Change Details

Using empty passphrase generated keys (from gpg2, old purring/secring format), gpg2,2,9 fails to decrypt with an error message "No secret key" on gpg1.4/2.0 keyring format even though the secret keys porting and migration were successful according to the log. Note: I tried to testing empty passphrase generated key pair in gpg2.2.9 and encryption/decryption was successful. Here are the details of the test that I did. ##this is keyring directory from gpg1.4/2.0 fubar:testingGPG2.2.9-> ls -lstra gnupg2.0 total 112 32 drwxrwxrwx. 8 geodnila newbiz 709 Oct 26 16:59 .. 32 drwxrwxrwx. 2 geodnila newbiz 58 Oct 26 16:59 . 24 -rwxrwxrwx. 1 geodnila newbiz 1160 Oct 26 16:59 pubring.gpg 24 -rwxrwxrwx. 1 geodnila newbiz 2538 Oct 26 16:59 secring.gpg ##list the keys using gpg2.2.9 executable using gnup1.4/2.0 keyring fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --list-keys gpg: WARNING: unsafe permissions on homedir 'testingGPG2.2.9/gnupg2.0' gpg: testingGPG2.2.9/gnupg2.0/trustdb.gpg: trustdb created testingGPG2.2.9/gnupg2.0/pubring.gpg '------------------------------------------------------------------ pub rsa2048 2020-01-21 [SCEA] 3D750223D5B78DB1FEA5A23714BC819B0A74ABC1 uid [ unknown] testclientdev pub rsa2048 2020-07-09 [SCEA] CD5010FB80A7F564F2A59DD6F7E2E540CBDD6AE1 uid [ unknown] testclientdev ##List the secret-keys using gpg2.2.9 executable using gnup1.4/2.0 keyring ##The secret keys were ported and migrated successfully according to the logs below ##by just listing the secret keys fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --list-secret-keys gpg: WARNING: unsafe permissions on homedir 'testingGPG2.2.9/gnupg2.0' gpg: starting migration from earlier GnuPG versions gpg: porting secret keys from 'testingGPG2.2.9/gnupg2.0/secring.gpg' to gpg-agent gpg: key 14BC819B0A74ABC1: secret key imported gpg: key F7E2E540CBDD6AE1: secret key imported gpg: migration succeeded testingGPG2.2.9/gnupg2.0/pubring.gpg '------------------------------------------------------------------ sec rsa2048 2020-01-21 [SCEA] 3D750223D5B78DB1FEA5A23714BC819B0A74ABC1 uid [ unknown] testclientdev sec rsa2048 2020-07-09 [SCEA] CD5010FB80A7F564F2A59DD6F7E2E540CBDD6AE1 uid [ unknown] testclientdev ##content of the gnupg2.0 at this point fubar:testingGPG2.2.9-> ls -lstraR gnupg2.0/ gnupg2.0/: total 264 48 -rwxrwxrwx. 1 geodnila newbiz 1160 Oct 26 16:59 pubring.gpg 48 -rwxrwxrwx. 1 geodnila newbiz 2538 Oct 26 16:59 secring.gpg 32 drwxrwxrwx. 8 geodnila newbiz 709 Oct 26 17:07 .. 48 -rwxrwxrwx. 1 geodnila newbiz 1200 Oct 26 17:15 trustdb.gpg 32 drwxrwxrwx. 2 geodnila newbiz 124 Oct 26 17:17 private-keys-v1.d 24 -rwxrwxrwx. 1 geodnila newbiz 0 Oct 26 17:17 .gpg-v21-migrated 32 drwxrwxrwx. 3 geodnila newbiz 157 Oct 26 17:17 . gnupg2.0/private-keys-v1.d: total 160 48 -rwxrwxrwx. 1 geodnila newbiz 1417 Oct 26 17:17 6F484E349157AB7F43700283F78DF8F044BA8065.key 32 drwxrwxrwx. 2 geodnila newbiz 124 Oct 26 17:17 . 48 -rwxrwxrwx. 1 geodnila newbiz 1417 Oct 26 17:17 FF293D5AAEC940977E1825F8B8305A18CF7C4D2A.key 32 drwxrwxrwx. 3 geodnila newbiz 157 Oct 26 17:17 .. ##Encrypt using the key with empty passphrase. Successful fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --no-permission-warning --no-random-seed-file --no-secmem-warning --batch --yes --always-trust --no-auto-check-trustdb -r testclientdev -o samplefile.txt.enc --encrypt samplefile.txt ##create the empty passphrase file fubar:testingGPG2.2.9-> echo >emptypassphrasefile ##Decrypt using a key with empty passphrase. Failed fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --no-secmem-warning --no-mdc-warning --no-symkey-cache --pinentry-mode loopback --batch --yes --passphrase-fd 5 -o samplefile.txt.dec --decrypt samplefile.txt.enc 5<emptypassphrasefile gpg: WARNING: unsafe permissions on homedir 'testingGPG2.2.9/gnupg2.0' gpg: encrypted with RSA key, ID 93861A50514971EC gpg: decryption failed: No secret key

Using empty passphrase generated keys (from gpg2, old purring/secring format), gpg2,2,9 fails to decrypt with an error message "No secret key" on gpg1.4/2.0 keyring format even though the secret keys porting and migration were successful according to the log. Note: I tried to testing empty passphrase generated key pair in gpg2.2.9 and encryption/decryption was successful. Here are the details of the test that I did. his is keyring directory from gpg1.4/2.0 ``` fubar:testingGPG2.2.9-> ls -lstra gnupg2.0 total 112 32 drwxrwxrwx. 8 geodnila newbiz 709 Oct 26 16:59 .. 32 drwxrwxrwx. 2 geodnila newbiz 58 Oct 26 16:59 . 24 -rwxrwxrwx. 1 geodnila newbiz 1160 Oct 26 16:59 pubring.gpg 24 -rwxrwxrwx. 1 geodnila newbiz 2538 Oct 26 16:59 secring.gpg ``` list the keys using gpg2.2.9 executable using gnup1.4/2.0 keyring ``` fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --list-keys gpg: WARNING: unsafe permissions on homedir 'testingGPG2.2.9/gnupg2.0' gpg: testingGPG2.2.9/gnupg2.0/trustdb.gpg: trustdb created testingGPG2.2.9/gnupg2.0/pubring.gpg '------------------------------------------------------------------ pub rsa2048 2020-01-21 [SCEA] 3D750223D5B78DB1FEA5A23714BC819B0A74ABC1 uid [ unknown] testclientdev pub rsa2048 2020-07-09 [SCEA] CD5010FB80A7F564F2A59DD6F7E2E540CBDD6AE1 uid [ unknown] testclientdev ``` List the secret-keys using gpg2.2.9 executable using gnup1.4/2.0 keyring The secret keys were ported and migrated successfully according to the logs below by just listing the secret keys ``` fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --list-secret-keys gpg: WARNING: unsafe permissions on homedir 'testingGPG2.2.9/gnupg2.0' gpg: starting migration from earlier GnuPG versions gpg: porting secret keys from 'testingGPG2.2.9/gnupg2.0/secring.gpg' to gpg-agent gpg: key 14BC819B0A74ABC1: secret key imported gpg: key F7E2E540CBDD6AE1: secret key imported gpg: migration succeeded testingGPG2.2.9/gnupg2.0/pubring.gpg '------------------------------------------------------------------ sec rsa2048 2020-01-21 [SCEA] 3D750223D5B78DB1FEA5A23714BC819B0A74ABC1 uid [ unknown] testclientdev sec rsa2048 2020-07-09 [SCEA] CD5010FB80A7F564F2A59DD6F7E2E540CBDD6AE1 uid [ unknown] testclientdev ``` content of the gnupg2.0 at this point ``` fubar:testingGPG2.2.9-> ls -lstraR gnupg2.0/ gnupg2.0/: total 264 48 -rwxrwxrwx. 1 geodnila newbiz 1160 Oct 26 16:59 pubring.gpg 48 -rwxrwxrwx. 1 geodnila newbiz 2538 Oct 26 16:59 secring.gpg 32 drwxrwxrwx. 8 geodnila newbiz 709 Oct 26 17:07 .. 48 -rwxrwxrwx. 1 geodnila newbiz 1200 Oct 26 17:15 trustdb.gpg 32 drwxrwxrwx. 2 geodnila newbiz 124 Oct 26 17:17 private-keys-v1.d 24 -rwxrwxrwx. 1 geodnila newbiz 0 Oct 26 17:17 .gpg-v21-migrated 32 drwxrwxrwx. 3 geodnila newbiz 157 Oct 26 17:17 . gnupg2.0/private-keys-v1.d: total 160 48 -rwxrwxrwx. 1 geodnila newbiz 1417 Oct 26 17:17 6F484E349157AB7F43700283F78DF8F044BA8065.key 32 drwxrwxrwx. 2 geodnila newbiz 124 Oct 26 17:17 . 48 -rwxrwxrwx. 1 geodnila newbiz 1417 Oct 26 17:17 FF293D5AAEC940977E1825F8B8305A18CF7C4D2A.key 32 drwxrwxrwx. 3 geodnila newbiz 157 Oct 26 17:17 .. ``` Encrypt using the key with empty passphrase. Successful ``` fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --no-permission-warning --no-random-seed-file --no-secmem-warning --batch --yes --always-trust --no-auto-check-trustdb -r testclientdev -o samplefile.txt.enc --encrypt samplefile.txt ``` create the empty passphrase file ``` fubar:testingGPG2.2.9-> echo >emptypassphrasefile ``` Decrypt using a key with empty passphrase. Failed ``` fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --no-secmem-warning --no-mdc-warning --no-symkey-cache --pinentry-mode loopback --batch --yes --passphrase-fd 5 -o samplefile.txt.dec --decrypt samplefile.txt.enc 5<emptypassphrasefile gpg: WARNING: unsafe permissions on homedir 'testingGPG2.2.9/gnupg2.0' gpg: encrypted with RSA key, ID 93861A50514971EC gpg: decryption failed: No secret key ```

Using empty passphrase generated keys (from gpg2, old purring/secring format), gpg2,2,9 fails to decrypt with an error message "No secret key" on gpg1.4/2.0 keyring format even though the secret keys porting and migration were successful according to the log. Note: I tried to testing empty passphrase generated key pair in gpg2.2.9 and encryption/decryption was successful. Here are the details of the test that I did. ##this is keyring directory from gpg1.4/2.0 ``` fubar:testingGPG2.2.9-> ls -lstra gnupg2.0 total 112 32 drwxrwxrwx. 8 geodnila newbiz 709 Oct 26 16:59 .. 32 drwxrwxrwx. 2 geodnila newbiz 58 Oct 26 16:59 . 24 -rwxrwxrwx. 1 geodnila newbiz 1160 Oct 26 16:59 pubring.gpg 24 -rwxrwxrwx. 1 geodnila newbiz 2538 Oct 26 16:59 secring.gpg ``` list the keys using gpg2.2.9 executable using gnup1.4/2.0 keyring ##list the keys using gpg2.2.9 executable using gnup1.4/2.0 keyring``` fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --list-keys gpg: WARNING: unsafe permissions on homedir 'testingGPG2.2.9/gnupg2.0' gpg: testingGPG2.2.9/gnupg2.0/trustdb.gpg: trustdb created testingGPG2.2.9/gnupg2.0/pubring.gpg '------------------------------------------------------------------ pub rsa2048 2020-01-21 [SCEA] 3D750223D5B78DB1FEA5A23714BC819B0A74ABC1 uid [ unknown] testclientdev pub rsa2048 2020-07-09 [SCEA] CD5010FB80A7F564F2A59DD6F7E2E540CBDD6AE1 uid [ unknown] testclientdev ##List the secret-keys using gpg2.2.9 executable using gnup1.4/2.0 keyring ##The``` List the secret-keys using gpg2.2.9 executable using gnup1.4/2.0 keyring The secret keys were ported and migrated successfully according to the logs below ##by just listing the secret keys ``` fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --list-secret-keys gpg: WARNING: unsafe permissions on homedir 'testingGPG2.2.9/gnupg2.0' gpg: starting migration from earlier GnuPG versions gpg: porting secret keys from 'testingGPG2.2.9/gnupg2.0/secring.gpg' to gpg-agent gpg: key 14BC819B0A74ABC1: secret key imported gpg: key F7E2E540CBDD6AE1: secret key imported gpg: migration succeeded testingGPG2.2.9/gnupg2.0/pubring.gpg '------------------------------------------------------------------ sec rsa2048 2020-01-21 [SCEA] 3D750223D5B78DB1FEA5A23714BC819B0A74ABC1 uid [ unknown] testclientdev sec rsa2048 2020-07-09 [SCEA] CD5010FB80A7F564F2A59DD6F7E2E540CBDD6AE1 uid [ unknown] testclientdev ``` ##content of the gnupg2.0 at this point ``` fubar:testingGPG2.2.9-> ls -lstraR gnupg2.0/ gnupg2.0/: total 264 48 -rwxrwxrwx. 1 geodnila newbiz 1160 Oct 26 16:59 pubring.gpg 48 -rwxrwxrwx. 1 geodnila newbiz 2538 Oct 26 16:59 secring.gpg 32 drwxrwxrwx. 8 geodnila newbiz 709 Oct 26 17:07 .. 48 -rwxrwxrwx. 1 geodnila newbiz 1200 Oct 26 17:15 trustdb.gpg 32 drwxrwxrwx. 2 geodnila newbiz 124 Oct 26 17:17 private-keys-v1.d 24 -rwxrwxrwx. 1 geodnila newbiz 0 Oct 26 17:17 .gpg-v21-migrated 32 drwxrwxrwx. 3 geodnila newbiz 157 Oct 26 17:17 . gnupg2.0/private-keys-v1.d: total 160 48 -rwxrwxrwx. 1 geodnila newbiz 1417 Oct 26 17:17 6F484E349157AB7F43700283F78DF8F044BA8065.key 32 drwxrwxrwx. 2 geodnila newbiz 124 Oct 26 17:17 . 48 -rwxrwxrwx. 1 geodnila newbiz 1417 Oct 26 17:17 FF293D5AAEC940977E1825F8B8305A18CF7C4D2A.key 32 drwxrwxrwx. 3 geodnila newbiz 157 Oct 26 17:17 .. ``` ##Encrypt using the key with empty passphrase. Successful ``` fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --no-permission-warning --no-random-seed-file --no-secmem-warning --batch --yes --always-trust --no-auto-check-trustdb -r testclientdev -o samplefile.txt.enc --encrypt samplefile.txt ##``` create the empty passphrase file ``` fubar:testingGPG2.2.9-> echo >emptypassphrasefile ##``` Decrypt using a key with empty passphrase. Failed ``` fubar:testingGPG2.2.9-> gpg2.2.9_rhel8 --homedir gnupg2.0 --no-secmem-warning --no-mdc-warning --no-symkey-cache --pinentry-mode loopback --batch --yes --passphrase-fd 5 -o samplefile.txt.dec --decrypt samplefile.txt.enc 5<emptypassphrasefile gpg: WARNING: unsafe permissions on homedir 'testingGPG2.2.9/gnupg2.0' gpg: encrypted with RSA key, ID 93861A50514971EC gpg: decryption failed: No secret key ```