp_* commands against the version in contrib/gpg.rc
in the tarball. 1.10.1 added $pgp_check_gpg_decrypt_status_fd, to check
the status file descriptor for GPG decryption codes, to protect against
spoofing. (1.6.0 also did this a bit less thoroughly, but required
pro-active setting of $pgp_decryption_okay by users to enable it.).
Most likely, the '--status-fd=2' parts are missing from your
$pgp_decode_command and $pgp_decrypt_command. However, it would be good
to just use all the values in the gpg.rc file, to protect against other
issues too. For example, there were some attacks protected against by
the --no-verbose flag, which I've noticed some long-time users don't
have enabled.
--
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
