Page MenuHome GnuPG
Create Task
Maniphest T2015

GET_PASSPHRASE with --no-ask always return error in gnupg 2.1.5
Closed, ResolvedPublic
Actions

Description

In gpg 2.1.4 the command
echo "GET_PASSPHRASE --no-ask XXXXXXXXXX a a a" | gpg-connect-agent
returned

  • "OK PASSPHRASE" in case the passphrase was already cached
  • "ERR 67108922 No data <GPG Agent>" in case the passphrase was not in cache

This behavior changed in gpg 2.1.5 and no matter if the passphrase is already
cached or not, gpg-agent always return the error message above.

Details

Version
gnupg 2.1.5

Related Objects

Event Timeline

lenharo set Version to gnupg 2.1.5.Jun 16 2015, 6:46 PM
lenharo added projects: gnupg, Bug Report.
lenharo added a subscriber: lenharo.
werner added a subscriber: werner.Jun 17 2015, 8:54 AM

Sorry, I can't replicate this. First I enter "123" as passphrase
using

  $ gpg-connect-agent 'GET_PASSPHRASE  XXXXXXXXXX a a a' /bye
  OK 616263

Then I ask for it with --no-ask

  $ gpg-connect-agent 'GET_PASSPHRASE --no-ask XXXXXXXXXX a a a' /bye
  OK 616263

Now let's delete it from the cache:

  $ gpgconf --reload gpg-agent

and ask again:

  $ gpg-connect-agent 'GET_PASSPHRASE --no-ask XXXXXXXXXX a a a' /bye
  ERR 67108922 No data <GPG Agent>
  OK

I am using

  $ gpg-connect-agent 'getinfo version' /bye
  D 2.1.6-beta3

but that did not changed things in this part of GnuPG.

lenharo added a comment.Jun 17 2015, 4:44 PM

Sorry not giving you more details at first time. Actually I'm using
gpg-preset-passphrase.
Executing the steps you mentioned works for me as well. The problem seems to be
when gpg-preset-passphrase is used.

$ gpg-connect-agent 'getinfo version' /bye




D 2.1.5






OK



$ echo "asd"|/usr/lib/gnupg/gpg-preset-passphrase --preset XXXXXXXXXX



$ gpg-connect-agent 'GET_PASSPHRASE  --no-ask XXXXXXXXXX a a a' /bye

ERR 67108922 No data <GPG Agent>



-------



$ gpg-connect-agent 'getinfo version' /bye






D 2.1.4






OK



$ echo "asd"|/usr/lib/gnupg/gpg-preset-passphrase --preset XXXXXXXXXX



$ gpg-connect-agent 'GET_PASSPHRASE  --no-ask XXXXXXXXXX a a a' /bye

OK 617364



Distro: Archlinux 64bit
lenharo added a comment.Jun 17 2015, 5:36 PM
642_unnamed3 KBDownload
neal added a subscriber: neal.Jun 18 2015, 1:38 PM
I traced agent/cache.c:agent_get_cache.  The entry is in the cache, but its

cache_mode (CACHE_MODE_ANY) does not match cache mode (CACHE_MODE_USER) and thus

the password is not used:



  p *thecache
  $10 = {next = 0x0, created = 1434627188, accessed = 1434627188, ttl = -1, 
    pw = 0x7f94b4001d80, cache_mode = CACHE_MODE_ANY, key = "2"}

  (gdb) p !strcmp (r->key, key)
  $15 = 1
  (gdb) p r->pw
  $16 = (struct secret_data_s *) 0x7f94b4001d80
  (gdb) p ((cache_mode != CACHE_MODE_USER && cache_mode != CACHE_MODE_NONCE) ||



r->cache_mode == cache_mode)



$17 = 0
neal added a comment.Jun 18 2015, 1:50 PM
I narrow this down to commit: 23d2ef83cda644c6a83499f9327350d3371e8a17

Author: Werner Koch <wk@gnupg.org>

Date:   Wed May 20 16:13:55 2015 +0200



agent: Cleanup caching code for command GET_PASSPHRASE.

* agent/command.c (cmd_get_passphrase): Read from the user cache.
--

We used to read the passphrase with mode CACHE_MODE_NORMAL but we put
it into the cache with CACHE_MODE_USER.  However, agent_get_cache does
not yet distinguish between them and thus this does not change
anything.
 werner added a project: gpgagent.Jan 15 2016, 4:40 PM
justus closed this task as Resolved.Jul 18 2016, 12:59 PM
justus claimed this task.
Fixed in f4742493.
justus added a subscriber: justus.Jul 18 2016, 12:59 PM