Page MenuHome GnuPG
Create Task
Maniphest T3270

No reasonable error codes on decryption failure
Closed, ResolvedPublic
Actions

Description

Decryption with the python module around gpgme only produces very general error codes which give little or no clue to what happened.
I did 3 different tests:

  1. Decrypt and cancel the passphrase dialog of the agent
  2. Decrypt data for which you do not have the private key
  3. Decrypt truncated/corrupt data

All 3 returned a GPGMEError exception with text "Invocation of gpgme_op_decrypt_verify: GPGME: Decryption failed" and error code 152.

This is not really helpful as the three cases above should be handled differently - first one is no error, second one should show a meaningful message and only the third one really is an error.

Details

Version
1.8.0

Revisions and Commits

rM GPGME
rMd37bc7e025cd core: Return CANCELED and BAD_PASSPHRASE error code on decryption.
rMad0c5ab4cd8d core: Return NO_SECKEY error code on decryption

Event Timeline

aheinlein created this task.Jul 11 2017, 10:24 AM
justus triaged this task as Normal priority.Jul 11 2017, 12:34 PM
justus edited projects, added gnupg (gpg22); removed Python.
justus added a subscriber: justus.

This is not specific to Python, and it may not even be a bug in GPGME, but in gpg. Needs some more investigation.

werner added a subscriber: werner.Jul 12 2017, 11:47 AM

@aheinlein we need to know the gnupg version you are using with GPGME.

aheinlein added a comment.Jul 12 2017, 1:31 PM

I am using Debian 9 with the packaged versions. For gnupg this is 2.1.18.

werner claimed this task.Jul 12 2017, 2:35 PM
werner added a commit: rMd37bc7e025cd: core: Return CANCELED and BAD_PASSPHRASE error code on decryption..Jul 12 2017, 6:38 PM
werner added a commit: rMad0c5ab4cd8d: core: Return NO_SECKEY error code on decryption.
werner changed the task status from Open to Testing.Jul 12 2017, 6:46 PM

Thanks. Indeed we should have better error codes. However, passing all error codes from the backend to the user is not useful.

In the mentioned commit I handled the most common error codes so that you now get

  • GPG_ERR_CANCELED
  • GPG_ERR_BAD_PASSPHRASE
  • GPG_ERR_NO_SECKEY

which handles your first two cases. For truncated or corrupt data we keep GPG_ERR_DECRYPTION_FAILED because there are too many ways a message can be broken or truncated that a single error can't explain the details.

CANCELED is an error and treated as such. If your application does not want to treat it as an error, you need to handle this yourself. Same goes for BAD_PASSPHRASE.

aheinlein added a comment.Jul 13 2017, 8:29 AM

Thank you very much for addressing this so quickly. I agree that corrupt data needs no further details here.

justus removed a project: gnupg (gpg22).Jul 17 2017, 2:27 PM
werner closed this task as Resolved.Mar 26 2018, 3:24 PM

Fix was released with GPGME 1.10.0