From jim at meyering.net Sat Sep 3 10:26:07 2011 From: jim at meyering.net (Jim Meyering) Date: Sat, 03 Sep 2011 10:26:07 +0200 Subject: gpa fails to deal with my key: Invalid crypto engine Message-ID: <8739gexc9s.fsf@rho.meyering.net> [Also posted here: http://wald.intevation.org/forum/forum.php?thread_id=988&forum_id=27 Hello, gpa appears to be incapable of doing anything with my key. To demonstrate the problem, run these commands: (src/gpa was just built from git on Fedora 15: gpa-0.9.0-15-g71cfe73) gpg --keyring test --import \ <(wget -O - http://meyering.net/key/000BEEEE.gpg) src/gpa --keyring=test The main window appears, but also a "GPA Error" window, which says: The GPGME library returned an unexpected error. The error was: Invalid crypto engine This is probably a bug in GPA. GPA will now try to recover this error. CLOSE When I hit the CLOSE button, that window disappears, but it is immediately replaced by an identical one. That means I can never (afaik) manage to use the main window. From wk at gnupg.org Sun Sep 4 09:21:29 2011 From: wk at gnupg.org (Werner Koch) Date: Sun, 04 Sep 2011 09:21:29 +0200 Subject: gpa fails to deal with my key: Invalid crypto engine In-Reply-To: <8739gexc9s.fsf@rho.meyering.net> (Jim Meyering's message of "Sat, 03 Sep 2011 10:26:07 +0200") References: <8739gexc9s.fsf@rho.meyering.net> Message-ID: <878vq44vt2.fsf@vigenere.g10code.de> Hi, just a few quick comments for now: On Sat, 3 Sep 2011 10:26, jim at meyering.net said: > gpg --keyring test --import \ > <(wget -O - http://meyering.net/key/000BEEEE.gpg) gpg --keyring test --fetch-key http://meyering.net/key/000BEEEE.gpg is easier ;-) > src/gpa --keyring=test GPA does not support --keyring with a value. --keyring merely means to start with the key manager. > The GPGME library returned an unexpected > error. The error was: To debug this you may do GPGME_DEBUG=9:/foo/gpgme.log src/gpa --keyring watch out for gpg started with --version. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jim at meyering.net Sun Sep 4 10:49:03 2011 From: jim at meyering.net (Jim Meyering) Date: Sun, 04 Sep 2011 10:49:03 +0200 Subject: gpa fails to deal with my key: Invalid crypto engine In-Reply-To: <878vq44vt2.fsf@vigenere.g10code.de> (Werner Koch's message of "Sun, 04 Sep 2011 09:21:29 +0200") References: <8739gexc9s.fsf@rho.meyering.net> <878vq44vt2.fsf@vigenere.g10code.de> Message-ID: <87ipp8u1z4.fsf@rho.meyering.net> Werner Koch wrote: > just a few quick comments for now: > > On Sat, 3 Sep 2011 10:26, jim at meyering.net said: > >> gpg --keyring test --import \ >> <(wget -O - http://meyering.net/key/000BEEEE.gpg) > > gpg --keyring test --fetch-key http://meyering.net/key/000BEEEE.gpg > > is easier ;-) And more portable ;-) Thanks! >> src/gpa --keyring=test > > GPA does not support --keyring with a value. --keyring merely means to > start with the key manager. > >> The GPGME library returned an unexpected >> error. The error was: > > To debug this you may do > > GPGME_DEBUG=9:/foo/gpgme.log src/gpa --keyring > > watch out for gpg started with --version. Thanks. It reports gpg2, which is gnupg2-2.0.17-1.fc15.x86_64 Here's a reproducer that imports into an empty $HOME and .gnupg directory: #!/bin/sh d=$(mktemp -d) echo $d mkdir -p $d/.gnupg export HOME=$d gpg --fetch-key http://meyering.net/key/000BEEEE.gpg # Or wherever you have gpa cloned GPGME_DEBUG=9:/foo/gpgme.log ~/w/gpa/src/gpa Here's the full log: -------------- next part -------------- A non-text attachment was scrubbed... Name: gpgme.log.gz Type: application/octet-stream Size: 15099 bytes Desc: not available URL: From wk at gnupg.org Tue Sep 6 17:24:57 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 06 Sep 2011 17:24:57 +0200 Subject: gpa fails to deal with my key: Invalid crypto engine In-Reply-To: <87ipp8u1z4.fsf@rho.meyering.net> (Jim Meyering's message of "Sun, 04 Sep 2011 10:49:03 +0200") References: <8739gexc9s.fsf@rho.meyering.net> <878vq44vt2.fsf@vigenere.g10code.de> <87ipp8u1z4.fsf@rho.meyering.net> Message-ID: <87k49l3d86.fsf@vigenere.g10code.de> On Sun, 4 Sep 2011 10:49, jim at meyering.net said: > Here's a reproducer that imports into an empty $HOME and .gnupg directory: > > #!/bin/sh > d=$(mktemp -d) > echo $d > mkdir -p $d/.gnupg > export HOME=$d That makes X non working on my system. Thus I used GNUPGHOME for a quick test. I found no problem with my current installation - however this is 2.1 and not 2.0.17. I better test it on a plain amd64 box - but not today. > Here's the full log: I can't spot an obvious problem. Debugging gpa might be easier for me. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jim at meyering.net Mon Sep 19 21:22:53 2011 From: jim at meyering.net (Jim Meyering) Date: Mon, 19 Sep 2011 21:22:53 +0200 Subject: gpa fails to deal with my key: Invalid crypto engine In-Reply-To: <87k49l3d86.fsf@vigenere.g10code.de> (Werner Koch's message of "Tue, 06 Sep 2011 17:24:57 +0200") References: <8739gexc9s.fsf@rho.meyering.net> <878vq44vt2.fsf@vigenere.g10code.de> <87ipp8u1z4.fsf@rho.meyering.net> <87k49l3d86.fsf@vigenere.g10code.de> Message-ID: <87litk2v76.fsf@rho.meyering.net> Werner Koch wrote: > On Sun, 4 Sep 2011 10:49, jim at meyering.net said: > >> Here's a reproducer that imports into an empty $HOME and .gnupg directory: >> >> #!/bin/sh >> d=$(mktemp -d) >> echo $d >> mkdir -p $d/.gnupg >> export HOME=$d > > That makes X non working on my system. Thus I used GNUPGHOME for a > quick test. I found no problem with my current installation - however > this is 2.1 and not 2.0.17. I better test it on a plain amd64 box - but > not today. > >> Here's the full log: > > I can't spot an obvious problem. Debugging gpa might be easier for me. Did you manage to reproduce the failure? I've just built gnupg using the latest of all of these from git: gnupg libassuan libgpg-error libgcrypt libksba (with the caveat that I had to work around a build failure due to libgcrypt's recent removal of gcry_md_start_debug, as I've just posted to gnupg-devel) Even with that, I still end up with the pesky undismissable "GPA error" dialog. For the record, gpg2 now reports this: $ gpg2 --version gpg (GnuPG) 2.1.0-git0dcf517 libgcrypt 1.6.0-gitba71277 From wk at gnupg.org Tue Sep 20 10:23:16 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 20 Sep 2011 10:23:16 +0200 Subject: gpa fails to deal with my key: Invalid crypto engine In-Reply-To: <87litk2v76.fsf@rho.meyering.net> (Jim Meyering's message of "Mon, 19 Sep 2011 21:22:53 +0200") References: <8739gexc9s.fsf@rho.meyering.net> <878vq44vt2.fsf@vigenere.g10code.de> <87ipp8u1z4.fsf@rho.meyering.net> <87k49l3d86.fsf@vigenere.g10code.de> <87litk2v76.fsf@rho.meyering.net> Message-ID: <87ehzbsjuz.fsf@vigenere.g10code.de> On Mon, 19 Sep 2011 21:22, jim at meyering.net said: > Did you manage to reproduce the failure? No. I tried to reproduce but it worked (Debian Sid on x86). > gnupg > libassuan > libgpg-error > libgcrypt > libksba I use the same except for Libgcrypt which is 1.5.0 due to the ABI change. But that is not the problem. > > Even with that, I still end up with the pesky undismissable > "GPA error" dialog. >From the log: gpgme_set_protocol: enter: ctx=0x9d9600, protocol=1 (CMS) gpgme_set_protocol: check: ctx=0x9d9600, releasing ctx->engine=0x958ae0 gpgme_set_protocol: leave gpgme_op_keylist_start: enter: ctx=0x9d9600, pattern=(null), secret_only=1 gpgme_op_keylist_start: error: Invalid crypto engine Do you have any X.509 key? I have not tested without. Let's try to set cms_hack = 1; /* CMS is now always enabled. */ in gpa/src/gpa.c to 0. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jim at meyering.net Tue Sep 20 10:38:50 2011 From: jim at meyering.net (Jim Meyering) Date: Tue, 20 Sep 2011 10:38:50 +0200 Subject: gpa fails to deal with my key: Invalid crypto engine In-Reply-To: <87ehzbsjuz.fsf@vigenere.g10code.de> (Werner Koch's message of "Tue, 20 Sep 2011 10:23:16 +0200") References: <8739gexc9s.fsf@rho.meyering.net> <878vq44vt2.fsf@vigenere.g10code.de> <87ipp8u1z4.fsf@rho.meyering.net> <87k49l3d86.fsf@vigenere.g10code.de> <87litk2v76.fsf@rho.meyering.net> <87ehzbsjuz.fsf@vigenere.g10code.de> Message-ID: <87pqivtxph.fsf@rho.meyering.net> Werner Koch wrote: > On Mon, 19 Sep 2011 21:22, jim at meyering.net said: > >> Did you manage to reproduce the failure? > > No. I tried to reproduce but it worked (Debian Sid on x86). > >> gnupg >> libassuan >> libgpg-error >> libgcrypt >> libksba > > I use the same except for Libgcrypt which is 1.5.0 due to the ABI > change. But that is not the problem. >> >> Even with that, I still end up with the pesky undismissable >> "GPA error" dialog. > >>From the log: > > gpgme_set_protocol: enter: ctx=0x9d9600, protocol=1 (CMS) > gpgme_set_protocol: check: ctx=0x9d9600, releasing ctx->engine=0x958ae0 > gpgme_set_protocol: leave > gpgme_op_keylist_start: enter: ctx=0x9d9600, pattern=(null), secret_only=1 > gpgme_op_keylist_start: error: Invalid crypto engine > > Do you have any X.509 key? No. That you always use one makes me wonder. Would you recommend doing so, in general? > I have not tested without. Let's try to set > > cms_hack = 1; /* CMS is now always enabled. */ > > in gpa/src/gpa.c to 0. I made that change, recompiled gpa, and now it works. Thanks! From wk at gnupg.org Tue Sep 20 11:46:19 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 20 Sep 2011 11:46:19 +0200 Subject: gpa fails to deal with my key: Invalid crypto engine In-Reply-To: <87pqivtxph.fsf@rho.meyering.net> (Jim Meyering's message of "Tue, 20 Sep 2011 10:38:50 +0200") References: <8739gexc9s.fsf@rho.meyering.net> <878vq44vt2.fsf@vigenere.g10code.de> <87ipp8u1z4.fsf@rho.meyering.net> <87k49l3d86.fsf@vigenere.g10code.de> <87litk2v76.fsf@rho.meyering.net> <87ehzbsjuz.fsf@vigenere.g10code.de> <87pqivtxph.fsf@rho.meyering.net> Message-ID: <8739frsg0k.fsf@vigenere.g10code.de> On Tue, 20 Sep 2011 10:38, jim at meyering.net said: > That you always use one makes me wonder. I don't use it really. However I have a couple of test keys and I also store SSL server keys with gpgsm. > Would you recommend doing so, in general? No. > I made that change, recompiled gpa, and now it works. > Thanks! I'll look into this. This is probably a long standing bug. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Sep 20 21:17:15 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 20 Sep 2011 21:17:15 +0200 Subject: gpa fails to deal with my key: Invalid crypto engine In-Reply-To: <8739frsg0k.fsf@vigenere.g10code.de> (Werner Koch's message of "Tue, 20 Sep 2011 11:46:19 +0200") References: <8739gexc9s.fsf@rho.meyering.net> <878vq44vt2.fsf@vigenere.g10code.de> <87ipp8u1z4.fsf@rho.meyering.net> <87k49l3d86.fsf@vigenere.g10code.de> <87litk2v76.fsf@rho.meyering.net> <87ehzbsjuz.fsf@vigenere.g10code.de> <87pqivtxph.fsf@rho.meyering.net> <8739frsg0k.fsf@vigenere.g10code.de> Message-ID: <87sjnrqb0k.fsf@vigenere.g10code.de> On Tue, 20 Sep 2011 11:46, wk at gnupg.org said: > I'll look into this. This is probably a long standing bug. Fixed. Detect a uninstalled GPGSM Without GPGSM being installed we ran into an endless loop of warning about invalid engines. With this change we detect it and disable the X.509 support. Also added an option to disable X.509 on the command line or via the conf file. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jim at meyering.net Tue Sep 20 22:41:33 2011 From: jim at meyering.net (Jim Meyering) Date: Tue, 20 Sep 2011 22:41:33 +0200 Subject: gpa fails to deal with my key: Invalid crypto engine In-Reply-To: <87sjnrqb0k.fsf@vigenere.g10code.de> (Werner Koch's message of "Tue, 20 Sep 2011 21:17:15 +0200") References: <8739gexc9s.fsf@rho.meyering.net> <878vq44vt2.fsf@vigenere.g10code.de> <87ipp8u1z4.fsf@rho.meyering.net> <87k49l3d86.fsf@vigenere.g10code.de> <87litk2v76.fsf@rho.meyering.net> <87ehzbsjuz.fsf@vigenere.g10code.de> <87pqivtxph.fsf@rho.meyering.net> <8739frsg0k.fsf@vigenere.g10code.de> <87sjnrqb0k.fsf@vigenere.g10code.de> Message-ID: <87sjnrosjm.fsf@rho.meyering.net> Werner Koch wrote: > On Tue, 20 Sep 2011 11:46, wk at gnupg.org said: > >> I'll look into this. This is probably a long standing bug. > > Fixed. > > > Detect a uninstalled GPGSM > > Without GPGSM being installed we ran into an endless loop of warning > about invalid engines. With this change we detect it and disable the > X.509 support. Also added an option to disable X.509 on the command > line or via the conf file. Quick service. Thank you!