Page MenuHome GnuPG
Create Task
Maniphest T2758

entering a "too long" passphrase fails in different ways.
Open, NormalPublic
Actions

Description

I'm trying to create a key with a passphrase of 1000 'a' characters, which i
generate with:

    python3 -c 'print("a"*1000)'

I know this is a terrible idea, but i'm trying to see how gpg handles the
situation. Unfortunately, it appears to vary with different pinentries, and
none of the means are very good.

I'm using pinentry 0.9.7.

my tests are done like this for a given $pinentry:

    GNUPGHOME=$(mktemp -d)
    echo pinentry-program $pinentry > $GNUPGHOME/gpg-agent.conf
    gpg --yes --quick-gen-key 'test user <test@example.org>'

Then, i paste the 1000 "a"s into whatever pinentry field i get.

-----

With pinentry-gnome3, pinentry-tty, and pinentry-gtk-2, i get prompted for the
passphrase twice (the graphical dialogs contain two form fields), and then after
i enter my long password in both places, gpg emits:

    gpg: agent_genkey failed: No data callback in IPC
    Key generation failed: No data callback in IPC

and returns with an error code of 2.

-----

With pinentry-curses, i get prompted for the password only once (there is only
one field ever shown); after i enter my long password there, gpg emits the same
thing:

    gpg: agent_genkey failed: No data callback in IPC
    Key generation failed: No data callback in IPC

and returns with an error code of 2.

-----

With pinentry-qt, i get an entirely different behavior. I first see a dialog
box prompting me for the passphrase. I enter it there and submit, and it pops
up again reading "Passphrase too long (try 2 of 3)" in red. Either hitting
cancel there or re-entering my same too-long password results in "you have not
entered a passphrase - this is in general a bad idea" with my options being
"Yes, protection is not needed" or "Enter new passphrase". If i choose "Yes,
protection is not needed", then i go through the whole rigamarole a second time.

If i agree twice, with the only passphrase i've entered  being the super long

one, i end up with an unprotected key.

experimenting with pinentry-qt directly, i observe that just from a simple
"getpin" pinentry actually silently truncates whatever was entered down to 256
characters.

------

None of these behaviors makes sense from a user point of view. If a pinentry
knows that there is a length limit, it should enforce that length limit in its
UI, letting users know that they've hit some sort of limit. If pinentry does
its best to submit something and gpg barfs on it, gpg should give the user a
clearer indication of what went wrong than "No data callback in IPC".

Details

Version
2.1.15

Event Timeline

dkg added projects: gnupg, Bug Report.Oct 14 2016, 8:33 PM
dkg set Version to 2.1.15.
dkg added a subscriber: dkg.
marcus added a subscriber: marcus.Jul 29 2017, 2:13 PM

The maximum passphrase length is defined in agent.h:

/* The maximum length of a passphrase (in bytes).  Note: this is                                                                                                                                   
   further contrained by the Assuan line length (and any other text on                                                                                                                             
   the same line).  However, the Assuan line length is 1k bytes so                                                                                                                                 
   this shouldn't be a problem in practice.  */
#define MAX_PASSPHRASE_LEN 255