Gpg4win, data corruption
Open, HighPublic

Description

Hello.

I´ve installed Gpg4win 3.1.5 on a Windows 10 Home laptop. I created a directory with 10 files inside it, .pdf, .txt and .wmv. When I signed and cyphered the directory through Kleopatra menu, everything seems to go OK. I even received the integrity OK message form Kleopatra. BUT, when i reversed the process, verify and desencrypt, data on the directory is corrupted. I lost files and even the video cannot be reproduced.

The same error on 3.1.4 and 3.1.2.

Please help!

Details

Version
3.5.1
jmanuel created this task.Jan 21 2019, 5:21 PM
aheinecke triaged this task as Normal priority.Jan 22 2019, 10:20 AM
aheinecke added a subscriber: aheinecke.

Have you used a very old version (< 3 ) to create the directory? I know you said that you are currently using Gpg4win-3.1.5 but maybe you have used an older version to create the archive.
In the past we had a problem that Kleopatra would not see the errors from the archive program but that was fixed some time ago. The Archive problem had problems with non ASCII filenames but nowadays it only has problems with full unicode filenames and those errors are shown in Kleopatra.

Can you say more about "corruption" are files missing or are the file contents bad?

If you use gpg --decrypt "the archive" on the command line, does it show any output indicating problems?

On the archive you should then be able to extract the files using: gpgtar --skip-crypto --extract "the archive"

I assign this normal priority for now until we understand if it is a general bug or a specific problem.

Hello.

Have you used a very old version (< 3 ) to create the directory? I know you said that you are currently using Gpg4win-3.1.5 but maybe you have used an older version to create the archive.

The cyphered directory is a Windows 10 directory.

In the past we had a problem that Kleopatra would not see the errors from the archive program but that was fixed some time ago. The Archive problem had problems with non ASCII filenames but nowadays it only has problems with full unicode filenames and those errors are shown in Kleopatra.

An example of directory name and files inside it:

Can you say more about "corruption" are files missing or are the file contents bad?

Yes. For example, the result of the processing (cyphering and decyphering) of the same directory as above, but with errors. 7 files deleted.

In other cases, no deleted files but the video was corrupted, impossible to see it.

Even sometimes the process goes ok.

If you use gpg --decrypt "the archive" on the command line, does it show any output indicating problems?

Command line tools worked perfect for encryption and decription, BUT I used tar to make the package before encryption.

No error at command line execution.

IN Kleopara, even when my files were corrupted, no error is showed, everything seems to go ok.

I think the problem could be gpgtar.

On the archive you should then be able to extract the files using: gpgtar --skip-crypto --extract "the archive"

I didn´t probe it, I´will and let you know about the results.

I assign this normal priority for now until we understand if it is a general bug or a specific problem.

OK, thanks.

El 22 ene. 2019, a las 06:20, aheinecke (Andre Heinecke) <noreply@dev.gnupg.org> escribió:

aheinecke triaged this task as "Normal" priority.
aheinecke added a comment.

Have you used a very old version (< 3 ) to create the directory? I know you said that you are currently using Gpg4win-3.1.5 but maybe you have used an older version to create the archive.
In the past we had a problem that Kleopatra would not see the errors from the archive program but that was fixed some time ago. The Archive problem had problems with non ASCII filenames but nowadays it only has problems with full unicode filenames and those errors are shown in Kleopatra.

Can you say more about "corruption" are files missing or are the file contents bad?

If you use gpg --decrypt "the archive" on the command line, does it show any output indicating problems?

On the archive you should then be able to extract the files using: gpgtar --skip-crypto --extract "the archive"

I assign this normal priority for now until we understand if it is a general bug or a specific problem.

TASK DETAIL
https://dev.gnupg.org/T4332 https://dev.gnupg.org/T4332
EMAIL PREFERENCES
https://dev.gnupg.org/settings/panel/emailpreferences/ https://dev.gnupg.org/settings/panel/emailpreferences/
To: aheinecke
Cc: aheinecke, jmanuel, Rafixmod, ccharabaruk, gp_ast

I almost forget. If I zip the directory and the encypher the .zip file through Kleopatra, everything goes ok.

El 22 ene. 2019, a las 07:02, Juan Manuel Mosso <jmmosso@gmail.com> escribió:

Hello.

Have you used a very old version (< 3 ) to create the directory? I know you said that you are currently using Gpg4win-3.1.5 but maybe you have used an older version to create the archive.

The cyphered directory is a Windows 10 directory.

In the past we had a problem that Kleopatra would not see the errors from the archive program but that was fixed some time ago. The Archive problem had problems with non ASCII filenames but nowadays it only has problems with full unicode filenames and those errors are shown in Kleopatra.

An example of directory name and files inside it:

<Captura de pantalla 2019-01-22 a la(s) 06.48.05.png>

Can you say more about "corruption" are files missing or are the file contents bad?

Yes. For example, the result of the processing (cyphering and decyphering) of the same directory as above, but with errors. 7 files deleted.

<Captura de pantalla 2019-01-22 a la(s) 06.50.26.png>

In other cases, no deleted files but the video was corrupted, impossible to see it.

Even sometimes the process goes ok.

If you use gpg --decrypt "the archive" on the command line, does it show any output indicating problems?

Command line tools worked perfect for encryption and decription, BUT I used tar to make the package before encryption.

No error at command line execution.

IN Kleopara, even when my files were corrupted, no error is showed, everything seems to go ok.

I think the problem could be gpgtar.

On the archive you should then be able to extract the files using: gpgtar --skip-crypto --extract "the archive"

I didn´t probe it, I´will and let you know about the results.

I assign this normal priority for now until we understand if it is a general bug or a specific problem.

OK, thanks.

El 22 ene. 2019, a las 06:20, aheinecke (Andre Heinecke) <noreply@dev.gnupg.org <mailto:noreply@dev.gnupg.org>> escribió:

aheinecke triaged this task as "Normal" priority.
aheinecke added a comment.

Have you used a very old version (< 3 ) to create the directory? I know you said that you are currently using Gpg4win-3.1.5 but maybe you have used an older version to create the archive.
In the past we had a problem that Kleopatra would not see the errors from the archive program but that was fixed some time ago. The Archive problem had problems with non ASCII filenames but nowadays it only has problems with full unicode filenames and those errors are shown in Kleopatra.

Can you say more about "corruption" are files missing or are the file contents bad?

If you use gpg --decrypt "the archive" on the command line, does it show any output indicating problems?

On the archive you should then be able to extract the files using: gpgtar --skip-crypto --extract "the archive"

I assign this normal priority for now until we understand if it is a general bug or a specific problem.

TASK DETAIL
https://dev.gnupg.org/T4332 https://dev.gnupg.org/T4332
EMAIL PREFERENCES
https://dev.gnupg.org/settings/panel/emailpreferences/ https://dev.gnupg.org/settings/panel/emailpreferences/
To: aheinecke
Cc: aheinecke, jmanuel, Rafixmod, ccharabaruk, gp_ast

Hi, jmanuel, I agree with you.

I did a similar test: Encripting without signing a directory with several files with open pgp (using gpgme). It seems that it encripts ok (for the size of resulting file), but when I decript it only few files are shown. A lot are missing!

Hi jmrexach,

Can I help with something?

El 22 ene. 2019, a las 14:37, jmrexach (Josep M. Rexach) <noreply@dev.gnupg.org> escribió:

jmrexach added a comment.

Hi, jmanuel, I agree with you.

I did a similar test: Encripting without signing a directory with several files with open pgp (using gpgme). It seems that it encripts ok (for the size of resulting file), but when I decript it only few files are shown. A lot are missing!

TASK DETAIL
https://dev.gnupg.org/T4332 https://dev.gnupg.org/T4332
EMAIL PREFERENCES
https://dev.gnupg.org/settings/panel/emailpreferences/ https://dev.gnupg.org/settings/panel/emailpreferences/
To: jmrexach
Cc: jmrexach, aheinecke, jmanuel, Rafixmod, ccharabaruk, gp_ast

No, thks. It's just a test to confirm this rare behaviour. I did the same test several times with several and diferent results. But I think that a data corruption occurs sometimes when encripting a folder with several and large files. Just aconfirmation of the bug for the developpers.

Thks jmanuel.

aheinecke raised the priority of this task from Normal to High.Thu, Jan 24, 9:20 AM
aheinecke claimed this task.

Thanks for the confirmation and additional info. In that case I give this high priority as I agree with the potential for data loss.

@jmrexach you write:

I did a similar test: Encripting without signing a directory with several files with open pgp (using gpgme). It seems that it encripts ok (for the size of resulting file), but when I decript it only few files are shown. A lot are missing!

What do you mean by "using gpgme" do you mean you have used Kleopatra or some other gpgme based application?

I was able to reproduce this. I tried it three times with a very large folder and it worked fine. The fourth try though created a corrupted archive and Kleopatra did not show an error either creating or extracting this archive!

Using gpgme means selecting the folder and use secondary button of the mouse (I think that this is the name of the integration tool with the desktop, isn't it?). Also fails using Kleopatra menu.
I tried several times with the same folder and I obtained diferent results. If I zip the folder and encrypt a unique large file seems to work fine. It seems to fail in pack-encrypt phase. Decoding several times the same encrypted file gives the same wrong result. Decrypt using command line also gives a wrong result. I didn't try to encrypt-tar from command line.

I think that this is the name of the integration tool with the desktop, isn't it?

That is GpgEX ;-) No problem, I just wanted to avoid confusion on my side.

It seems to fail in pack-encrypt

I agree. The tar folder looks corrupted. I have not yet understood under which circumstances this happens.

Sorry for the mistake!
It seems related to the load of the cpu. I'm using win7 32 bit in a netbook. When cpu is heavy loaded corruption is worse. I don't know if it's really relevant, only seems!