Bug in GnuPG

Joe Vender jvender at owensboro.net
Tue Jan 10 12:23:11 CET 2006 

This appears to be a bug in the latest GnuPG 1.4.3-cvs (tested on rev.3985).
I've also verified it in the official GnuPG 1.4.2 windows binary distributed
by GnuPG.org.

I started with an empty gpg.conf. Then, using the command line, I encrypt a
text file in the working directory as per the following:

gpg -o test2.txt --encrypt-to [my_key_id] -R [hidden_recipient_1] -R
[hidden_recipient_2] -eat test.txt


and then decrypt the encrypted file as per the following:
gpg test2.txt

the output looks like the following:


C:\GnuPG>gpg test2.txt
gpg: anonymous recipient; trying secret key 25A8679F ...
gpg: anonymous recipient; trying secret key 25A8679F ...

You need a passphrase to unlock the secret key for
user: "Joe Vender <jvender-at-owensboro.net>"
4096-bit ELG-E key, ID 25A8679F, created 2005-12-14 (main key ID 23F3119B)

gpg: encrypted with ELG-E key, ID 00000000
gpg: encrypted with ELG-E key, ID 00000000
gpg: encrypted with 4096-bit ELG-E key, ID 25A8679F, created 2005-12-14
      "Joe Vender <jvender-at-owensboro.net>"
gpg: test2.txt: unknown suffix
Enter new filename [test.txt]: test3.txt



Notice that it first states that it's trying my secret key and gives an
anonymous prompt. But, even after I've entered my passphrase correctly after
the first anonymous prompt, it asks for it again with the non-anonymous
prompt.

When encrypting to any number of anonymous recipients while also encrypting
non-anonymously to a key (or multiple keys) that I own, why does it do the
anonymous stuff before first checking to see if any given KeyIDs (keyIDs
sent with the encrypted block) belong to keys that I own and have the secret
key to on my ring? It looks like it should first check to see if any given
KeyIDs belong to a keypair on my ring, and if so, start with the
non-anonymous prompt for the passphrase of the first key I own of which the
message was encrypted to, skipping the anonymous prompt. In any case, why
didn't it accept my passphrase after the very first anonymous prompt in
which it stated it was trying my secret key?



*** *** ***
Also, another possible bug in GnuPG:

If the command line I send for decryption of the encrypted text file listed
above is:

gpg --status-fd 1 test2.txt



The output looks like:

C:\GnuPG>gpg --status-fd 1 test2.txt
[GNUPG:] ENC_TO 0000000000000000 16 0
gpg: anonymous recipient; trying secret key 25A8679F ...
[GNUPG:] USERID_HINT 60867A9925A8679F Joe Vender <jvender-at-owensboro.net>
[GNUPG:] NEED_PASSPHRASE 60867A9925A8679F 60867A9925A8679F 16 0
[GNUPG:] GOOD_PASSPHRASE
[GNUPG:] ENC_TO 0000000000000000 16 0
gpg: anonymous recipient; trying secret key 25A8679F ...
[GNUPG:] USERID_HINT 60867A9925A8679F Joe Vender <jvender-at-owensboro.net>
[GNUPG:] NEED_PASSPHRASE 60867A9925A8679F 60867A9925A8679F 16 0
[GNUPG:] GOOD_PASSPHRASE
[GNUPG:] ENC_TO 60867A9925A8679F 16 0
[GNUPG:] USERID_HINT 60867A9925A8679F Joe Vender <jvender-at-owensboro.net>
[GNUPG:] NEED_PASSPHRASE 60867A9925A8679F 70BD436E23F3119B 16 0

You need a passphrase to unlock the secret key for
user: "Joe Vender <jvender-at-owensboro.net>"
4096-bit ELG-E key, ID 25A8679F, created 2005-12-14 (main key ID 23F3119B)

Enter passphrase:




Notice that it starts with an anonymous prompt in which it states that its
trying my secret key, and, after I enter the correct passphrase for my key,
it reports the passphrase was good and again asks for the passphrase for my
secret key with an anonymous prompt! After I enter my passphrase correctly
for the second prompt, it again asks for my passphrase but with a
non-anonymous prompt!

[Note: I'm not caching my passphrase]

Apparently, when status-fd 1 is sent during decryption as above, it will
give multiple anonymous prompts even if your passphrase is entered
correctly, the number of prompts equal to the number of anonymous
recipients, followed by on final non-anonymous prompt listing your key
details if you happened to encrypt to yourself non-anonymously.

One last thing to note. If I have "throw-keyids" in my gpg.conf, then even
if I have my own KeyID after an "--encrypt-to" on the command line, the
first decryption attempt either succeeds or fails after entering the
passphrase in the first anonymous prompt depending upon whether it was
entered correctly or not. That is, UNLESS THE DECRYPTION COMMAND LINE
INCLUDES --status-fd in which case it gives a prompt for each recipient
encrypted to.


BUG

More information about the Gnupg-devel mailing list