User Details
- User Since
- Mar 27 2017, 4:48 PM (399 w, 5 d)
- Availability
- Available
Mar 24 2015
I am sorry but I am not a gnupg developer and I can only understand what the
code effectively does, respective to what I need to know, not what that implies
to your development ideas.
I saw no handling of empty passphrases in 2.1.2. Could be because it doesn't
exist, could be because it was moved somewhere else now. I don't know what you
know about this. But I can clearly see from multiple instances that you do not
read my comments (e.g. you suggest secring.gpg which is inside ~/.gnupg which I
explicitly said to have removed two times now). Which implies that you cannot
have a clear understanding of the issue at all.
The archlinux gnupg is original with flags --enable-maintainer-mode
--enable-symcryptrun --enable-gpgtar .
The archlinux pinentry is 0.9.0 original with flags --enable-fallback-curses
--enable-pinentry-curses .
Please read my comments more carefully to understand them. Or maybe you
overlooked the title of the bug?
In order to create my ugly hack, I looked at the source code of both gnupg
versions. The issue is the following:
- GnuPG calls gpg-agent/pinentry/assuan_transact or whatever you name it.
(2.1.2 & 2.0.26)
- gpg-agent returns some kind of failure on empty passphrase (2.1.2 & 2.0.26)
- Now in 2.0.26 gnupg inserted an empty passphrase manually into the buffer,
however, in 2.1.2 it seems that it was desired to not let gnupg have access to
the passphrase at all in the binary. The new code speaks of some kind of
SPK2asdfsa incompatibility. Therefore this easy workaround for gnupgs inability
to handle keys with empty passphrases was no longer possible and developers
chose to just break it.
I really wish there was an alternative for gnupg, named pe-gnupg. Whereas "p" is
for "pragmatic" and e is for "enduser". Because those are both humongous
deficits of gnupg.
ATTENTION GOOGLERS: SUPER UGLY HACK AVAILABLE
Works better than *EVER* before if you only use keys with an empty passphrase.
- Download gnupg-2.0.26 source
- edit g10/call-agent.c
- go into function agent_get_passphrase
- comment code from line " rc = start_agent (0); " to " line[DIM(line)-1] = 0;
" (excluding that line)
- comment whole function call " rc = assuan_transact (agent_ctx, line, ..."
found directly after
- compile, use it like it should have worked in the first place
Keywords: zero string passphrase empty string passphrase empty key password
empty password gpg linux gpg-agent store passphrase empty pass save password
gpg-agent make gpg agent remember password never enter password gpg private key
password empty no password gpg-agent pinentry no password
Mar 23 2015
I downgraded the package and now sacrificed some hours of my life to test this
again. Like mentioned, I started with a new .gnupg directory hence did not need
to adjust for any changes.
- You cannot create a new key with an empty passphrase
gpg --gen-key will open a password dialogue, allow the empty key after
confirmation, then ask again for a key again after collecting random data. Also
it then crashed after I moved the mouse coursor to another screen in my
multihead setup (:0.3 to :0.4). You can however create a key when using a passphrase
- You cannot import keys with empty passphrases
The error behavior if importing the secret key that worked before is identical
as described before. Seemingly gnupg is unable to deal with empty passphrases
entirely and treats it as unsupplied passphrases.