Noticed while testing for 3.1.20 Kleopatra no longer shows an error if you enter a wrong passphrase for pkcs#12. It only shows 0 imported. Somehow the error is lost. This is with GnuPG 2.2.33
But the errors from PKCS#12 import were never really nice as kleopatra showed things like "BER Error" and so on instead of a helpful text that the passphrase might have been wrong. So improving this while checking for the missing error would be nice.
| rG GnuPG | |||
| rG94092793f6a2 sm: Fix reporting of bad passphrase error | |||
| rGa47b3a408734 sm: Fix reporting of bad passphrase error | |||
| rKLEOPATRA Kleopatra | |||
| rKLEOPATRAf95f92e5b7f1 Do not treat canceled imports as failed | |||
| rM GPGME | |||
| rM300776f39165 cpp: Check fpr of import status for NULL | |||
| rM82f43455e941 qt: Detect an import error caused by a wrong password | |||
| rM305d8668ca72 core: Detect bad passphrase error on certificate import | |||
| rMf99451e20fd2 qt,tests: Add test runner for testing the import job | |||
I've uploaded my testcerts to: https://heinecke.or.at/div/testzertifikate.tar.gz.gpg
You can test for example with berta-enc
The correct passphrase for all the certificates in this folder is "test"
With Kleopatra 3.1.20.220370+git20211216T120053~68b4545e (22.03.70) using GnuPG 2.3.4-beta24 and Libgcrypt 1.9.4-beta152 I get the error message Invalid object when I import only berta-enc.p12 and enter a wrong password. I'll have to check with GnuPG 2.2.33.
gpgsm 2.3.4 sends the result:
S ERROR import.parsep12 11 S IMPORT_RES 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ERR 50331713 Invalid object <GpgSM>
As I understand it after the p12 decryption the output is just tried to be imported. With the wrong passphrase this is just garbage and can lead to different errors.
I think Kleopatra needs to handle any error when importing an S/MIME secret key as "Most likely bad passphrase" error.
Because, as a user, what do you do if you see "invalid object" you think that something is wrong with your data instead of trying to type the passphrase again.
Actually, the "11" at the end of the "ERROR" status line means "bad passphrase". But I think gpgme ignores this status line.
(q)gpgme now tries to detect a failed import caused by a bad passphrase and emits a bad passphrase error in this case. Kleopatra then shows a "Bad passphrase" error instead of an "Invalid object" error.
Automatically retrying the import, so that the user can retry entering the correct passphrase isn't trivial.
I still cannot reproduce the original issue that no error is shown if a wrong password is entered on import. @aheinecke, can you reproduce this issue?
Mh, this has not changed anything for me. With GnuPG 2.3.8-beta32 i get either Invalid Object or no error at all. With this certificate
and password "0" i always get "Invalid Object" (also with other passwords)Since nothing changed for me I double checked that I had the current GPGME and I have it.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME kleopatra 125709 aheinecke mem REG 254,1 29076512 20193342 libqgpgme.so.15.1.0 (main) aheinecke@hopper ~/d/m/lib> ls -al libqgpgme.so lrwxrwxrwx 1 aheinecke aheinecke 19 Sep 9 15:59 libqgpgme.so -> libqgpgme.so.15.1.0