search

ueno / ruby-gpgme

a ruby interface to GnuPG Made Easy (GPGME).
GNU Lesser General Public License v2.1
231 stars 99 forks source link

GPGME::Error::BadPassphrase when using decrypt without pinentry dialog box #64

Open JimEvansIntox opened 9 years ago

JimEvansIntox commented 9 years ago

Steps to reproduce: Run bundle exec rails c Run the following crypto = GPGME::Crypto.new :armor=>true decrypted_object = crypto.decrypt(encrypted_data, :password => my_password) The Pinentry Mac dialog box appears as expected Copy my password from my_password and paste into dialog box. Text is decrypted as expected. Exit the rails console. Open up ~/.gnupg/gpg-agent.conf and add pinentry-program /usr/bin/pinentry-curses to avoid having that dialog box come up Save and close Run echo RELOADAGENT | gpg-connect-agent to load the change Run bundle exec rails c run the following (same as above) crypto = GPGME::Crypto.new :armor=>true decrypted_object = crypto.decrypt(encrypted_data, :password => my_password) Now I get the error: GPGME::Error::BadPassphrase: GPGME::Error::BadPassphrase from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/ctx.rb:398:in decrypt_verify' from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/crypto.rb:172:inblock in decrypt' from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/ctx.rb:71:in new' from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/crypto.rb:170:indecrypt'

Research indicates I'm using an incompatible version of gnupg, i.e. 2.0., however: gpg --version gives: gpg (GnuPG) 1.4.19 Home: ~/.gnupg and gpg2 --version gives: gpg (GnuPG) 2.1.4 libgcrypt 1.6.3 Home: ~/.gnupg

And finally, GPGME::Engine.info gives:

GPGME::EngineInfo:0x007fe4b8e8d2e0 @protocol=0, @file_name="/usr/local/bin/gpg2", @version="2.1.4", @req_version="1.4.0",

GPGME::EngineInfo:0x007fe4b8e8d218 @protocol=1, @file_name="/usr/local/bin/gpgsm", @version="2.1.4", @req_version="2.0.4",

GPGME::EngineInfo:0x007fe4b8e8d178 @protocol=2, @file_name="/usr/local/bin/gpgconf", @version="2.1.4", @req_version="2.0.4",

GPGME::EngineInfo:0x007fe4b8e8d0d8 @protocol=3, @file_name="/Users/jevans/.gnupg/S.gpg-agent", @version="1.0", @req_version="1.0", @home_dir="!GPG_AGENT",

GPGME::EngineInfo:0x007fe4b8e8d010 @protocol=6, @file_name="/nonexistent", @version="1.0", @req_version="1.0"

Other info: Mac 10.10.3 Installed GPG Tools - GPG Suite Beta 6 (gnupg 2.0.27) Installed gpg2 via make Installed gpg 1.4 via brew

Soo.....Any guidance on how to use the passphrase via the script rather than via the dialog box?

ueno commented 9 years ago

does pinentry-curses work if you run gpg2 from the command line? anyway, if you are using GnuPG 2.1, you can try loopback pinentry:

$ echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf

in your program:

plain = crypto.decrypt(cipher, {
                         :pinentry_mode => GPGME::PINENTRY_MODE_LOOPBACK,
                         :password => 'test'
                       })
JimEvansIntox commented 9 years ago

Thank you for the quick response. I made the modifications you suggested and had there same issue. At that point I drank too much coffee, uninstalled gpg and gpg2 and just installed gpg 1.4 and used 2.0.4 of the gem. I then got an engine error and fixed that by creating a symlink from /bin/local/gpg to /bin/local/gpg2

And then it worked! The script I¹m working on is going to be in production for a short time so this works for me. Thanks again. Jim Evans Intoximeters 2081 Craig Road | St. Louis, MO 63146 | (314) 429-4000 x207 | http://www.intox.com http://www.intox.com/

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, immediately contact the sender by reply e-mail and destroy all copies of the original message.

From: Daiki Ueno notifications@github.com Reply-To: ueno/ruby-gpgme <reply+00aa6294013ee8b011cefc83ea753d591e0e9e93c798680292cf000000011188bad59 2a169ce0512b664@reply.github.com> Date: Thursday, June 4, 2015 at 8:18 PM To: ueno/ruby-gpgme ruby-gpgme@noreply.github.com Cc: Jim Evans jevans@intoxitrack.net Subject: Re: [ruby-gpgme] GPGME::Error::BadPassphrase when using decrypt without pinentry dialog box (#64)

does pinentry-curses work if you run gpg2 from the command line? anyway, if you are using GnuPG 2.1, you can try loopback pinentry:

$ echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf in your program:

plain = crypto.decrypt(cipher, { :pinentry_mode => GPGME::PINENTRY_MODE_LOOPBACK, :password => 'test' }) ‹ Reply to this email directly or view it on GitHub https://github.com/ueno/ruby-gpgme/issues/64#issuecomment-109112965 .

tcaduto commented 8 years ago

There is a way to prevent the pinentry completely if using gpg.exe 1.4.
The reason it uses the pinentry is because gpg4win is installed else where and when your copy of gpgme executes it finds gpgconf.exe and then uses the stupid pinentry instead of the callback. If you find gpgconf.exe and delete it that will prevent pinentry agent from executing. If you use gpg2.exe AKA the modern version this won't work.