Ubuntu
pinentry-qt4 package

[intrepid] Wrong passphrase message when correct one is entered - due to protocol incompatibility between pinentry-qt4 and gpg-agent

Bug #281487 reported by Ralph Janke
10
Affects Status Importance Assigned to Milestone
pinentry-qt4 (Ubuntu)
Fix Released
Low
Rich Johnson

Bug Description

Binary package hint: enigmail

I installed intrepid from scratch on a different partition and copied the .gnupg folder into the new user for intrepid. When I use enigmail (within thunderbird) in intrepid, I get the following error message

OpenPGP Security Info

Error - secret key needed to decrypt message

gpg command line and output:
/usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 -d --use-agent
gpg: NOTE: old default options file `/home/raj-intrepid/.gnupg/options' ignored
gpg: problem with the agent - disabling agent use
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: encrypted with 2048-bit ELG-E key, ID XXXXXXXX, created 2006-11-30
      "XXXXXXXXXXXXXXXXXXX <cXXXXXXXXX@XXXXXXXXXXXXXX>"
gpg: encrypted with 2048-bit ELG-E key, ID XXXXXXXX, created 2007-11-09
      "XXXXXXXXXXX <XXXXXXXXX@XXXXXXXXXXXXXX>"
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available

(e-mail addresses and key IDs are redacted)

I do enter the correct passphrase. I have tried the same in hardy and everything works still fine.

The difference to Bug #268951 is that I get a window to enter the passphrase and I am able to enter the correct one. Still I get the same result.

WORKAROUND:

use "sudo update-alternatives --config pinentry" and choose pinentry-qt instead of pinentry-qt4

See original description
Revision history for this message
Ralph Janke (txwikinger) wrote :

The problem is in the communication between the gpg-agent and the pinentry program as the following debug output shows:

2008-10-10 23:29:50 gpg-agent[10699] starting a new PIN Entry
2008-10-10 23:29:50 gpg-agent[10699] DBG: connection to PIN entry established
2008-10-10 23:29:50 gpg-agent[10699] You may want to update to a newer pinentry
2008-10-10 23:29:55 gpg-agent[10699] command get_passphrase failed: Invalid IPC response
gpg-agent[10699.6] DBG: -> ERR 67109124 Invalid IPC response <GPG Agent>
gpg-agent[10699.6] DBG: <- BYE
gpg-agent[10699.6] DBG: -> OK closing connection
2008-10-10 23:29:55 gpg-agent[10699] handler 0x82d99f8 for fd 6 terminated

Revision history for this message
Ralph Janke (txwikinger) wrote :

Changing the package to pinentry-qt4 since the problem does not occur with pinentry-qt

pinentry-qt:
  Installed: 0.7.5-2ubuntu1
  Candidate: 0.7.5-2ubuntu1
  Version table:
 *** 0.7.5-2ubuntu1 0
        500 http://archive.ubuntu.com intrepid/main Packages
        100 /var/lib/dpkg/status

pinentry-qt4:
  Installed: 0.7.3+svn799201-1ubuntu1
  Candidate: 0.7.3+svn799201-1ubuntu1
  Version table:
 *** 0.7.3+svn799201-1ubuntu1 0
        500 http://archive.ubuntu.com intrepid/main Packages
        100 /var/lib/dpkg/status

Changed in pinentry-qt4:
importance: Undecided → Medium
Revision history for this message
Ralph Janke (txwikinger) wrote :

Setting Importance to low since there is an easy workaround

description: updated
Changed in pinentry-qt4:
importance: Medium → Low
Revision history for this message
Ralph Janke (txwikinger) wrote :

Also affects KMail.

Revision history for this message
Ralph Janke (txwikinger) wrote :

I think the long-term suggestion is to get the qt4 front end in integrated into the common pinentry package (originally form gnu, I believe). This guarantees that all protocol changes between gpg-agent and pinentry-qt4 are always rolled in automatically.

Revision history for this message
Ralph Janke (txwikinger) wrote :

Attached gpg.conf

Revision history for this message
Ralph Janke (txwikinger) wrote :

attached gpg-agent-info-oulp-intrepid

Revision history for this message
Ralph Janke (txwikinger) wrote :

attached options

Revision history for this message
Julian Edwards (julian-edwards) wrote :

Confirming, this just bit me.

Since this is the default config for out-the-box Intrepid, this should either be higher priority, or change the shipped config.

Changed in pinentry-qt4:
status: New → Confirmed
Revision history for this message
Kurt Huwig (k-huwig) wrote :

I second Julian. I did a fresh Kubuntu Interpid installation and my KMail did not decrypt any more.

Revision history for this message
Kurt Huwig (k-huwig) wrote :

Bug #262748 and Bug #262959 seem to be related.

Revision history for this message
Rich Johnson (nixternal) wrote :

I have uploaded a test package to my PPA if you could please test it with enigmail and thunderbird. I just had a successful test with KMail. Thanks!

https://edge.launchpad.net/~nixternal/+archive

^^ Keep an eye out there for the build. It should only be an hour or so depending on how busy the servers are. It is a really quick build.

Changed in pinentry-qt4:
assignee: nobody → nixternal
status: Confirmed → In Progress
Revision history for this message
Rich Johnson (nixternal) wrote :

http://ppa.launchpad.net/nixternal/ubuntu/pool/main/p/pinentry-qt4/

OK, deb's are there for i386 and amd64. lpia should be there shortly. Thanks for testing!

Rich Johnson (nixternal)
Changed in pinentry-qt4:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.