It would be nice if gnupg could output a meaningful status on status-fd if the
user cancels a decryption operation, i.e. by cancelling the passphrase dialog.
Currently, it is not easy to differentiate this from an actually failed decryption.
Description
Details
- Version
- 1.4.10
Event Timeline
What about this:
[GNUPG:] MISSING_PASSPHRASE
gpg: encrypted with 2048-bit RSA key, ID F409CD54, created 2007-12-31
"Werner Koch <wk@gnupg.org>"
gpg: public key decryption failed: Operation cancelled
[GNUPG:] ERROR pkdecrypt_failed 99
gpg: encrypted with 1024-bit ELG key, ID 46A871F8, created 1999-03-08
"Alfa Test (demo key) <alfa@example.net>"
gpg: public key decryption failed: Operation cancelled
[GNUPG:] ERROR pkdecrypt_failed 99
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
gpg: decryption failed: No secret key
[GNUPG:] END_DECRYPTION
The 99 in "ERROR pkdecrypt_failed 99" is the code for Cancel. What I did is to
decrypt a message encrypted to two keys and hit cancel for both passphrase
requests. Due to the way it is implemented we will have the othrr error messages
as well. It is possible that you cancel one pinentry but use another one. In
such a case you will of course notice a cancel but the operation will succeed.
If you want a cancel error instead of no secret key, it is definitely more work.
What do you think.
Hmmm... I am talking about GnuPG 1.4.10 here. I am not getting anything like
this. I am, however, using gpg-agent from gpg2.
I get
[GNUPG:] NEED_PASSPHRASE ...
[GNUPG:] MISSING_PASSPHRASE
[GNUPG:] BAD_PASSPHRASE ...
[GNUPG:] NO_SECKEY
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
EDIT: The NO_SECKEY comes from a second key for which I do not have the private
key. But all I get after pressing cancel is BAD_PASSPHRASE, which could happen
as well if the user really got it right on the second try.