gpgme_set_passphrase_cb not cooperating...

Mike Inman mangocats at gmail.com
Wed Mar 21 23:53:07 CET 2018 

Hello,

I've been struggling with using gpgme_set_passphrase_cb() in an automated
environment (#include <gpgme.h> C gpgme in a C++ program) - it doesn't seem
to have any effect, I still get the system prompts for passphrases.  The
files encrypt and decrypt as one would expect, but due to the automated
end-use case, the user prompts are not acceptable.

I've tried adding: gpgme_set_pinentry_mode( ctx,
GPGME_PINENTRY_MODE_LOOPBACK ); to the code, and then I don't get the
prompts anymore, but the encrypt function returns without an error code,
and the output (cipher) file is zero length.

This is my encrypt function meat:

{{{

LOG_FAIL_IF_GPGERR( initGpgme() )

LOG_FAIL_IF_GPGERR( gpgme_new( &ctx ) )

// gpgme_set_pinentry_mode( ctx, GPGME_PINENTRY_MODE_LOOPBACK );

gpgme_set_passphrase_cb( ctx, passphraseCallback, NULL );

LOG_FAIL_IF_GPGERR( gpgme_data_new_from_file(  &plain,
fi.filePath().toLatin1().data(), 1 ) )

LOG_FAIL_IF_GPGERR( gpgme_data_set_encoding (   plain,
GPGME_DATA_ENCODING_BINARY         ) )

LOG_FAIL_IF_GPGERR( gpgme_data_new_from_fd  ( &cipher,
outFile.handle()                   ) )

LOG_FAIL_IF_GPGERR( gpgme_data_set_encoding (  cipher,
GPGME_DATA_ENCODING_BINARY         ) )

// recp[0] = settingsKey;

// recp[1] = NULL; // using symmetric encryption instead

LOG_FAIL_IF_GPGERR( gpgme_op_encrypt( ctx, NULL, flags, plain, cipher ) );

gpgme_data_release( plain );

gpgme_data_release( cipher );

gpgme_release( ctx );

outFile.close();

}}}


and, for the moment, the passphrase callback returns a fixed string,
but as far as I can tell, it never gets called in either case:


{{{

extern "C" {

gpgme_error_t passphraseCallback(void *hook, const char *uid_hint,
const char *passphrase_info, int prev_was_bad, int fd);

}


gpgme_error_t passphraseCallback(void *hook, const char *uid_hint,
const char *passphrase_info, int prev_was_bad, int fd)

{ qInfo( "passphraseCallback( hook:%llx uid_hint:%s passphrase_info:%s
prev_was_bad:%d", (long long)hook, uid_hint, passphrase_info,
prev_was_bad );

  char phrase[103];

  strncpy(phrase, "CorrectHorseBatteryStaple", 100);

  strcat(phrase, "\n");


  if ( gpgme_io_writen( fd, phrase, strlen(phrase) ) != 0 )

    return GPG_ERR_USER_1;

  return GPG_ERR_NO_ERROR;

}

}}}


I have used similar code to work with private/public key pairs that
have no passphrase assigned and they seem to be working as expected,
but I think in this application I'd rather use symmetric encryption
with the passphrase obscured in my executable code.


Which versions of gpg/gpgme support passphrase callback setting for
symmetric encryption?  My gpgme_check_version returns 1.5.5 and gpg
--version returns 1.4.18 in Ubuntu 15.10


Any help would be appreciated.


Thanks,


Mike Inman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180321/ee66117f/attachment-0001.html>

More information about the Gnupg-users mailing list