IDEA again
Hello,
today I tried again to implement this IDEA thing with the method mentioned here:
http://gpgtools.lighthouseapp.com/projects/66001/tickets/30
I managed to do all fine. IDEA was implemneted successfully (it seemed).
But then, all keys looked as they were gone. No secret keys anymore, a strange “oops …” warning, that's all :-( The keychain was empty. But not in real, it must have to do something with the patched crypt library. After I replayed the gpg2 stuff, all went fine again. I (and it) did not touch my private keyfiles.
This all happened with:
A fresh and virgin gpgtools install with version: GnuPG/MacGPG2
v2.0.17 (Darwin).
SourceTree for the git stuff.
A su admin and sudo command to do the patching.
Mac OS 10.6.8.
Mac Pro.
Greets
B. Alabay
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Luke Le on 15 Jan, 2012 06:31 PM
Hi Balsar,
nice to see you here :)
I'm not sure if you only tried to build it yourself or if you've already tried this version:
https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.18-4+1.dmg
If not, could you try this version and let us know if it worked for you?
Hope this gets your problems sorted!
2 Posted by alabay on 15 Jan, 2012 07:02 PM
I tried to build my own libcrypt.
Your provided beta (?) seems to work very well with actual mails. With Mail.app and even Mulberry. Wow :-) But several old mails claim that my passphrase would be wrong. So is it wrong or is it a bug?! Hm
15.01.12 19:48:45 Mail[750] $$$ GPGMail: Summary 0x0800, status code 94, validity error 0 'Erfolg', errno 32870 'Inappropriate ioctl for device'
15.01.12 19:50:37 Mail[750] [DEBUG] decryptionException: (null)
15.01.12 19:50:37 Mail[750] No stack trace available.
So, I replayed local/MacGPG2 … and with my old patched 2.0.17 it works, even the old mails with revoked keys work. I don't know if these old encrypted mails are idea-relevant or not, they were gpg 1.2.3 and 1.2.4 e. g. So, not working yet with 2.0.18, it seems.
B. Alabay
Support Staff 3 Posted by Luke Le on 15 Jan, 2012 07:21 PM
Hmm...
Could you try to revert back to the version I linked to you again,
and decrypt the problematic emails using the commandline gpg2 tool?
gpg2 --decrypt
and post the output?
Thanks
4 Posted by alabay on 16 Jan, 2012 11:29 AM
I tried, and it does not work:
Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.
Benutzer: "Basar Alabay <[email blocked]>"
2048-Bit RSA Schlüssel, ID 3C59FA01, erzeugt 1999-11-05
gpg: Ungültige Passphrase; versuchen Sie es bitte noch einmal ...
It claims that the phrase is wrong.
BTW, this is the state before:
gpg (GnuPG/MacGPG2) 2.0.17
libgcrypt 1.4.6
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA
Verschlü.: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2
This after:
gpg (GnuPG/MacGPG2) 2.0.18
libgcrypt 1.5.0
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA
Verschlü.: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2
There is an interesting difference in MacGPG2/lib:
After an update one “old” file remains: libcrypt.11.6.0.dylib. After a complete delete of the folder and fresh reinstall, I still can't decrypt my own old encrypted mail. Very strange!
Now I'll revert to the 2.0.17 state again.
5 Posted by alabay on 16 Jan, 2012 11:34 AM
Addendum: The key is revoked. I don't know if this is important. Now, with my old patched version, it works:
Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.
Benutzer: "Basar Alabay <[email blocked]>"
2048-Bit RSA Schlüssel, ID 3C59FA01, erzeugt 1999-11-05
gpg: Hinweis: Schlüssel wurde widerrufen
gpg: verschlüsselt mit 2048-Bit RSA Schlüssel, ID 3C59FA01, erzeugt 1999-11-05
"Basar Alabay <[email blocked]>" […] gpg: WARNUNG: Botschaft wurde nicht integritätsgeschützt (integrity protected)
PS: I don't format here, this happens automatically.
Support Staff 6 Posted by Luke Le on 16 Jan, 2012 11:44 AM
Hi Basar,
du sprichst auch deutsch?
Änderst du mit deiner selbst gebuildeten Version auch die gpg.conf oder bleibt die immer dieselbe?
Frag mich nämlich warum die eine version die nachricht entschlüsseln sollte und die andere nicht...
Hmmm...
Könntest du beide decrypting vorgänge nochmal mit folgenden parametern durchführen:
gpg2 --decrypt --status-fd 1
damit bekommen wir noch mehr auskunft was vorgeht.
Danke!
7 Posted by alabay on 16 Jan, 2012 12:08 PM
Hallo Lukas,
bei Bedarf kann ich auch gerne deutsch sprechen :-)
Hier die Ergebnisse:
Alt:
[GNUPG:] ENC_TO E8250F256B2FD4C1 1 0 [GNUPG:] ENC_TO 1506B17E3C59FA01 1 0 [GNUPG:] USERID_HINT 1506B17E3C59FA01 Basar Alabay <[email blocked]> [GNUPG:] NEED_PASSPHRASE 1506B17E3C59FA01 1506B17E3C59FA01 1 0
Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.
Benutzer: "Basar Alabay <[email blocked]>"
2048-Bit RSA Schlüssel, ID 3C59FA01, erzeugt 1999-11-05
[GNUPG:] GOOD_PASSPHRASE gpg: Hinweis: Schlüssel wurde widerrufen
gpg: verschlüsselt mit 2048-Bit RSA Schlüssel, ID 6B2FD4C1, erzeugt 2001-10-21
"[zensiert] [email blocked]" [GNUPG:] NO_SECKEY E8250F256B2FD4C1 gpg: verschlüsselt mit 2048-Bit RSA Schlüssel, ID 3C59FA01, erzeugt 1999-11-05
"Basar Alabay <[email blocked]>" [GNUPG:] BEGIN_DECRYPTION [GNUPG:] PLAINTEXT 74 2080374784 1810102+%2025 [GNUPG:] PLAINTEXT_LENGTH 476 []…[GNUPG:] DECRYPTION_OKAY gpg: WARNUNG: Botschaft wurde nicht integritätsgeschützt (integrity protected)
[GNUPG:] END_DECRYPTION
Neu:
[GNUPG:] ENC_TO E8250F256B2FD4C1 1 0 [GNUPG:] ENC_TO 1506B17E3C59FA01 1 0 [GNUPG:] USERID_HINT 1506B17E3C59FA01 Basar Alabay <[email blocked]> [GNUPG:] NEED_PASSPHRASE 1506B17E3C59FA01 1506B17E3C59FA01 1 0
Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.
Benutzer: "Basar Alabay <[email blocked]>"
2048-Bit RSA Schlüssel, ID 3C59FA01, erzeugt 1999-11-05
[GNUPG:] BAD_PASSPHRASE 1506B17E3C59FA01 gpg: Ungültige Passphrase; versuchen Sie es bitte noch einmal ...
[GNUPG:] USERID_HINT 1506B17E3C59FA01 Basar Alabay <[email blocked]> [GNUPG:] NEED_PASSPHRASE 1506B17E3C59FA01 1506B17E3C59FA01 1 0
Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.
Benutzer: "Basar Alabay <[email blocked]>"
2048-Bit RSA Schlüssel, ID 3C59FA01, erzeugt 1999-11-05
[GNUPG:] BAD_PASSPHRASE 1506B17E3C59FA01 gpg: Ungültige Passphrase; versuchen Sie es bitte noch einmal ...
[GNUPG:] USERID_HINT 1506B17E3C59FA01 Basar Alabay <[email blocked]> [GNUPG:] NEED_PASSPHRASE 1506B17E3C59FA01 1506B17E3C59FA01 1 0
Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.
Benutzer: "Basar Alabay <[email blocked]>"
2048-Bit RSA Schlüssel, ID 3C59FA01, erzeugt 1999-11-05
[GNUPG:] BAD_PASSPHRASE 1506B17E3C59FA01 gpg: verschlüsselt mit 2048-Bit RSA Schlüssel, ID 3C59FA01, erzeugt 1999-11-05
"Basar Alabay <[email blocked]>" gpg: Entschlüsselung mit Public-Key-Verfahren fehlgeschlagen: Bad passphrase
[GNUPG:] ERROR pkdecrypt_failed 11 gpg: verschlüsselt mit 2048-Bit RSA Schlüssel, ID 6B2FD4C1, erzeugt 2001-10-21
"[zensiert] [email blocked]" [GNUPG:] NO_SECKEY E8250F256B2FD4C1 [GNUPG:] BEGIN_DECRYPTION [GNUPG:] DECRYPTION_FAILED gpg: Entschlüsselung fehlgeschlagen: No secret key
[GNUPG:] END_DECRYPTION
Die pinentry-mac kommt, ich gebe die Phrase ein, sie wird als ungültig abgelehnt. Die gpg.conf bleibt, was soll ich denn an der ändern? Moment, ich schau sie mir mal kurz an … nein, die ist, wie sie ist.
Support Staff 8 Posted by Luke Le on 16 Jan, 2012 12:13 PM
Das liegt wirklich lediglich an pinentry wies ausschaut, bzw. die art und weise wie das password übergeben wird wahrsch.
Ich schau mir mal die unterschiede zwischen .17 und .18 an und geb dir bescheid.
Btw. könntest du schauen ob du in der Konsole noch was zu pinentry findest?
Vielen Dank!
9 Posted by alabay on 16 Jan, 2012 12:16 PM
Nur, daß es aktualisiert wurde und ein Zugriff sind protokolliert, sonst finde ich nichts.
16.01.12 12:18:29 Installationsprogramm[3039] Aktualisieren: "pinentry-mac"
16.01.12 12:19:27 GPG Keychain Access[3447] GPG_PATH: /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
10 Posted by Alex on 29 Jan, 2012 09:08 AM
There is now a ticket for that. Have you opened this one? http://gpgtools.lighthouseapp.com/projects/66001/tickets/82
11 Posted by alabay on 29 Jan, 2012 10:18 AM
No, that's not from me, but it's exactly mine/our problem. Lukas stated that he thinks that this problem is pinentry-relevant.
Is there further development in this problem?
>
12 Posted by Alex on 28 Feb, 2012 08:12 PM
No further update here. But we'll update the ticket when someone works on it.
Alex closed this discussion on 28 Feb, 2012 08:12 PM.
Steve closed this discussion on 02 Sep, 2012 10:04 PM.