Page MenuHome GnuPG
Create Task
Maniphest T517

GPG Agent mangles passphrases
Closed, ResolvedPublic
Actions

Description

Release: 1.9.16

Environment

Pentium III, Fedora Core 4, Linux 2.6.12-1.1398_FC4, GlibC 2.3.5-10, LibGcrypt 1.2.1-1, GnuPG 1.4.1-3, GnuPG 1.9.16-4.fc4, GPG Agent 1.9.16, Pinentry 0.7.1-4, Pinentry-QT 0.7.1-4, locale sv_SE with character encoding ISO 8859-1

Description

Passphrases entered to GPG Agent through Pinentry get transcoded to UTF-8. Passphrases entered to GPG in a terminal, without using the agent, do not. The result is that if a passphrase with non-ASCII characters has been set on a key without using the agent, then that key can't be used with the agent. The user is told that he entered the wrong passphrase. (Conversely, if the passphrase is set through GPG Agent, then the key can't be used without the agent.)

Neither GPG 1.4 nor GPG 1.9 transcodes the passphrase.

Always using the same encoding for passphrases is a good idea, because otherwise changing the workstation's locale would make keys unusable, but the way it's done now the result is just that GPG Agent mangles passphrases so that it can't be used with existing keys. Instead of solving an incompatibility, a new incompatibility is introduced, causing confusing problems for users.

How To Repeat

· Use a locale with an 8-bit character encoding, for example one of the ISO encodings.
· gpg --no-use-agent --gen-key
· Use "encoding_test" for name and "lösen" for passphrase.
· gpg --use-agent --local-user encoding_test --sign some_file
· The Pinentry dialog box appears, but the passphrase isn't accepted.

Fix

When generating new keys, transcode the passphrase to UTF-8 regardless of how it is entered. When signing or decrypting, try to use the passphrase both in UTF-8 and in the locale's encoding. If neither is right, ask the user to try again. In key management interfaces, notify the user if the passphrase isn't in UTF-8, and offer to convert it. Document in the manual that keys might not be compatible with older versions of GPG.

Alternatively, give GPG an option for whether to transcode the passphrase or a command for converting existing keys. When a passphrase is rejected, display the text "NOTE: If your passphrase isn't accepted, it may be because older versions of GPG encoded passphrases differently. To convert it to the new standard encoding, ..."

Event Timeline

persson added projects: gnupg, Bug Report.Aug 7 2005, 3:18 AM
werner added a subscriber: werner.Oct 2 2006, 5:38 PM

This is an often reported problem. However we don't have any practical solution
for it. Traditional we don't do anything with passphrases except for
considering a LF the end of the passphrase. Adding any kind of fix today will
likely introduce more problems than it solves. The hope is that in future
everyone uses utf-8 and thus solving the problem.

There should be an FAQ entry of course.

werner closed this task as Resolved.Oct 2 2006, 5:38 PM
werner added projects: FAQ, Won't Fix.
werner lowered the priority of this task from Unbreak Now! to Normal.Dec 10 2008, 3:48 PM
werner removed a project: Bug Report.
werner added a project: Feature Request.