When decrypting a symmetric file kleopatra only says "decryption failed" only in the details / audit log a user can see that it was because "wrong session key" which is a complicated error.
We should catch this and say "Wrong Password" as the error. So "decryption failed: Wrong Password". Or something like that.
To reproduce: Encrypt a file with password. Kill gpg-agent. Decrypt it and enter a wrong password.
| rM GPGME | |||
| rMe21c3b559dfb core: Return BAD_PASSPHRASE error code on symmetric decryption. | |||
| rM512f11b458d8 qt: Rely on the bad passphrase error reported by gpg | |||
| rMd8e5871dca94 qt: Report better error if decryption failed because of bad passphrase | |||
| rM321c8a0254f4 cpp: Allow changing the error of a result | |||
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | • aheinecke | T5939 Kleopatra: Better error for wrong password in symmetric decryption | ||
| Resolved | • ikloecker | T5943 gpg: Report details about failed symmetric decrypt with ERROR status |
The error
gpg: decryption failed: Bad session key
is only logged if the sanity check "algo given in decrypted session key is a valid OpenPGP algo" passes even though a wrong password was given (which happens with a chance of 11:256). If the sanity check detects a bad algo then gpg logs
gpg: decryption of the symmetrically encrypted session key failed: Checksum error
If AEAD is used, then other logging will happen.
I have added the check for a possibly wrong symmetric password to QGpgMEDecryptVerifyJob because it relies on logging messages emitted by gpg which are not part of gpg's status API.
You should not use log messages because they are subject to change and they are translated. Let us return an ERROR status instead.
Yeah. I should have done this. I have created T5943: gpg: Report details about failed symmetric decrypt with ERROR status for adding/returning some ERROR status.