Bug in GnuPG
Joe Vender
jvender at owensboro.net
Tue Jan 10 19:48:34 CET 2006
On 1/10/06 at 3:50 PM Werner Koch wrote:
>> C:\GnuPG>gpg --status-fd 1 test2.txt
>> [GNUPG:] ENC_TO 0000000000000000 16 0
>> gpg: anonymous recipient; trying secret key 25A8679F ...
>> [GNUPG:] USERID_HINT 60867A9925A8679F Joe Vender
><jvender-at-owensboro.net>
>> [GNUPG:] NEED_PASSPHRASE 60867A9925A8679F 60867A9925A8679F 16 0
>> [GNUPG:] GOOD_PASSPHRASE
>
>This means that the passphrase for the key 60867A9925A8679F was good
>but does not say anything on whether this secret key was able to
>decrypt the message.
My point is that the secret key that its asking the passphrase for
should be able to decrypt the message, since it's the same secret key as
the one for the last, non-anonymous prompt. The message WAS encrypted
to this secret key. Its the only secret key on my ring for this test. So,
why doesn't it decrypt the message after the first anonymous prompt?
>
>> [GNUPG:] ENC_TO 0000000000000000 16 0
>> gpg: anonymous recipient; trying secret key 25A8679F ...
>
>Well, the message has not been encrypted to your key. Now gpg
>continues with the second hidden recipient
>
Yes, the message was encrypted to my key. If it's not going to actually
use my passphrase to try to decrypt the message, why ask for it?
>> [GNUPG:] USERID_HINT 60867A9925A8679F Joe Vender
><jvender-at-owensboro.net>
>> [GNUPG:] NEED_PASSPHRASE 60867A9925A8679F 60867A9925A8679F 16 0
>> [GNUPG:] GOOD_PASSPHRASE
>> [GNUPG:] ENC_TO 60867A9925A8679F 16 0
>
>Same result as above.
Same question as above.
>
>> [GNUPG:] USERID_HINT 60867A9925A8679F Joe Vender
><jvender-at-owensboro.net>
>> [GNUPG:] NEED_PASSPHRASE 60867A9925A8679F 70BD436E23F3119B 16 0
>
>> You need a passphrase to unlock the secret key for
>> user: "Joe Vender <jvender-at-owensboro.net>"
>> 4096-bit ELG-E key, ID 25A8679F, created 2005-12-14 (main key ID
>23F3119B)
>
>The third (non-hidden) recipient matches your key.
Then why, if instead of encrypting to myself non-anonymously, I encrypt to myself
anonymously along with the other anonymous recipients, I only get the anonymous
passphrase prompt once, and upon successful passphrase entry it goes through the
"anonymous recipient: trying secret key [my_secret_keyid]" as many times as there
are recipients without asking for it again, and decrypts the message?
>
>> Apparently, when status-fd 1 is sent during decryption as above, it will
>> give multiple anonymous prompts even if your passphrase is entered
>> correctly, the number of prompts equal to the number of anonymous
>
>Right, there is no passphrase caching.
>
>> entered correctly or not. That is, UNLESS THE DECRYPTION COMMAND LINE
>> INCLUDES --status-fd in which case it gives a prompt for each recipient
>> encrypted to.
>
>That is so that frontends are able to show more information about the
>messages.
>
>
I don't understand. If the message was encrypted to my key, and the anonymous prompt states that its checking my key, then why doesn't it decrypt the message after I enter the passphrase correctly?
More information about the Gnupg-devel
mailing list