UTF8 passphrase problem (I think)

Fri Jul 23 22:01:12 CEST 2004

Atom 'Smasher' wrote:

> for the keys that you're having problems with, have you tried to
> change (or reset) the passphrase using --edit-key (passwd, save)?? if
> it fails, what's the failure message? does it give you three tries to
> enter the passphrase?

Passwd fails the same way as adduid.  Jumping ahead a bit by showing the
edit attempt on the exported version:

tom at jeeves:~> gpg --home ~/gpg-junk/ --edit-key 07cf11c6
gpg: WARNING: unsafe permissions on homedir "/home/tom/gpg-junk/"
gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Secret key is available.

gpg: checking the trustdb
gpg: no ultimately trusted keys found
pub  1024D/07CF11C6  created: 2003-09-16 expires: never      trust: -/-
sub  1024g/4EA3E9C5  created: 2003-09-16 expires: never
(1). Tom Hardy <rhardy at visi.com>

Command> passwd
Key is protected.

You need a passphrase to unlock the secret key for
user: "Tom Hardy <rhardy at visi.com>"
1024-bit DSA key, ID 07CF11C6, created 2003-09-16

gpg: Invalid passphrase; please try again ...

You need a passphrase to unlock the secret key for
user: "Tom Hardy <rhardy at visi.com>"
1024-bit DSA key, ID 07CF11C6, created 2003-09-16

gpg: Invalid passphrase; please try again ...

You need a passphrase to unlock the secret key for
user: "Tom Hardy <rhardy at visi.com>"
1024-bit DSA key, ID 07CF11C6, created 2003-09-16

Can't edit this key: bad passphrase

Command> q

> try that first... then.... hold on tight...
> 
> 1) backup your keyrings.
> 
> 2) make a junk directory:
>  mkdir ~/junk

~/gpg-junk, as shown above.

> 3) export the problem keys from the old keyring to the "junk"
> directory:
>  gpg --export {key-id} | gpg --home ~/junk --import
>  gpg --export-secret-key {key-id} | gpg --home ~/junk --import
> if that fails, what's the error message?

Interesting thing here, when I tried pasting and editing your example I
got stuff like this:

tom at jeeves:~> gpg --export {07cf11c6} | gpg --home ~/gpg-junk --import
bash: gpg --export {07cf11c6} : command not found
bash:  gpg --home ~/gpg-junk --import: No such file or directory

But when I typed it all directly, it worked.  Shows, I guess, that
character encoding can be non-obvious.  I have your mail available on a
news spool.  I opened it in a hex editor and the relevant part is all
ASCII; spaces are 0x20.  I copied my pasted version into the hex
editor; spaces are 0xa0.  I copied my typed version in and spaces are
0x20.  I'm not sure of the significance, but I do suspect I am having
problems with the encoding, after all.
> 
> 4) you now have the public and private (problem) keys in a new
> keyring. edit the new keyring and try to reset the passphrase (passwd,
> save):
>  gpg --home ~/junk --edit-key {key-id}
> if that fails, what's the error message?

As shown above.  I tried both before and after exporting; same result.
> 
> 5) *if* that works, then purge the keys from the old keyring and
> import from the "junk" keyring:
>  gpg --home ~/junk --export | gpg --import
>  gpg --home ~/junk --export-secret-keys | gpg --import
> 
> i actually don't have high hopes for this, but it *might* do the
> trick... or at least reveal some error messages that might point in
> the right direction. depending on your error message, i'm beginning to
> suspect that you may have lost the passphrases. did you do anything
> weird with uppercase/ lowercase letters? or substituting numbers for
> letters? or anything weird with spaces or punctuation?

No.  I used mostly lowercase, some uppercase, some punctuation, all
ASCII.  I don't think I've forgotten the passphrase.  Or do you mean
gpg could have lost the passphrase?  If so, I still have the original
PGP 5 keyrings on a DOS formatted floppy, and I've never used the GPG
one from last year, so I could just get rid of it, but it could be
helpful in working out what is going on.  I'll keep it for now.

I also found a script, /bin/unicode_stop.  Tried it and it made no
difference, but here it is anyway:

#!/bin/sh
# stop unicode
TTY=`/usr/bin/tty`
case $TTY in
        /dev/console|/dev/tty[0-9]*)
                ;;
        *)
                echo "unicode_stop skipped on $TTY"
                exit 0
                ;;
esac
kbd_mode -a
echo -n -e '\033%@'

# "dumpkeys | loadkeys --unicode" which is called in "unicode_start"
# cannot be reverted, therefore we have to load the keyboard mapping
again
# if it could be sucessfully saved in "unicode_start":

test -r $HOME/.kbd/.keymap_sv && loadkeys $HOME/.kbd/.keymap_sv

-- 
Tom Hardy  <*>  rhardy at visi.com  <*>  http://www.visi.com/~rhardy
  Just don't create a file called -rf. --Larry Wall