Provide feedback on files with MDC protection

[mortoray]

The plugin is unable to decrypt files in Ubuntu 18.04. It just get a Message could not be decrypted! (Press ENTER) error in vim. The same setup worked fine in Ubuntu 16.04.

I noticed that I have to use the Qt pinentry program now for gpg to work at all -- the TTY entry does not work anymore. It may be a defect that's appear in the GPG too, but I don't know how to test that.

[jamessan]

What version of the plugin are you using?

Are you using nvim or vim, and which version?

[mortoray]

I had problems, so I updated to the newest version from the repository here and tried again. (Last Change: 2018 Aug 06)

I'm using: VIM - Vi IMproved 8.0 (2016 Sep 12, compiled Apr 10 2018 21:31:58) gpg (GnuPG) 2.2.4 pinentry-qt (pinentry) 1.1.0 Linux gnome-MS-7A94 4.15.0-33-generic #36-Ubuntu SMP Wed Aug 15 16:00:05 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

[mortoray]

Perhaps useful:

1. Run: vim some_file.gpg
2. Prompted for password
3. Decryption fails
4. run: gpg -d some_file.gpg
5. decryption works

That would at least confirm it did connect to the agent and get/store the correct password, I think. Rerunning vim some_file.gpg avoids the password entry (due to gpg-agent), and gets the same decryption error.

[jamessan]

• Run vim --cmd 'let g:GPGDebugLevel=3' --cmd 'let g:GPGDebugLog="debug.txt"'
• :edit some_file.gpg
• Exit Vim and post the contents of debug.txt

[mortoray]

GnuPG: >>>>>>>> Entering s:GPGInit(1)
GnuPG: gnupg.vim 2.7.0-dev
GnuPG: shellredirsave: >%s 2>&1
GnuPG: shellsave: /bin/sh
GnuPG: shelltempsave: 1
GnuPG: shell: /bin/sh
GnuPG: shellcmdflag: -c
GnuPG: shellxquote: 
GnuPG: shellredir: >%s 2>&1
GnuPG: stderrredirnull: 2>/dev/null
GnuPG: shell implementation: /bin/dash
GnuPG: command: gpg --trust-model always --version 2>/dev/null
GnuPG: rc: 0
GnuPG: output: gpg (GnuPG) 2.2.4^@libgcrypt 1.8.1^@Copyright (C) 2017 Free Software Foundation, Inc.^@License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>^@This is free software: you are free to change and redistribute it.^@There is NO WARRANTY, to the extent permitted by law.^@^@Home: /home/edA-qa/.gnupg^@Supported algorithms:^@Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA^@Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,^@        CAMELLIA128, CAMELLIA192, CAMELLIA256^@Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224^@Compression: Uncompressed, ZIP, ZLIB, BZIP2^@
GnuPG: public key algorithms: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
GnuPG: cipher algorithms: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
GnuPG: hashing algorithms: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
GnuPG: compression algorithms: Uncompressed, ZIP, ZLIB, BZIP2
GnuPG: <<<<<<<< Leaving s:GPGInit()
GnuPG: >>>>>>>> Entering s:GPGDecrypt(1)
GnuPG: command: gpg --trust-model always --use-agent --verbose --decrypt --list-only --dry-run --no-use-agent --logger-fd 1 '/projects/notes.txt.gpg' 2>/dev/null
GnuPG: rc: 0
GnuPG: output: gpg: CAST5 encrypted data^@gpg: encrypted with 1 passphrase^@
GnuPG: this file is symmetric encrypted
GnuPG: cipher-algo is CAST5
GnuPG: called BufReadPre autocommand for /projects/notes.txt
GnuPG: decrypting file
GnuPG: command: silent read ++edit !gpg --trust-model always --use-agent --quiet --decrypt '/projects/notes.txt.gpg' 2>/dev/null
GnuPG: rc: 2
GnuPG: <<<<<<<< Leaving s:GPGDecrypt()

[mortoray]

Just testing, gpg --trust-model always --use-agent --quiet --decrypt '/projects/notes.txt.gpg' 2>/dev/null decrypts the file, but it's return value is 2. I guess that's triggering the error.

Maybe: https://unix.stackexchange.com/questions/50541/what-does-gpg-error-code-2gpg-err-unknown-packet-mean

Checking further, without redirecting the error I get:

gpg: WARNING: message was not integrity protected
gpg: Hint: If this message was created before the year 2003 it is
     likely that this message is legitimate.  This is because back
     then integrity protection was not widely used.
gpg: Use the option '--ignore-mdc-error' to decrypt anyway.
gpg: decryption forced to fail!

[mortoray]

I decrypted, then reencrypted the file and it works. I don't know what the integrity stuff is, but it's for sure the file was not created before the year 2003. In any case, this doesn't appear to be an issue with the plugin, but with GPG itself. Unless you want to add the --ignore-mdc-error to the command.

[jamessan]

Maybe it wasn't created by gpg, but some other tool that doesn't use MDC. GPG upstream explains the situation and how to detect this from the status output.

I'll track this with other error reporting improvements.

[p-phillips]

Hi.

I came across this bug today migrating from 16.04 to 18.04. I added the line

cipher-algo AES256

to ~/.gnupg/options, and I could then get gpg to decrypt on the command line but still had the problem with vim and vim.gnupg:

shell returned 2
Message could not be decrypted.

By accident I found that if I pressed <control>C (^C) then the decrypted buffer WOULD come up in the vim buffer.

I then saved the file and re-encrypted it, and at this stage (presumably because of the cipher line ?) it is encrypted in a way which doesn't cause problems with vim.gnupg anymore.