GPGServices seems broken

Paul Brady's Avatar

Paul Brady

20 Mar, 2015 02:53 AM

Hi,
I have GPGServices (1.10b6 - 5e667ad) build 785n and when I try to decrypt a file, it asks me for my PGP key password and it fails every time. I then deleted my key from the Apple Keychain and tried again and it still fails 3 times but then apparently automatically takes whatever should have been deleted from my keychain and decrypts the file.

I have no problem encrypting files, however.

  1. 1 Posted by Paul Brady on 21 Mar, 2015 04:20 PM

    Paul Brady's Avatar

    Turns out that I can't save my key at all to my mac keyring which means I have to input a password every time I read or try to send an encrypted email. Not fun. And since it seems to not like my password for decryption, I get errors every time I do this - whereas I get no error encrypting an email. Just an fyi to support.

  2. Support Staff 2 Posted by Steve on 21 Mar, 2015 04:29 PM

    Steve's Avatar

    Hi Paul,

    I'm not quite sure I fully understand the problem yet. Encryption will always work as long as you have a public key for the recipient in question. That is all that's needed for encryption.

    Can you try to sign any file. Does that work? Signing will also ask for your passphrase since it is done with the secret key and passphrase.

    What you write sounds like you maybe don't remember the passphrase correctly. Let's see how that signing experiment goes.

    Also please open OS X keychain and search for gnupg. Do any entires show up? If yes, how many?

    If you double click one of those entries you can also show the passphrase. I suggest making a note of all passphrases you find there and then opening GPGPreferences.

    Hit the button to "remove all passphrases".

    You write you deleted your key. Well in that case decryption will never work. If you open GPG Keychain, how many entries with type sec/pub do you see?

    Let's go from there.

    Kindly,
    steve

  3. 3 Posted by Paul Brady Gmai... on 22 Mar, 2015 12:56 PM

    Paul Brady Gmail's Avatar

    Hi Steve,

    I think I might have figure out the weird behavior.

    I had the option for ‘Auto retrieve keys for verification’ checked.

    When I uncheck this, I no longer get prompted multiple times to enter a key passphrase. Not sure if a problem still exists with this functionality, but at least I was able to figure out a workaround.

    Two quick questions:

    Mailvelope on Chrome and Firefox do not seem to work with my public/private keypair generated from gpgtools. It only seems to work with keys generated by mailvelope.

    Is there a known problem here?

    Also, I can’t find ‘gpgsplit’. It used to be available in MacGPG but is no longer available in MacGPG2. Can I still get this program?

    Best,
    Paul

  4. Support Staff 4 Posted by Steve on 22 Mar, 2015 11:34 PM

    Steve's Avatar

    Hi Paul,

    your first mail did not fully make it here. It's best to use your browser for your replies.

    "auto retrieve keys for verification" is not related to any passphrase promts. "Auto-retrieve keys" means that MacGPG2 will automatically check for a public key if you are trying to verify signed content. Example: Let's say you receive a signed mail (signed using the sec key of the author of that message in connection with his passphrase), in order to verify that signature you do need the public key matching that exact sec key. So that setting will trigger a search on the key servers and if a public key is found, verify the signature.

    So as you see it's unrelated to any passphrase queries on your side.

    Not sure about Mailvelope. I'd have to test that. What errors are you running into and what steps are you taking? Did you contact their support? There might be an easy solution...

    About gpgsplit: We have a ticket for this problem. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll receive a notification. Feel free to open a new discussions should you run into further problems or need assistance.

    We've removed it, so MacGPG2 is less bloated, but are planning on re-adding it.

    Kindly,
    steve

  5. 5 Posted by Paul Brady on 23 Mar, 2015 12:20 PM

    Paul Brady's Avatar

    Steve,

    My sincere apologies for the mail snafu. I'll do rest of discussion from browser.

    Not sure why, but when I disabled the 'auto retrieve keys' option, I stopped getting errors. It may be a coincidence.

    As for mailvelope, I figured out the issue. My keys are really old and for some reason, not compatible with mailvelope. I generated a new keypair and revoked the old one (long overdue) and now mailvelope works perfectly along with GPGTools. So now I can encrypt mail from a browser using mailvelope addon for chrome or firefox or on my mac with GPGTools all using the keys generated by GPGTools. :)

    As for GPGSPLIT, thanks for the update. Maybe you can answer my dilemma a different way. I was using this great procedure here:

    https://alexcabal.com/creating-the-perfect-gpg-keypair/

    to create a laptop keypair vs a master keypair. They recommend you use gpgsplit to help accomplish this. But, I'm guessing the is possible using GPGTools from the GUI (instead of command line). Is that true? I just wasn't sure about it. The procedure goes through a lot on the command line side and often you can do more on the command line than you can in the GUI of many products.

    What are your thoughts? Could I create a 'master keypair' vs a 'laptop keypair' using this procedure and GPGTools?

    Best,
    Paul

  6. Support Staff 6 Posted by Steve on 23 Mar, 2015 12:29 PM

    Steve's Avatar

    Hi Paul,

    thanks for the feedback and investigating this further. Just now I looked at your old key (3AA2 37FF 8ED7 3634 4858 64E8 2813 83FA FB12 54DD) and 1024bit keys are no longer considered secure so creating a new key was absolutely the right choice.

    I have not found no new key for [email blocked] on the key servers (yet?). So you might want to consider uploading it if you have not done so.

    If you are still on OS X 10.10.1 as you wrote in your email, I strongly recommend updating to OS X 10.10.2 and installing all the new security updates from apple. There's been some busy weeks for the security department at apple.

    I have an appointment now, so I will have to get back to you about the remaining key setup question.

  7. 7 Posted by Paul Brady on 23 Mar, 2015 12:37 PM

    Paul Brady's Avatar

    Hi Steve,

    My key is uploaded (I did that immediately and revoked the old one). The key is listed as "Paul Brady Gmail". The associated email is [email blocked] and I use my gmail address as as an additional user id so that I can receive and encrypt email to that address - but I don't want people to search by my email. (spammers sometimes hit the other email account which is why I use that as my primary mail address for this key.

    Also, I misspoke earlier. I am on Mac OS X v10.10.2 now. :)

    thanks and I look forward to hearing from you more when you get a chance to check that link's info out.

    Best regards,
    Paul

    ps. I LOVE your product. Thank you so much for your efforts and your team's efforts!!!

  8. 8 Posted by laertes on 25 Mar, 2015 09:38 PM

    laertes's Avatar

    Just installed Beta 6, and decryption no longer works: instead of producing the plaintext file with the original name (minus the .gpg), a file called "S" is produced. It appears to resemble the plaintext file, but the change in filename is suspicious, and clearly wrong.

    This is the first problem I've had using GPG over a few years.

  9. Support Staff 9 Posted by Steve on 28 Mar, 2015 05:06 PM

    Steve's Avatar

    laertes: please don't highjack other discussion. Let's discuss your problem in the discussion you've created to keep things lean and clean.

    Paul: gpg split has been re-integrated. If you want to test the fix, please download our latest nightly GPG Suite. That page also has sig and SHA1 to verify the download.

    As for key question: I'm not sure I understand the comment #7. All UserIDs you add to your key and upload to the keyservers can be connected to one identity and are searchable by email or name. In your case that means both mail addresses currently in your Key do show and can be found when searched for.

    I still have to find the time to go through that article in details. But that question might be a good one to be asked at the gnupg users mailling list here:
    http://lists.gnupg.org/mailman/listinfo/gnupg-users

    All the best,
    steve

  10. 10 Posted by laertes on 28 Mar, 2015 09:00 PM

    laertes's Avatar

    Steve,

    I believe the response below was intended for someone else.

    Steve wrote:

  11. Steve closed this discussion on 04 May, 2015 09:19 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac