jamessan / vim-gnupg

This script implements transparent editing of gpg encrypted files.
724 stars 72 forks source link

Not decrypting after upgrade to GnuPG 2.3.4 #121

Open KenKundert opened 2 years ago

KenKundert commented 2 years ago

I just upgraded to Fedora35, which presumably upgrades both Vim and GnuPG, but I believe the issue is with GnuPG. Now when I try to open an encrypted file with vim, vim -v, or gvim, the content of the encrypted file is not decrypted. If I turn on debugging, I see:

GnuPG: >>>>>>>> Entering gnupg#decrypt(1)
GnuPG: command: gpg2 --use-agent --verbose --decrypt --list-only --dry-run --no-use-agent --logger-fd 1 '/tmp/test.gpg' 2>/dev/null
GnuPG: rc: 0
GnuPG: output:
GnuPG: this file is not encrypted

Upgrading vim-gnupg to the most recent version in GitHub does not help.

If I run that same gpg command from a shell I see:

$ gpg2 --use-agent --verbose --decrypt --list-only --dry-run --no-use-agent --logger-fd 1 '/tmp/test.gpg'
gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect

Notice that the expected output is missing. There is just the warning. Eliminating the --no-use-agent option gets rid of the warning, but the expected output is still missing.

I am at a loss at this point. I played around with the command line options some, but cannot figure out how to get gpg2 to generate the expected output.

I would appreciate any insight or help you can offer.

Oh, and thanks for writing and supporting this plugin. I find it use it all the time and love it.

jamessan commented 2 years ago

Thanks for the report. I'll have to test it out and see what's going on.

jamessan commented 2 years ago

Did some bisecting and the problem started with gnupg commit ce2f71760155b71a71418fe145a557c99bd52290.

Before that commit, the output looks like:

gpg: public key is 0xA1F9838CBD46A1A8
gpg: using subkey 0xA1F9838CBD46A1A8 instead of primary key 0xDFE691AE331BA3DB
gpg: encrypted with 4096-bit RSA key, ID 0xA1F9838CBD46A1A8, created 2011-12-05
      "James McCoy (Debian) <jamessan@debian.org>"

but after it's just:

gpg: public key is 0xA1F9838CBD46A1A8
jamessan commented 2 years ago

Actually, your initial report said you weren't getting any output other than the warning? What if you run gpg2 --verbose --decrypt --list-only /tmp/test.gpg, @KenKundert?

KenKundert commented 2 years ago

Yes, I looked at the source for vim-gnupg and determined the exact gpg command it ran, and then I ran it myself, both on my recently updated Fedora 35 machine, and a Fedora 34 machine. If I remember correctly, the command I ran was very similar to the one you suggested. I seem to recall adding --dry-run, but other than that I think it was the same. On Fedora 35 there was nothing; on Fedora 34 it produced the expected output. I then tried adding a second --verbose. Then gpg did produce output, but not the output that was needed.

I use vim-gnupg on a daily basis, so I needed a work-around. I found that using "gpg --list-packets" got me what I need to support asymmetric encryption, and then I hacked vim-gnupg to make it work, but its ugly.

This feel like a mistake in gpg. It seems like they did not provide a standard way to determine the important parameters for an encrypted file that are needed when re-encrypting, and so you used what you could find. Then they made an innocent change that broke your code. I figured it would be best if you worked with the gpg folks directly to get them to officially support an interface that provides the interface you need.

KenKundert commented 2 years ago

One more thing. The behavior I am seeing is a little different from what you are seeing. When I run gpg2 --verbose --decrypt --list-only /tmp/test.gpg I get no output at all in my terminal. That is probably because I have a log file set in my gpg.conf file. I do see the public key line in my logfile.

If I remove the log-file setting from my gpg.conf file I get the following:

gpg: Note: RFC4880bis features are enabled.
gpg: public key is 0x96AC5259C5B06098
jamessan commented 2 years ago

That is probably because I have a log file set in my gpg.conf file. I do see the public key line in my logfile.

This is the relevant information. :) All I need is the public key is ... line. With that, the plugin should work fine as far as detecting whether the file is encrypted.

jamessan commented 2 years ago

I've opened https://dev.gnupg.org/T5849.

KenKundert commented 2 years ago

A simple work around and an eventual solution. Excellent. Thanks!

wakatara commented 2 years ago


I wanted to say I am not able to decrypt either with gpg (GnuPG) 2.3.4 libgcrypt 1.10.1 I just installed vim-gnupg from the github 30 min ago so pretty sure it is up to date.

and nevom 0.61, but I do not have log on in my gpg.conf, so I am not so sure the problem is the one characterized. My conf simply has a default key set and


and that's all, so there is definitely something else going on since no log file is called.

Realize there may be bit of work to get this fixed, but is there anything I could do to help? (I am not a vimscripter but can do some lua), but really want this working as I am looking to port this for certain files to work with telekasten and need the transparency.

Still impressed this called pinentry on my mac when it did go to decrypt though! So, very happy someone is working on this and maintaining it. Thank you! 😀

wakatara commented 2 years ago

Apologies on my comment above, I should have searched the other open issues.

As I'm using neovim, the issue is with that support in that ticket since I just tried out the plugin on vim and it works fine. Sorry for not hitting the right ticket.

I'll add my voice to the chorus asking for you to pretty please update the plugin for us noevim users who need the encryption.. =]

jamessan commented 2 years ago

As I'm using neovim, the issue is with that support in that ticket since I just tried out the plugin on vim and it works fine.

If you're using pinentry-tty, then the same issue can happen with Vim. If you use a pinentry frontend that doesn't try to use the same tty as nvim (e.g., a graphical pinentry), then it should work fine with nvim.

I'll add my voice to the chorus asking for you to pretty please update the plugin for us noevim users who need the encryption.. =]

Neovim is my daily editor, so I feel the pain too. The issue is finding the time to implement the necessary changes.

szaffarano commented 1 year ago

Hi @jamessan and @KenKundert Thanks for the tip; after removing the logging option in my gpg.conf file fixed the issue :)