gpgme fails encrypting on 64bit debian

Werner Koch wk at gnupg.org
Thu Apr 18 16:40:37 CEST 2013 

On Thu, 18 Apr 2013 09:33, simone.pagangriso at gmail.com said:

> from the debug info is that the encryption is successful but then there's
> an error right after(?). Thanks for your help, it's really appreciated!

Here is the interesing part (I removed the hex parts):

  _gpgme_io_read (fd=0x4): enter: buffer=0xea2980, count=1024
  _gpgme_io_read (fd=0x4): check: [...] [GNUPG:] INV_REC
  _gpgme_io_read (fd=0x4): check: [...] P 10 CD6029E7DD3
  _gpgme_io_read (fd=0x4): check: [...] 4991240FCFEE7D94
  _gpgme_io_read (fd=0x4): check: [...] 1FEB9C37DBF71.
  _gpgme_io_read (fd=0x4): leave: result=62

Or as one line:

  [GNUPG:] INV_RECP 10 CD6029E7DD34991240FCFEE7D941FEB9C37DBF71

Now if you look into GnuPG's doc/DETAILS:

  *** INV_RECP, INV_SGNR
    The two similar status codes:

    - INV_RECP <reason> <requested_recipient>
    - INV_SGNR <reason> <requested_sender>

    are issued for each unusable recipient/sender. The reasons codes
    currently in use are:

       -  0 :: No specific reason given
       -  1 :: Not Found
       -  2 :: Ambigious specification
       -  3 :: Wrong key usage
       -  4 :: Key revoked
       -  5 :: Key expired
       -  6 :: No CRL known
       -  7 :: CRL too old
       -  8 :: Policy mismatch
       -  9 :: Not a secret key
       - 10 :: Key not trusted
       - 11 :: Missing certificate
       - 12 :: Missing issuer certificate

Thus the key CD6029E7DD34991240FCFEE7D941FEB9C37DBF71 is not trusted.
You may either sign it locally using gpg, or use the encryption flags 
GPGME_ENCRYPT_ALWAYS_TRUST:

  flags = (GPGME_ENCRYPT_NO_ENCRYPT_TO
           | GPGME_ENCRYPT_ALWAYS_TRUST);
  err = gpgme_op_encrypt(ceofcontext, key, flags, source, dest);

To avoid checking the debnug log each time, you may want to add code
like:

  err = gpgme_op_encrypt (ctx, key, GPGME_ENCRYPT_ALWAYS_TRUST, in, out);
  fail_if_err (err);
  result = gpgme_op_encrypt_result (ctx);
  if (result->invalid_recipients)
    {
      fprintf (stderr, "Invalid recipient encountered: %s\n",
	       result->invalid_recipients->fpr);
      exit (1);
    }

You may use gpgme_op_encrypt_result even if an error is return,ed but in
this case you first need to check that the returned value is not NULL.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list