From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/60250 Path: news.gmane.org!not-for-mail From: "Georg C. F. Greve" Newsgroups: gmane.emacs.gnus.general Subject: PGG/GPG Integration bug (somewhat nasty & urgent), potential mailcrypt concept bug Date: Tue, 03 May 2005 10:44:14 +0200 Message-ID: NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="20050503104414+0200-115323877-119314043-51917434"; micalg=pgp-sha1; protocol="application/pgp-signature" X-Trace: sea.gmane.org 1115214889 12134 80.91.229.2 (4 May 2005 13:54:49 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Wed, 4 May 2005 13:54:49 +0000 (UTC) Original-X-From: ding-owner+M8778@lists.math.uh.edu Wed May 04 15:54:46 2005 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by ciao.gmane.org with esmtp (Exim 4.43) id 1DTKJe-0003Yg-JK for ding-account@gmane.org; Wed, 04 May 2005 15:53:31 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1DTKFL-0001nE-00; Wed, 04 May 2005 08:49:03 -0500 Original-Received: from util2.math.uh.edu ([129.7.128.23]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1DSt3W-0008Qr-00 for ding@lists.math.uh.edu; Tue, 03 May 2005 03:47:02 -0500 Original-Received: from quimby.gnus.org ([80.91.224.244]) by util2.math.uh.edu with esmtp (Exim 4.30) id 1DSt3V-0003Vv-4X for ding@lists.math.uh.edu; Tue, 03 May 2005 03:47:01 -0500 Original-Received: from crosspoint.informatik.gu.se ([130.241.141.44] helo=crosspoint.fsfeurope.org) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1DSt3U-0000Zk-00 for ; Tue, 03 May 2005 10:47:00 +0200 Original-Received: from localhost (localhost [127.0.0.1]) by crosspoint.fsfeurope.org (Postfix) with ESMTP id CCB6B1C6EB for ; Tue, 3 May 2005 10:46:59 +0200 (CEST) Original-Received: from crosspoint.fsfeurope.org ([127.0.0.1]) by localhost (crosspoint.fsfeurope.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11984-13 for ; Tue, 3 May 2005 10:46:47 +0200 (CEST) Original-Received: from fusebox.gnuhh.org (c228123.adsl.hansenet.de [213.39.228.123]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "fusebox.gnuhh.org", Issuer "President" (verified OK)) by crosspoint.fsfeurope.org (Postfix) with ESMTP id 2A7141C6E9 for ; Tue, 3 May 2005 10:46:47 +0200 (CEST) Original-Received: from localhost (fusebox [127.0.0.1]) by fusebox.gnuhh.org (Postfix) with ESMTP id 7474BB7EB for ; Tue, 3 May 2005 10:46:46 +0200 (CEST) Original-Received: from fusebox.gnuhh.org ([127.0.0.1]) by localhost (fusebox.gnuhh.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12721-04 for ; Tue, 3 May 2005 10:46:42 +0200 (CEST) Original-Received: by fusebox.gnuhh.org (Postfix, from userid 10) id E3A70B2C9; Tue, 3 May 2005 10:46:41 +0200 (CEST) Original-Received: by brain.gnuhh.org (Postfix, from userid 500) id 092096B691; Tue, 3 May 2005 10:44:20 +0200 (CEST) Original-To: ding@gnus.org Organisation: Free Software Foundation Europe - GNU Project X-PGP-Fingerprint: 2D68 D553 70E5 CCF9 75F4 9CC9 6EF8 AFC2 8657 4ACA X-PGP-Affinity: will accept encrypted messages for GNU Privacy Guard X-Home-Page: http://gnuhh.org X-Accept-Language: en, de User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.4 (gnu/linux) X-Virus-Scanned: amavisd-new at gnuhh.org X-Virus-Scanned: amavisd-new at fsfeurope.org X-Spam-Score: -4.9 (----) Precedence: bulk Original-Sender: ding-owner@lists.math.uh.edu Xref: news.gmane.org gmane.emacs.gnus.general:60250 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:60250 --20050503104414+0200-115323877-119314043-51917434 Hi all, described the following problem already in mail to Daiki & bugs@, for context, this is where things break right now. For additional reason to write this mail, please see POSSIBLE CONCEPT BUG below: CONTEXT: I am experiencing a rather nasty problem with the integration of Gnus and GNUPG right now, which I hope you will be able to help me with. As you may have seen, the Free Software Foundation Europe has started a Fellowship campaign to promote digital freedom, which has its own portal site at http://www.fsfe.org. Each fellow receives an OpenPGP SmartCard personalised to his/her own name and with the option of having the keys signed by the Free Software Foundation Europe. Last Friday the first batch of SmartCards was shipped and I am currently starting to move to using the SmartCard as my default personal crypto-token. Unfortunately, this turns using Gnus into pure pain, as the caching of the passphrase does not work anymore: I need to enter it TWICE per mail sent (once to send it out, once for the archive, apparently). Receiving encrypted mails does not work, at all. Gnus asks for the passphrase first, then tries to decrypt, does not provide the pin to GnuPG and then decides that it cannot decrypt. Here is the buttonized output: ----------------------------- [GNUPG:] ENC_TO 0000000000000000 1 0 gpg: anonymous recipient; trying secret key B7DB041C ... CALLING USB_CLEAR_HALT [GNUPG:] CARDCTRL 3 D2760001240101010001000003500000 [GNUPG:] SC_OP_FAILURE gpg: anonymous recipient; trying secret key 7DF16B24 ... [GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1 gpg: ccid_transceive failed: (0x1000a) gpg: apdu_send_simple(0) failed: card I/O error [GNUPG:] SC_OP_FAILURE gpg: anonymous recipient; trying secret key 5378AB47 ... [GNUPG:] SC_OP_FAILURE gpg: anonymous recipient; trying secret key CAE4B6E9 ... Bitte entfernen Sie die Karte und legen stattdessen die Karte mit folgender Seriennummer ein: D2760001240101000001000000F80000 [GNUPG:] CARDCTRL 1 D2760001240101000001000000F80000 gpg: Sorry, we are in batchmode - can't get input gpg exited abnormally: '2' ----------------------------- For your information, the key id 7DF16B24 is the correct key that is on the card. So it should indeed submit the PIN instead of breaking off. I have to say that this is quite annoying and makes Gnus somewhat unusable right now. I see three potential fixes here: a) create clean way to turn off all pgg handling of PIN's or Passphrases, turning that part of the operation over to gpg-agent. b) fix the caching of PINs c) fix decryption of messages that are encrypted for SmartCard CONCEPT BUG: If you read the above carefully, you will find that indeed there something strange: a mail gets signed TWICE, apparently, once for sending, once for archival. This is bad for use in secure environments (SmartCards count signatures) and in fact annoying if you enter your PIN every time, which some paranoid people may feel like doing. So I wonder: Is there a striking reason to do this? If not: This seems a concept bug somewhere in the mailcrypt code... Regards, Georg -- Georg C. F. Greve Free Software Foundation Europe (http://fsfeurope.org) Join the Fellowship and protect your freedom! (http://www.fsfe.org) --20050503104414+0200-115323877-119314043-51917434 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUAQnc54Sk9sUy32wQcAQKEzAP/T/qNwqMieYvRRmky9cQTrmky1ooJRlTg VKu+Z6WNuJ4jfLZ96JHAtBy7ii9e51G76WRjq/vl1vTFbeaAbXuhNOhiq+Rrrb1x 5LIxEFqZPwx/UfJMO0v+HMYL3xJrW0k0/pLU72p9saHVgzDfHyAuQdKTaiG0JjIP xQZWZH00NOs= =dQuU -----END PGP SIGNATURE----- --20050503104414+0200-115323877-119314043-51917434--