gpg usage in pine (mailers in general)

Jordan Ritter jpr5 at
Fri Mar 5 11:41:21 CET 1999

	I've been using gpg as a 'mail-filter' in pine for a while now,
and there's one quirk in its behaviour that really irks me: if you mistype
your passphrase, it doesn't matter if you type it correctly subsequent
times; it will still exit() with a non-zero error code.  

This is because seckey-cert.c:check_secret_key() uses log_error() (which
increments a global log_error counter), and when gpg exits:

    rc = rc? rc : log_get_errorcount(0)? 2 :
                        g10_errors_seen? 1 : 0;
    exit(rc );

Yes, in reality it's an error that an incorrect passphrase was keyed in,
but given the way things are currently implemented it's still considered
an error even if I type my passphrase correctly afterwards. This is bad
for mailers like pine and probably others, which watch return error codes
of filters or piped programs.

Applying the tiny patch at the end of this mail doesn't break catching a
3-time bad password error:

gpg: no default secret key: bad passphrase
gpg: [stdin]: clearsign failed: bad passphrase


Jordan Ritter                            
Network Security Engineer                
Netect, Inc.  Boston, MA      

"Quis custodiet ipsos custodes?" 

--- gnupg-0.9.3/g10/seckey-cert.c       Tue Feb 16 04:35:05 1999
+++ gnupg-0.9.3-jpr5/g10/seckey-cert.c  Fri Mar  5 10:41:23 1999
@@ -173,7 +173,7 @@

     for(i=0; i < n && rc == G10ERR_BAD_PASS; i++ ) {
        if( i )
-           log_error(_("Invalid passphrase; please try again ...\n"));
+           log_info(_("Invalid passphrase; please try again ...\n"));
        rc = do_check( sk );
        if( have_static_passphrase() )

More information about the Gnupg-devel mailing list