GPG / GPGSM: Pinentry cancels lead to wrong error codes
Closed, ResolvedPublic

Description

This makes it hard for implementors to properly handle / show why a decryption failed. Especially the "No data" one from GnuPG 2.2 is bad, but the "No seckey" is also extremely bad because it can lead to error dialogs where i print. "You do not have the secret key to decrypt this message, it is decrypted to the following keys: ....." and then it shows the users keys.

To avoid that In GpgOL I have this code:

if (result.error ().isCanceled () ||
    result.error ().code () == GPG_ERR_NO_SECKEY)
  {
     msg = _("Decryption canceled or timed out.");
  }

Which of course is also wrong.

To test I created an S/MIME and OpenPGP Message and used run-decrypt from GPGME on them.

With GnuPG 2.2.x:

gpg: No data.
gpgsm: No secret key.

With GnuPG 2.3:

gpg: No secret key.
gpgsm: No secret key.

aheinecke created this task.Jun 7 2019, 9:56 AM
aheinecke closed this task as Resolved.Jul 5 2019, 9:44 AM

Works for me! :-)

Thank you very much.

I now get the results:

./run-decrypt --cms /tmp/test.p7m                
run-decrypt: decrypt failed: Operation cancelled
Original file name .: [none]
Wrong key usage ....: no
Legacy w/o MDC ... .: no
Compliance de-vs ...: no
MIME flag ..........: no
Unsupported algo ...: [none]
Session key ........: [none]
Symmetric algorithm : ?.?

And

 ./run-decrypt /tmp/test.gpg
run-decrypt: decrypt failed: Operation cancelled
Original file name .: [none]
Wrong key usage ....: no
Legacy w/o MDC ... .: no
Compliance de-vs ...: no
MIME flag ..........: no
Unsupported algo ...: [none]
Session key ........: [none]
Symmetric algorithm : ?.?
Recipient ...: 0
  status ....: No secret key
  keyid .....: E6850883703145C9
  algo ......: RSA