GPGME_No_Matching_Secret_Key error code missing

Marcus Brinkmann Marcus.Brinkmann@ruhr-uni-bochum.de
Wed Feb 12 01:49:02 2003


Hi Ingo,

thanks for your bug report.

On Tue, Feb 11, 2003 at 11:33:37PM +0100, Ingo Klöcker wrote:
> why is there no GPGME_No_Matching_Secret_Key (or similar) error code? 
> Currently (gpgme 0.3.x used by KMail w/ Ägypten) 
> gpgme_op_decrypt_verify() returns GPGME_No_Passphrase if the user 
> doesn't have a secret key which can be used to decrypt the message. How 
> are we supposed to tell our users the real reason for the failure of 
> the decryption?

Is this with GnuPG or Gpgsm, and which version?

I can not reproduce this.  With GnuPG, you should get
GPGME_Decryption_Failed, with GpgSM you should get GPGME_Invalid_Key.  Both
are suboptimal, but better than the GPGME_No_Passphrase.  Do you use a file
that is encrypted for only one recipient (whose secret key is not available)
or for more?  Please include the output of "gpg --status-fd=2 -d <file>" if
in doubt (or gpgsm --server 4< <file> with command "INPUT FD=4" "OUTPUT FD=2"
and "DECRYPT").

> Furthermore why is the error called GPGME_No_Passphrase anyway if it is 
> returned in case of a _wrong_ passphrase? Why isn't it called 
> GPGME_Wrong_Passphrase? Or is there a third error for which 
> GPGME_No_Passphrase is returned?

No Passphrase is returned for a wrong passphrase and if the user just
presses enter a couple of times.  The same error code is used for both
situations, and the reason it is named No instead Bad passphrase is probably
just an historical artefact.  If you have an interest in differentiating
the cases "no passphrase entered" and "bogus passphrase entered", please
just say so and we can add the necessary new status code.  But I am not
going to add it if nobody is using it anyway.  If you are not interested in
differentiating the two cases, I think I am going to rename No_Passphrase to
Bad_Passphrase to make it more clear and fix the documentation (which
currently says that it is used for no passphrase and doesn't mention bad
passphrases at all).

> Please in the future return different error codes for different errors. 

Sure, that's the goal, although in some cases (as the No vs Bad passphrase)
I have doubts if a distinction is really needed and wanted.  However,
currently, there are a lot of cases where error reporting is only marginal
or even incorrect, as you found out (see engine-gpgsm.c::assuan_map_error,
or export.c's status handler for examples).

> Or do you expect the gpgme users to show their users a list of possible 
> reasons for the failure?

Please also see README-alpha.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    marcus@gnu.org
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de/