GPGServices: Encrypt and Sign appears to succeded with wrong PIN

Tim's Avatar

Tim

09 Jan, 2017 12:50 AM

It is possible for an "encrypt and sign" operation to fail without the user being notified, producing an encrypted but unsigned file. I can reproduce this by providing the wrong PIN to a smart card, it probably also applies to signing keys with passphrase.

Steps to reproduce:
1. Select a file to encrypt using the Finder services menu
2. Sign and encrypt the file to yourself
3. Enter the wrong PIN for the signing key

There is a dialog saying that the encryption was successful.
An encrypted but unsigned file is created.

Expected
There is a dialog saying that the signing failed.
There is no dialog indicating any kind of success.
There is no file created.

macOS           10.12.2     16C67
GPG Suite       2016.12b1   26b 
GPGMail         2.7b1       1179b
GPG Keychain    1.3.3b1     1249b
GPGServices     1.11        916 
MacGPG2         2.0.30      884 
GPGPreferences  2.0.2b1     908b
Libmacgpg       0.7         775 
pinentry        0.9.7       4
  1. Support Staff 1 Posted by Steve on 22 Feb, 2017 04:37 PM

    Steve's Avatar

    Hey Tim,

    thanks for your report.

    We have a ticket for this problem. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll stay in the loop and get notified as soon as we have news. Feel free to open a new discussions should you run into further problems or need assistance.

    All the best,
    steve

  2. Steve closed this discussion on 04 May, 2017 02:49 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac