Page MenuHome GnuPG

GET_PASSPHRASE with --no-ask always return error in gnupg 2.1.5
Closed, ResolvedPublic

Description

In gpg 2.1.4 the command
echo "GET_PASSPHRASE --no-ask XXXXXXXXXX a a a" | gpg-connect-agent
returned

  • "OK PASSPHRASE" in case the passphrase was already cached
  • "ERR 67108922 No data <GPG Agent>" in case the passphrase was not in cache

This behavior changed in gpg 2.1.5 and no matter if the passphrase is already
cached or not, gpg-agent always return the error message above.

Details

Version
gnupg 2.1.5

Event Timeline

lenharo added projects: gnupg, Bug Report.
lenharo added a subscriber: lenharo.

Sorry, I can't replicate this. First I enter "123" as passphrase
using

  $ gpg-connect-agent 'GET_PASSPHRASE  XXXXXXXXXX a a a' /bye
  OK 616263

Then I ask for it with --no-ask

  $ gpg-connect-agent 'GET_PASSPHRASE --no-ask XXXXXXXXXX a a a' /bye
  OK 616263

Now let's delete it from the cache:

  $ gpgconf --reload gpg-agent

and ask again:

  $ gpg-connect-agent 'GET_PASSPHRASE --no-ask XXXXXXXXXX a a a' /bye
  ERR 67108922 No data <GPG Agent>
  OK

I am using

  $ gpg-connect-agent 'getinfo version' /bye
  D 2.1.6-beta3

but that did not changed things in this part of GnuPG.

Sorry not giving you more details at first time. Actually I'm using
gpg-preset-passphrase.
Executing the steps you mentioned works for me as well. The problem seems to be
when gpg-preset-passphrase is used.

$ gpg-connect-agent 'getinfo version' /bye

D 2.1.5

OK

$ echo "asd"|/usr/lib/gnupg/gpg-preset-passphrase --preset XXXXXXXXXX

$ gpg-connect-agent 'GET_PASSPHRASE --no-ask XXXXXXXXXX a a a' /bye
ERR 67108922 No data <GPG Agent>

-------

$ gpg-connect-agent 'getinfo version' /bye

D 2.1.4

OK

$ echo "asd"|/usr/lib/gnupg/gpg-preset-passphrase --preset XXXXXXXXXX

$ gpg-connect-agent 'GET_PASSPHRASE --no-ask XXXXXXXXXX a a a' /bye
OK 617364

Distro: Archlinux 64bit

I traced agent/cache.c:agent_get_cache. The entry is in the cache, but its
cache_mode (CACHE_MODE_ANY) does not match cache mode (CACHE_MODE_USER) and thus
the password is not used:

  p *thecache
  $10 = {next = 0x0, created = 1434627188, accessed = 1434627188, ttl = -1, 
    pw = 0x7f94b4001d80, cache_mode = CACHE_MODE_ANY, key = "2"}

  (gdb) p !strcmp (r->key, key)
  $15 = 1
  (gdb) p r->pw
  $16 = (struct secret_data_s *) 0x7f94b4001d80
  (gdb) p ((cache_mode != CACHE_MODE_USER && cache_mode != CACHE_MODE_NONCE) ||

r->cache_mode == cache_mode)

$17 = 0

I narrow this down to commit: 23d2ef83cda644c6a83499f9327350d3371e8a17
Author: Werner Koch <wk@gnupg.org>
Date: Wed May 20 16:13:55 2015 +0200

agent: Cleanup caching code for command GET_PASSPHRASE.

* agent/command.c (cmd_get_passphrase): Read from the user cache.
--

We used to read the passphrase with mode CACHE_MODE_NORMAL but we put
it into the cache with CACHE_MODE_USER.  However, agent_get_cache does
not yet distinguish between them and thus this does not change
anything.
justus claimed this task.

Fixed in f4742493.