GpgEX/Verify: signature with non-standard file name causes misleading error message
Open, NormalPublic

Description

When trying to verify the signature of a binary (Windows 7, GpgEX Shell Extension > "Prüfen"), I was confronted with a strange error message (I suspect the "\r" is an attempt to create a line break?):

Fehlermeldung der GnuPG Benutzerschnittstelle:\r Input/output error

It cost my quite some time to find out what caused this error message: The signature's file name was not identical with the file to be verified.

To take the screenshot, I modified a valid signature's file name by replacing an underscore with a minus sign, and you will agree that such a small difference is hard to spot.

While you can argue that this is a synthetic case (because signatures are machine-generated and thus comply with naming rules), it can really happen that a user (me, for exeample...) downloads an x64 binary from a website and accidentally chooses the x86 signature file download for verification.
In this case, the error message is not helpful and even misleading.

I propose you change the error message to be more specific (that is, if you can really distinguish between "file not existent" and "no access rights"?), for example:

Input/output error: 'C:\temp\download.exe' does not exist

Note: when enriching the error message with the expected file name, please take care that the full path is readable within the small message window!

References: T3518, T3658 and T3992

Details

Version
GpgEX 1.0.6 (64 bit) (as part of Gpg4win 3.1.5)
TeeLittle updated the task description. (Show Details)
TeeLittle updated the task description. (Show Details)Jan 30 2019, 5:28 PM
aheinecke triaged this task as Normal priority.
aheinecke added a subscriber: aheinecke.

I'll try to reproduce it.

GpgEX should not show any error. Instead Kleopatra should handle the error and e.g. ask for the filename of the file to be verified.

"Input/Output" error mostly sounds like a bug in the interprocess communication between GpgEX and Kleopatra.