[GPGME] Repeated decrypt fails

Ben McGinnes ben at adversary.org
Thu May 17 17:35:02 CEST 2018

On Wed, May 16, 2018 at 10:54:52AM -0400, Randy Trinh wrote:
> Hi everyone,
> I'm fairly new to GnuPG and GPGME in general and I'm currently

Firstly, kudos for going straight to GPGME instead of wrapping the GPG
binary.  👍

> trying to implement a process in which a file is uploaded from a
> website in which case my program uses GPGME to decrypt the file
> returning true or false.

Does the website encrypt the file uploaded by (eventually) some end
user or do they encrypt the file first and then upload that which your
code subsequently decrypts?

> The first time I upload the file (a .tar.gz) and run
> "gpgme_op_decrypt_start" and then "gpgme_wait", the file is
> decrypted successfully in which case I can extract the contents, but
> if I upload the SAME original file again or any amount of times
> after the first instance, GPGME fails** to decrypt it.

Hmm, that's interestingly odd.

> Is there anything I may be doing wrong?

Maybe …

> **Fails: GPGME returns an error of success and a "decrypted" .tar.gz
> file that is empty -- The uploaded file in both instances can still
> be decrypted by calling GnuPG from command line but the only way to
> get GPGME to successfully decrypt after the first decryption is to
> restart my program.

Yeah, this is strange, but we'll need more info to work out what's
going on.  Are you able to share the code for what's happening here
and, if the website also encrypts the uploaded data, that bit too?

> (Is it also normal for GPGME to return an error of success for this
> instance as it has clearly failed/produced a corrupted file?
> Similarly it also returns an error result of success even when I
> upload a non-encrypted .tar.gz whereas GnuPG outputs that no OpenPGP
> data is found and the decrypt message has failed: eof)

No, that's not normal and I'm wondering how it happened, but there are
some functions which might do it and it may also depend on which
version(s) of GPG and GPGME you're using.  Which are they, by the way?

If it's not using the current release of GPGME; the first bit of
advice will be to try the current version checked out from the git
repo and see if it continues to do the same thing.  GPGME has received
a certain amount of love and attention over the last couple of years
more than it may have in the past and though there have been one or
two hiccups, it's still vastly improved for that (ongoing) effort.

Which at least means that it's a good time to start with it because
enough people are looking at its innards that answers shouldn't be too
far off.  😉


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180518/f82682d2/attachment.sig>

More information about the Gnupg-users mailing list