search

isislovecruft / python-gnupg

A modified version of python-gnupg, including security patches, extensive documentation, and extra features.
Other
426 stars 171 forks source link

Stacktrace of decryption attempt, with repro. #258

Open sharon-indegy opened 5 years ago

sharon-indegy commented 5 years ago

Hi first let me thank you for this brilliant library.

Repro: import gnupg

gpg = gnupg.GPG(homedir="my .gnupg") decrypt = gpg.decrypt("valid msg omitted, works with 'gpg -d' ")

print decrypt.ok print decrypt.data

I get: Exception in thread Thread-2: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner self.run() File "/usr/lib/python2.7/threading.py", line 754, in run self.target(*self.args, **self.__kwargs) File "/home/sharon/.local/lib/python2.7/site-packages/gnupg/_meta.py", line 650, in _read_response result._handle_status(keyword, value) File "/home/sharon/.local/lib/python2.7/site-packages/gnupg/_parsers.py", line 1757, in _handle_status super(Crypt, self)._handle_status(key, value) File "/home/sharon/.local/lib/python2.7/site-packages/gnupg/_parsers.py", line 1656, in _handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: u'DECRYPTION_KEY'

False the-decrypted-str-just-fine

I think it's a small matter of adding DECRYPTION_KEY to the 'pass' section of the relevant handler. But will take me some time to verify so letting you know right away.

Also, possible that I have an old version compared to this repo, used pip install on debian testing.

Please let me know if more info or testing by me is needed. Great work!

sharon-indegy commented 5 years ago

Just saw in your blog how much pain these GnuPG flags cause, I'm sorry to have raised yet another one of those.

a-daniel-king commented 9 months ago

First, I'd like to echo, "Hi first let me thank you for this brilliant library."

Second, the bug is a little noisy, but nothing is actually broken.

On WSL2/Debian, latest pip download available as of today ... Requirement already satisfied: gnupg in ./venv/lib/python3.11/site-packages (from -r requirements.txt (line 1)) (2.3.1)

Reading ... which I think relates ... https://gnupg.readthedocs.io/en/latest/ "New in version 0.4.2: The keyid and username of the signing key are stored in the key_id and username attributes of the result, if this information is provided by gpg (which should happen if you specify extra_args=['--verbose'])."

And ... https://github.com/gpg/gnupg/blob/master/doc/DETAILS "DECRYPTION_KEY This line is emitted when a public key decryption succeeded in providing a session key. is the hexified fingerprint of the actual key used for decryption. is the fingerprint of the primary key. is the letter with the ownertrust; this is in general a ‘u’ which stands for ultimately trusted."

I'm currently working around with ...

$ diff _parsers.py.orig _parsers.py 1654a1655,1656

    elif key == 'DECRYPTION_KEY':
        pass