yadm icon indicating copy to clipboard operation
yadm copied to clipboard

Published 20 hours ago verified publisher icon TheLocehiliosan

yadm encrypt between different gpg versions

Open jacktose opened this issue 3 years ago • 3 comments

This question is about

  • [ ] Installation
  • [ ] Initializing / Cloning
  • [ ] Alternate files
  • [ ] Jinja templates
  • [x] Encryption
  • [ ] Bootstrap
  • [ ] Hooks
  • [ ] Other

Describe your question

I'm running yadm on various machines (as one does), with rather old and rather new versions of gpg. If I yadm encrypt with the old one, it defaults to the CAST5 algorithm w/o MDC, and if I yadm decrypt with the new one, it refuses to decrypt because of the missing MDC.

Here's an example (with some less-relevant output omitted):

yadm encrypt with older gpg: 
old-host $ gpg --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
...
Supported algorithms:
Pubkey: RSA, ?, ?, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

old-host $ yadm encrypt
old-host $ yadm commit -a
old-host $ yadm push

old-host $ yadm decrypt
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
.ssh/id_rsa
...
All files decrypted.
yadm decrypt with newer gpg: 
new-host $ gpg --version
gpg (GnuPG) 2.2.19
libgcrypt 1.8.5
...
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

new-host $ yadm pull

new-host $ yadm decrypt
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
gpg: Hint: If this message was created before the year 2003 it is
     likely that this message is legitimate.  This is because back
     then integrity protection was not widely used.
gpg: Use the option '--ignore-mdc-error' to decrypt anyway.
gpg: decryption forced to fail!
.ssh/id_rsa
...
All files decrypted.

How can I make these machines interoperate? Here are some possibilities I've considered, but I know barely enough about encryption & gpg to be dangerous, so I'd be grateful for some advice:

  1. Build a newer gpg on the old host. I'd really rather not.
  2. yadm.cipher=openssl. I'd rather stay as close as possible to defaults. And I'm curious about making this work with gpg.
  3. I can't pass switches to gpg when yadm runs it, but if gpg still consults .gnupg/gpg.conf, I could set force-mdc, personal-cipher-preferences AES256, or cipher-algo AES256 on the old host, and probably make an encrypted file that the new version would accept. But I don't know what landmines I might be stepping on for all other uses of gpg.
  4. Or I could set ignore-mdc-error on the new host. Seems less secure.
  5. Could yadm run gpg with one of the above options, to make it automatically more interoperable (and secure)?
  6. Something smarter?

Thanks for any advice!

jacktose avatar Apr 19 '21 22:04 jacktose

Update: --ignore-mdc-error works, but doesn't appear to work. It doesn't change the output at all:

new-host ~ $ yadm --version
yadm 3.1.1

new-host ~ $ gpg --version
gpg (GnuPG) 2.2.19
...

new-host ~ $ yadm decrypt --ignore-mdc-error
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
gpg: Hint: If this message was created before the year 2003 it is
     likely that this message is legitimate.  This is because back
     then integrity protection was not widely used.
gpg: Use the option '--ignore-mdc-error' to decrypt anyway.
gpg: decryption forced to fail!
.ssh/id_rsa
...
All files decrypted.

new-host ~ $ ls .ssh/id_rsa
.ssh/id_rsa

I would still love any advice for this. I can take a crack at a patch, if there's a way to improve this within yadm.

jacktose avatar Nov 08 '21 21:11 jacktose

@jacktose - The --ignore-mdc-error option you specify after yadm decrypt is ignored. The only option yadm decrypt recognizes is -l (to list files).

I'm not sure of a great way to handle this situation (and others like it) other than to modify the yadm "encrypt" and "decrypt" commands to accept some custom switches for the encryption software itself (both gpg & openssl).

yadm already uses the arrays GPG_OPTS & OPENSSL_OPTS internally for encryption (and encryption in the case of openssl). Perhaps these commands could accept additional options, which are placed after the standard ones used.

TheLocehiliosan avatar Nov 29 '21 19:11 TheLocehiliosan

This issue has been labeled as stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days.

github-actions[bot] avatar Jan 29 '22 02:01 github-actions[bot]