Opened https://dev.gnupg.org/T5631 for the pinentry-curses issue.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Oct 1 2021
do you want me to open a separate bug report for the pinentry issue and reference this bug report?
You did all the work to locate the bug, gniibe! Nice job identifying it so quickly.
Thank you for locating the bug for (1).
Sep 30 2021
Hello again Werner,
You're definitely on the correct track: setting 's2k-count 29176832' in my gpg-agent.conf fixed the gpg-agent hang. Now the decrypt I was trying earlier works. Also, 'gpg-agent' is no longer accumulating CPU time, and I can kill it off with gpgconf.
s2k-count matters when you import the key.
When I run the gpg-connect-agent, it starts the agent and then hangs without responding with the time:
My current keypair is old, but it's stored on my workstation's disk and appears to have been correctly imported into the private-keys-v1.d/ store. I do still have my 'secring.gpg' too, in case I ever need it for an older GPG.
It seems that there are some problems: https://bugs.python.org/issue35455
After the passphrase has been entered and gpg hangs, gpg-agent starts to accumulate CPU time at a rapid rate, as displayed by 'ps -ef'.
gpg-agent doesn't disappear from the process list after entering the passphrase; in fact it can't be killed with anything but 'kill -9'. 'gpgconf --kill gpg-agent' cannot kill it, the gpg-conf command just hangs when trying to.
Yes, xterm as a terminal type is correctly supported on OpenIndiana. I have been using it for many years, for both command-line and curses-based programs. It works well.
With the options that Werner recommended for debugging in my ~/.gnupg/gpg-agent.conf:
I think that the first problem is related to T5577: Null ptr dereference in gpg-agent (gnupg 2.3.2).
If gpg-agent has gone (after entering passphrase, it must be SEGV.
Let us try to solve problems, one by one.
Hi gniibe!
BTW, when pinentry interaction doesn't work well, use of --pinentry-mode loopback option for gpg may help you.
It seems for me that there are multiple problems.
For pinentry-curses, please have a look at: T4771: pinentry-tty/pinentry-curses interact a user as background process
It only works well in some situations; It doesn't work when the screen is occupied by foreground program like Emacs and Midnight Commander.
Thank you for reporting.
Fixed in master.
Sep 29 2021
Hi, was there any update on this? I found the following bug [0] in libgcrypt, which we solved [1] with using poll ages ago.
Requires a new option or command.
Looks like this should be handled in the Enigmail tracker, if being handled at all.
Hi @Lambd0x, with Thunderbird having migrated to a different main OpenPGP implementation and Enigmail not supporting old thunderbirds version anymore (in two days https://www.enigmail.net/index.php/en/home/news/71-2021-08-31-end-of-support-for-thunderbird) and new GnuPG versions over the last three years. Do you still have problems?
In my understanding, it should be possible to wait for the gpg command pipe from a different process and then terminate the connection on a timeout, kllling the process eventually. So the Enigmail side could implement something. These days I'm not sure what Enigmail uses for OpenPGP support. Thunderbird has moved on to a different implementation and Enigmail stops supporting Thunderbird 68 in two days https://www.enigmail.net/index.php/en/home/news/71-2021-08-31-end-of-support-for-thunderbird
Enigmail's support for Thunderbird 68 ends in two days:
https://www.enigmail.net/index.php/en/home/news/71-2021-08-31-end-of-support-for-thunderbird
@rupor-github no problem! :)
@werner I think @Rombobeorn suggests something like
Sorry, I can't read all your comments about this. The percent escaping is correct and required. If you want to use the output in a script you can get it without percent escaping by using for example
Hello again Werner,
Thanks for the guidance, Werner!
Use of version 5 format for Ed448/X448 was pushed by rG86cb04a23d2b: gpg: Ed448 and X448 are only for v5 (for subkey)..
OK, effect avoided. Only dued to a big sequence of '-' characters that this bug reporting system interpreted as special control code characters for making font bigger.
As I anticipated here's screenshot I also saved.
P.S. Just in case you might wonder why I tried to execute 'man' not existing command is because I also incorrectly tried to run it 2 days ago when after I tested some GnuPG commands in a CMD window, and again same window self-closed with no error messages or any dump creation and again I'm sure at that time I didn't run 'mode con' before those GnuPG commands (I'm unsure which ones but they probably some were the same I also already reported here). Please also note that making 'Stato del dispositivo CON:' so big was unintended and very likely just an effect of cut & paste I did, so now I'll try to see if I can avoid that effect.
Hello again Werner,
As the bug I located is a simple fix, I think it can be also applied to 2.2.
Ok, but the problem is that by default CMD command windows do not use any Unicode set of characters, and their default font is 'Raster characters' and the typical display of characters inside these windows, at least for Italian people because this was the default since MS-DOS age, is to only consider using MS-DOS ASCII codepage 850, not Unicode.
And this is also why before showing the error message I ran the command mode.
Anyway because of the 2 characters getting displayed instead of single expected 'è' (whose character code is 0x82) I can also tell you that by using Charmap.exe again (just in case you may not know it allows display of any Unicode or Raster font characters and their hexadecimal codes) and so switching its default font from System (Unicode) to 8514oem (raster, corresponding to 8514oem.fon) I've been able to determine which should be the 2 wrong displayed characters hexadecimal codes : 'Ã' (0xC3), and '¨' (0xA8) but here obviously both characters cannot be represented correctly because this site is using 'Segoe UI' font, which is Unicode too.
So the only main way to check that I identified the correct characters will be if you (or someone else you know) with another Windows client run Charmap.exe switch font to 8514oem (raster) and check that displayed characters corresponding to 0xC3 and 0xA8 are the same that got displayed in the error message bitmap I provided (a part from probably being able to find where in Italian messages localization rather then in source code those 2 characters have been used incorrectly).
P.S. Because in a past similar bug about Italian localization I saw a comment from you about this kind of option, please just let me know in case you think I might possibly be able to help you to review involved 'GPG' Italian error message(s) for this bug.
Hello Werner,
Well, as I've said in the comment above, there doesn't seem to be any correction towarads --passphrase-fd not requiring --pinentry-mode loopback (still works withou)... and --no-default-keyring still gives the impression that it would be needed (while --no-keyring works as well).
Sep 28 2021
Please don't, if you really feel like tha tis not resolved please re-open this ticket.
That pretty much looks like the other errors you have with Unicode characters - which we can't replicate.
This is all build from the same source. We could fix that but I'll give that a lo priority. Thanks for reporting.
That's correct - The output needs to be percent escaped.
P.S. Also note that my Gpg4win 3.1.16 installation status is still last T5593 described one.
Here's the file I anticipated (this time uploading worked... :-D ) (my Gpg4win 3.1.16 installation status is still T5593 described one).
@werner shall I open a new ticket for the remaining stuff?
@bernhard thank you for explaining, did not mean to offend anybody. Before creating win-gpg-agent I tried to read as much as I could on a history and obviously had to study source a bit. Be it as it may - I decided to have separate wrapper, rather then contributing directly to gpg code base. There is noticable number of use cases on Windows which presently not addressed, some I believe are sitting it the queue already.
@rupor-github thanks for your explanations and the contribution to the GnuPG and crypto Free Software code base!
Since Windows user naively could expect multiple methods of accessing certificates from different programs (or sometimes from the same program but different supported environments, like Git4Win and git in WSL) to work together transparently, win-gpg-agent covers translation of one accidentally supported method (32 bit putty shared memory) to multiple unsupported ones (named pipe, cygwin, etc). It also takes care of managing gpg-agent.exe lifetime tying it to user login session for convenience. It uses command line parameters to only to overwrite staff critical to its functionality and does not prevent user from having configuration file(s). Optionally it provides pinentry which is integrated with Windows native Crypto Vault and UX rather than using wonderful QT or GTK. As specified in documentation when developers of gpg and WIndows will get their act together and figure out what they want and how they want it - most of functionality would not be needed. I would like to point out that simply claiming superiority and not supporting cygwin (Git4Win) or working Assuan ssh socket or putty shared memory in 64 bits Windows build does not help with user experience a single bit.
Thanks. This fixes the invalid packet errors when using --list-packets or when trying to decrypt the file without secret key.
Just to be sure. please provide the output of
Bug in creating such a blob is fixed in rG08a3a4db27dc: kbx: A 20 byte fingerprint is right filled in version 2 blob..
Lots of detailed documentation but frankly, after a brief read I have not yet figured out what it really does. We won't support Cygwin stuff - this is all obsolete and awe also removed starting gpg-agent as a service for good reasons. Instead of starting gpg-agent with lot of command line args it would be better to put this into a per user or system wide config file.
Works if one puts
rootdir = $APPDIR/usr
in the gpgconf.ctl file.
There is a user report that got things to work with https://github.com/rupor-github/win-gpg-agent
on https://wald.intevation.org/forum/forum.php?thread_id=2359&forum_id=21&group_id=11
Fixed in rGcc6152b802f2: gpg: Skip the packet when not used for AEAD., but I put wrong bug-id in the commit message.
I was wrong to fix this issue; It is specifically the issue of PKT_ENCRYPTED_AEAD packet. And we already have code to skip the data part by free_encrypted. The problem is that free_encrypted is *not* called when it was PKT_ENCRYPTED_AEAD.