Page MenuHome GnuPG

gpg complains about invalid passphrase
Closed, ResolvedPublic

Description

I'm running the latest version of gnupg from gpg4win package 1.0.6. Decrypting
by means of WinPT or gpg no longer works. A message is displayed that an invalid
passphrase has been entered.
I installed a previous version of gpg (1.4.2-1) from CygWin package and
decryption works fine with the very same keyrings and passphrase.

Event Timeline

Never mix a Cygwin version of gpg with the regular one. gpg takes the
passphrase as-is. If an outer layer (e.g. Cygwin or WinPT) does some conversion
to the passphrase the same passphrase won't work on anther system

werner lowered the priority of this task from Unbreak Now! to Normal.Sep 25 2006, 10:54 AM

I had no other idea how to narrow down the problem. Decryption used to work with
WinPT. Because it no longer worked as of version 1.0 I tried to decrypt directly
calling gpg that came along with gpg4win (which didn't work either). So I tried
to use an older version of gpg in order to proof if the keyrings are ok and working.
I had no copy of gpg version 1.4.4. As far as I remember it worked up to and
including gpg 1.4.4. Cygwin's gpg proved that the keyring's and the passphrase
are working.
Hence I concluded that it must be a problem of gpg 1.4.5

I'd check if it works with gpg 1.4.4. But I couldn't find any location for a
download. gpg4win just keeps the lastest binaries as well as gnupg's web site.

I tried to descrypt with different versions of gpg. But all failed. The only one
working is 1.4.2.1 from the cygwin package. Then I reinstalled version 1.4.5
from gpg4win 1.0.6 package. Typing in the passphrase constantly fails, but when
the passphrase is stored in an environment variable and piped into gpg (called
with --passphrase-fd 0) then decryption works fine. My passphrase contains some
special characters of the iso88591 characterset for security reasons. But this
should not make any difference. But I suspect it's a matter of charactersets
when reading the passphrase. I suppose it's not being read from stdin (fd 0)...

There is now an index page at http://ftp.gpg4win.org/ you may use to get any
older version.

Using Virtual PC I installed a fresh Windows XP Professional version including
SP2 and gpg4win 1.0.6. I can only confirm the behaviour mentioned before:

  • Encryption of clipboard (WinPT) works fine
  • Decryption of clipboard (WinPT) fails
  • Decryption with gpg (1.4.5 gpg4win package) command line (cmd.exe) fails
  • Decryption with gpg (1.4.5 gpg4win package) command line (cmd.exe) with

--passphrase-fd 0 (don't know how to get it working: neither pipe nor typing in
works)

  • Decryption with gpg (1.4.5 gpg4win package) command line (CygWin) fails
  • Decryption with gpg (1.4.5 gpg4win package) command line (CygWin) with

--passphrase-fd 0 option succeeds.

Any idea hint is appreciated.

It seems to be a charset problem. I installed WinPT 1.0.0-pre0 and modified the
passphrase replacing international characters with correspondig characters of
the 7 bit character codes: e.g. replacing ä by a. Using these characters only
decryption works with the very same keyrings.
Hence I'd suggest to
a) display the default characterset along with --version option
b) provide an option to display the charcter set being used
c) clarify the scope of the character set (reading stdin, file, passphrase, etc...)

I don't understand why - e.g. in the very same CygWin session - decryption
doesn't work when entering the passphrase when prompted in contrast to pipe the
very same password into gpg.

werner added a project: Too Old.

We are anyway going for GnuPG-2 on Windows. With the gpg-agent framework, there
is no more need for application specific passphrase entries. Thus I close this
bug and wait until it gets a new life in Pinentry ;-).