Passphrase of GPG-generated key not accepted

Albrecht Dreß albrecht.dress at arcor.de
Sat Aug 13 15:03:19 CEST 2005 

Am 13.08.05 13:41 schrieb(en) Daniel Link:
> Wouldn't it be a good idea to include character encoding information in
> keys? I think so.

RFC 2440, section 3.4 [1] states that "the default character set for text  
is the UTF-8 encoding". I am not sure if this applies to the messages only  
and not to the key contents, though. The passphrase, however, is just a  
"stream of bytes", and no assumption should be made about a "meaning"  
(read: encoding and possible translation between different ones) of its  
contents.

> Many people don't use UTF-8 yet.

I don't think this is true, at least for all gui applications in the UNIX  
world. KDE (read: the qt library) and Gnome2.x (read: Gtk+-2) are  
completely and exclusively utf-8. I'm not sure about other popular widget  
libs (e.g. Motif & friends), but the general trend seems to use utf8  
everywhere, maybe except for terminal apps (i.e. xterm).

> Demanding such configuration like you mentioned from all these users  
> sounds unreasonable to me.

If you think about the problems regarding the use of gpg (i.e. entering  
the passphrase) in a terminal, I think the better solution is to install  
gpg-agent and to use a gui pinentry for this purpose. It (a) removes the  
encoding problem (b) provides a *secure* passphrase cache and (c) imho  
makes using the various crypto apps a lot easier.

If you don't want to install the whole chain to get the agent running, you  
might want to look at seahorse [2] which also provides a (simpler) agent  
solution. I don't know how secure it is, though.

> Changing the key already sent to key servers and several people from my
> address book doesn't sound very appealing to me either.

Afaik, changing the passphrase of your *private* key doesn't alter the  
contents of the public key in any way. And you don't want to publish your  
private key ;-)...

> Perhaps you'll beg to differ, but in my opinion an application like GPA  
> should work out of the box, no matter which encoding.

Sure it should! However, I think the problem at this point is mixing the  
use of utf8 applications (gpa, pinentry, seahorse, kmail, balsa, evo,  
Thunderbird/Enigmail) and iso8859 terminal apps (command line gpg). So,  
again, if you just use gpg-agent and pinentry-gtk2, you will *never* run  
into trouble!

> $ CFLAGS="-O0 -g -O2 -march=pentium4 -fomit-frame-pointer" ./configure \
                    ^^^                 ^^^^^^^^^^^^^^^^^^^^
Just a remark: you should never activate these optimisations if you want  
to debug code. On RISC processors (I use a PowerPC), a lot of information  
may be lost, which is usually prevented by using -O0...

> (gdb) bt full
> #0  0x0805001a in gpa_window_show_centered (widget=0x827b1d8,
> parent=0x0) at gtktools.c:47
[snipped bt]

Unfortunately, I'm not a gpa developer. Anyone listening out there?

Cheers, Albrecht.

[1] http://www.ietf.org/rfc/rfc2440.txt
[2] http://seahorse.sourceforge.net/

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Albrecht Dreß  -  Johanna-Kirchner-Straße 13  -  D-53123 Bonn (Germany)
        Phone (+49) 228 6199571  -  mailto:albrecht.dress at arcor.de
    GnuPG public key:  http://home.arcor.de/dralbrecht.dress/pubkey.asc
_________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050813/4d5a2c5b/attachment-0001.pgp

More information about the Gpa-dev mailing list