ruby-gpgme icon indicating copy to clipboard operation
ruby-gpgme copied to clipboard
verified publisher icon ueno

GPGME::Error::BadPassphrase when using decrypt without pinentry dialog box

Open JimEvansIntox opened this issue 10 years ago • 3 comments

Steps to reproduce: Run bundle exec rails c Run the following crypto = GPGME::Crypto.new :armor=>true decrypted_object = crypto.decrypt(encrypted_data, :password => my_password) The Pinentry Mac dialog box appears as expected Copy my password from my_password and paste into dialog box. Text is decrypted as expected. Exit the rails console. Open up ~/.gnupg/gpg-agent.conf and add pinentry-program /usr/bin/pinentry-curses to avoid having that dialog box come up Save and close Run echo RELOADAGENT | gpg-connect-agent to load the change Run bundle exec rails c run the following (same as above) crypto = GPGME::Crypto.new :armor=>true decrypted_object = crypto.decrypt(encrypted_data, :password => my_password) Now I get the error: GPGME::Error::BadPassphrase: GPGME::Error::BadPassphrase from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/ctx.rb:398:in decrypt_verify' from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/crypto.rb:172:inblock in decrypt' from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/ctx.rb:71:in new' from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/crypto.rb:170:indecrypt'

Research indicates I'm using an incompatible version of gnupg, i.e. 2.0., however: gpg --version gives: gpg (GnuPG) 1.4.19 Home: ~/.gnupg and gpg2 --version gives: gpg (GnuPG) 2.1.4 libgcrypt 1.6.3 Home: ~/.gnupg

And finally, GPGME::Engine.info gives:

GPGME::EngineInfo:0x007fe4b8e8d2e0 @protocol=0, @file_name="/usr/local/bin/gpg2", @version="2.1.4", @req_version="1.4.0",

GPGME::EngineInfo:0x007fe4b8e8d218 @protocol=1, @file_name="/usr/local/bin/gpgsm", @version="2.1.4", @req_version="2.0.4",

GPGME::EngineInfo:0x007fe4b8e8d178 @protocol=2, @file_name="/usr/local/bin/gpgconf", @version="2.1.4", @req_version="2.0.4",

GPGME::EngineInfo:0x007fe4b8e8d0d8 @protocol=3, @file_name="/Users/jevans/.gnupg/S.gpg-agent", @version="1.0", @req_version="1.0", @home_dir="!GPG_AGENT",

GPGME::EngineInfo:0x007fe4b8e8d010 @protocol=6, @file_name="/nonexistent", @version="1.0", @req_version="1.0"

Other info: Mac 10.10.3 Installed GPG Tools - GPG Suite Beta 6 (gnupg 2.0.27) Installed gpg2 via make Installed gpg 1.4 via brew

Soo.....Any guidance on how to use the passphrase via the script rather than via the dialog box?

JimEvansIntox avatar Jun 04 '15 13:06 JimEvansIntox

does pinentry-curses work if you run gpg2 from the command line? anyway, if you are using GnuPG 2.1, you can try loopback pinentry:

$ echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf

in your program:

plain = crypto.decrypt(cipher, {
                         :pinentry_mode => GPGME::PINENTRY_MODE_LOOPBACK,
                         :password => 'test'
                       })

ueno avatar Jun 05 '15 01:06 ueno

Thank you for the quick response. I made the modifications you suggested and had there same issue. At that point I drank too much coffee, uninstalled gpg and gpg2 and just installed gpg 1.4 and used 2.0.4 of the gem. I then got an engine error and fixed that by creating a symlink from /bin/local/gpg to /bin/local/gpg2

And then it worked! The script I¹m working on is going to be in production for a short time so this works for me. Thanks again. Jim Evans Intoximeters 2081 Craig Road | St. Louis, MO 63146 | (314) 429-4000 x207 | http://www.intox.com http://www.intox.com/

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, immediately contact the sender by reply e-mail and destroy all copies of the original message.

From: Daiki Ueno [email protected] Reply-To: ueno/ruby-gpgme <reply+00aa6294013ee8b011cefc83ea753d591e0e9e93c798680292cf000000011188bad59 [email protected]> Date: Thursday, June 4, 2015 at 8:18 PM To: ueno/ruby-gpgme [email protected] Cc: Jim Evans [email protected] Subject: Re: [ruby-gpgme] GPGME::Error::BadPassphrase when using decrypt without pinentry dialog box (#64)

does pinentry-curses work if you run gpg2 from the command line? anyway, if you are using GnuPG 2.1, you can try loopback pinentry:

$ echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf in your program:

plain = crypto.decrypt(cipher, { :pinentry_mode => GPGME::PINENTRY_MODE_LOOPBACK, :password => 'test' }) ‹ Reply to this email directly or view it on GitHub https://github.com/ueno/ruby-gpgme/issues/64#issuecomment-109112965 .

JimEvansIntox avatar Jun 05 '15 19:06 JimEvansIntox

There is a way to prevent the pinentry completely if using gpg.exe 1.4.
The reason it uses the pinentry is because gpg4win is installed else where and when your copy of gpgme executes it finds gpgconf.exe and then uses the stupid pinentry instead of the callback. If you find gpgconf.exe and delete it that will prevent pinentry agent from executing. If you use gpg2.exe AKA the modern version this won't work.

tcaduto avatar Mar 20 '16 14:03 tcaduto