FS#44220 - [gnupg] regression --passphrase-file ignored in gnupg 2.1.2

Attached to Project: Arch Linux
Opened by Reno Reckling (exi) - Tuesday, 17 March 2015, 10:00 GMT
Last edited by Gaetan Bisson (vesath) - Thursday, 07 May 2015, 16:36 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Gaetan Bisson (vesath)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

When trying to decrypt a file for a specific key and the passphrase present in a file, gpg still asks for a passphrase via pinentry and reuses to accept the file.
strace suggests that the file is actually read but the content is ignored.
Using a non-existent passphrase-file will give an "File not found" error.
Typing in the passphrase by hand still works.

Using --batch --passphrase-file works in gpg (GnuPG) 1.4.16 on ubuntu.

Additional info:
* core/gnupg 2.1.2-1


Steps to reproduce:
$ gpg --homedir . --gen-key
gpg: WARNING: unsafe permissions on homedir './'
gpg (GnuPG) 2.1.2; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Note: Use "gpg2 --full-gen-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: tester
Email address: test@test.com
You selected this USER-ID:
"tester <test@test.com>"

###generate key with passphrase "123" ###

$ echo "123" > passphrase
$ echo "myfile" > file
$ gpg --homedir . --recipient test@test.com --output file.gpg --encrypt file
$ gpg --homedir . --batch --passphrase-file passphrase --output file-2 file.gpg
###Asks for the passphrase despite the --batch mode###
gpg: encrypted with 2048-bit RSA key, ID 88B483A6, created 2015-03-17
"tester <test@test.com>"
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key
This task depends upon

Closed by  Gaetan Bisson (vesath)
Thursday, 07 May 2015, 16:36 GMT
Reason for closing:  Not a bug
Additional comments about closing:  See upstream report.
Comment by Gaetan Bisson (vesath) - Wednesday, 18 March 2015, 02:30 GMT
That seems like an issue in upstream GnuPG.
Could you report it to them? http://bugs.g10code.com/
Thanks.
Comment by Reno Reckling (exi) - Wednesday, 18 March 2015, 07:50 GMT
Will do!
Comment by Reno Reckling (exi) - Wednesday, 18 March 2015, 09:00 GMT
upstream bug: https://bugs.g10code.com/gnupg/issue1928
Comment by Reno Reckling (exi) - Thursday, 07 May 2015, 08:24 GMT
@Gaetan Bisson:
Upstream says that this should work with '--batch --pinentry-mode=loopback --passphrase-file <file>' but the loopback pinentry mode is not available in the arch gpg build.

'gpg: setting pinentry mode 'loopback' failed: Not supported'

Could this be enabled in the gpg build?
Comment by Reno Reckling (exi) - Thursday, 07 May 2015, 08:52 GMT
I just realized that this is an inconsistency in gnupg, the arch version works as intended but the "intended behavior" is very weird.
Solution is described in the upstream bug.
Comment by Gaetan Bisson (vesath) - Thursday, 07 May 2015, 16:35 GMT
Thanks for investigating!

Loading...