PGP decryption no longer works

Discussion:

Vincent Lefevre

2018-06-25 20:39:19 UTC

It seems that a recent change has broken PGP decryption:
I now get a failure from gnupg. No issues with Mutt from
Debian/unstable.

I don't have the time for the moment to look at this more closely.

--
Vincent Lefèvre <***@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Kevin J. McCarthy

2018-06-25 21:02:33 UTC

Permalink

Post by Vincent Lefevre
I now get a failure from gnupg. No issues with Mutt from
Debian/unstable.
I don't have the time for the moment to look at this more closely.

Vincent, would you mind invoking debug '-d 2' and posting the section
starting with 'pgp_check_decryption_okay:'?

--
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA

Vincent Lefevre

2018-06-26 12:08:10 UTC

Permalink

Post by Kevin J. McCarthy

Post by Vincent Lefevre
I now get a failure from gnupg. No issues with Mutt from
Debian/unstable.
I don't have the time for the moment to look at this more closely.

Vincent, would you mind invoking debug '-d 2' and posting the section
starting with 'pgp_check_decryption_okay:'?

There's no such section, but:

[...]
[2018-06-26 08:03:54] parse_parameter: `filename' = `msg.asc'
[2018-06-26 08:03:56] mutt_pgp_command: gpg --passphrase-fd 0 --no-verbose --batch -o - /var/tmp/mutt-zira-1000-10409-1833246164453793250
[2018-06-26 08:04:02] Le déchiffrement a échoué
[2018-06-26 08:04:02] Impossible de déchiffrer le message PGP
[2018-06-26 08:04:04] Failed on attachment of type multipart/encrypted.
[2018-06-26 08:04:04] Bailing on attachment of type multipart/encrypted.
[...]

Kevin J. McCarthy

2018-06-26 16:31:23 UTC

Permalink

Post by Vincent Lefevre

Post by Kevin J. McCarthy

Post by Vincent Lefevre
I now get a failure from gnupg. No issues with Mutt from
Debian/unstable.
I don't have the time for the moment to look at this more closely.

Vincent, would you mind invoking debug '-d 2' and posting the section
starting with 'pgp_check_decryption_okay:'?

[...]
[2018-06-26 08:03:54] parse_parameter: `filename' = `msg.asc'
[2018-06-26 08:03:56] mutt_pgp_command: gpg --passphrase-fd 0
--no-verbose --batch -o -
/var/tmp/mutt-zira-1000-10409-1833246164453793250

It looks like you may have customized the $pgp_decrypt_command. Mutt
expects '--status-fd=2' to be in there so it can read the status output
from gpg.

The next stable release (1.10.1) will contain a new option,
$pgp_check_gpg_decrypt_status_fd, by default set, that scans the control
channel to check spoofed encrypted emails. See
<https://gitlab.com/muttmua/mutt/issues/39>.

If you don't want to scan, you should turn off
$pgp_check_decrypt_status_fd.

The '--no-verbose' option listed in contrib/gpg.rc is also very
important, and protects against a status-fd injection attack. This is
fixed by the most recent release of gpg2, but I recommend leaving it in.

--
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA

Vincent Lefevre

2018-06-27 03:55:16 UTC

Permalink

Post by Kevin J. McCarthy

Post by Vincent Lefevre
[...]
[2018-06-26 08:03:54] parse_parameter: `filename' = `msg.asc'
[2018-06-26 08:03:56] mutt_pgp_command: gpg --passphrase-fd 0
--no-verbose --batch -o -
/var/tmp/mutt-zira-1000-10409-1833246164453793250

It looks like you may have customized the $pgp_decrypt_command.

This is what was advised in the past. I added them 17 years ago,
in 2001, and have not modified them since.

Post by Kevin J. McCarthy
Mutt expects '--status-fd=2' to be in there so it can read the
status output from gpg.

Thanks, this solves the problem.

Eike Rathke

2018-06-26 08:14:09 UTC

Permalink

Hi Vincent,

Post by Vincent Lefevre
I now get a failure from gnupg. No issues with Mutt from
Debian/unstable.

No problem here, using most recent master with gpgme on Debian stretch.

Eike

--
OpenPGP/GnuPG encrypted mail preferred in all private communication.
GPG key 0x6A6CD5B765632D3A - 2265 D7F3 A7B0 95CC 3918 630B 6A6C D5B7 6563 2D3A
Care about Free Software, support the FSFE https://fsfe.org/support/?erack
Use LibreOffice! https://www.libreoffice.org/

Vincent Lefevre

2018-06-26 12:59:06 UTC

Permalink

Post by Eike Rathke
Hi Vincent,

Post by Vincent Lefevre
I now get a failure from gnupg. No issues with Mutt from
Debian/unstable.

No problem here, using most recent master with gpgme on Debian stretch.

I'm not using gpgme, but it appears that Debian's default config
uses it, so that may be the difference. In short, when gpgme is
not used, PGP decryption got recently broken.

Eike Rathke

2018-06-26 22:51:32 UTC

Permalink

Hi Vincent,

Post by Vincent Lefevre

Post by Eike Rathke

Post by Vincent Lefevre
I now get a failure from gnupg. No issues with Mutt from
Debian/unstable.

No problem here, using most recent master with gpgme on Debian stretch.

I'm not using gpgme, but it appears that Debian's default config
uses it, so that may be the difference. In short, when gpgme is
not used, PGP decryption got recently broken.

Still not here.. ;-)
I forced set crypt_use_gpgme=no in my muttrc and decrypt works, verified
that crypt-gpgme.c decrypt_part() is not called.

The gpg.rc pgp_decrypt_command I use is almost the same as distributed
with stretch, just the gpg command renamed to ggp2 (which I needed for
another machine) which nowadays is a symbolic link to /usr/bin/gpg
anyway.

Eike