mail/mutt && security/gnupg (after gnupg20 -> gnupg) weirdness

David Wolfskill david at catwhisker.org
Tue Jan 2 18:20:23 UTC 2018 

I have been using mail/mutt & security/gnupg (latter switched to
security/gnupg20 back when gnupg20 port was created because of a
similar-looking issue to what's described in the first part of the
below narrative) for several years -- without enabling "gpgme" (in
case that turns out to be relevant).

As a result, I have a collection of messages that were sent to me that
contain information that was deemed suitable for encryption; I still
have occasion to refer to the contents of some of these messages, and
prefer to leave them stored in encrypted form when I am not actively
reading them.

This morning, during the daily update of installed ports on my
laptop, I saw:

        ===>>> The security/gnupg20 port moved to security/gnupg
        ===>>> Reason: Has expired: Will reach EOL upstream on 2017-12-31


OK.  I had vague memories that things didn't work very well last time
there was a "minor" upgrade to gnupg, so I deferred that part of the
upgrade until I could do a bit more research.

I soon found "Bug 196382 - security/gnupg breaks keyring on 2.1.1"
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196382>.  So I tried
the recipe listed in Comment 4, then verified that decryption still
worked (while gnupg20 was the version of gnupg that was installed).

That was successful, so I deleted security/gnupg20, then installed
security/gnupg; that done, I re-tried the decryption, which failed
("Could not decrypt PGP message"; "Could not copy message" -- these
messages from mutt).

I then re-did the recipe from Comment 4 (now that security/gnupg was
installed), then re-tried the decryption test; it (still) failed the
same way.

Trying the decryption again (under "ktrace -di") showed the following
messages being issued by gpg:

       "gpg: WARNING: no command supplied.  Trying to guess what you mean ..."

       "gpg: encrypted with 2048-bit RSA key, ID C8A5439CFA5A0A07, created 201\
        5-11-29"

       "      "David H. Wolfskill <david at catwhisker.org>"

       "gpg: public key decryption failed: Invalid IPC response"

       "gpg: decryption failed: No secret key"



Following a hint obtained by searching on the above (particularly
the "gpg: public key decryption failed: Invalid IPC response" message),
I logged in to a machine that still has security/gnupg20 and used

	gpg -e /etc/rc.conf

to encrypt a copy of that file with me as a recipient.  Decrypting
worked (as expected).

I then copied the rc.conf.gpg from that machine to my laptop (which now
has security/gnupg installed) and attempted the decryption -- and it
worked.

Given that, I thought that perhaps the (re-)installation of mail/mutt
had been what got things working again; I was thus quite surprised when
(about 3.5 hrs. later) I got in to work and had need to decrypt a
message on my laptop, and it -- again -- failed as described above.

As a reality check, I then re-tried the decryption of rc.conf.gpg (from
above); that worked.

After a couple quick shakes of my head to help ensure that I wasn't
hallucinating, I tried reading an encrypted email message (on the
laptop) again... and this time, it worked.

In fact, going back to the first "mutt" invocation that failed at work,
merely requesting to read a message Just Worked -- my passphrase was not
requested (as I had entered it less than 2 hours earlier).

This leaves me wondering if all of the above means that before
attempting to decrypt an encrypted email message via mutt, one is
supposed to (first) use bare gpg to decrypt a file -- but that seems
ridiculous to thye point of hostility....

Does anyone have insights, clues, or pointers to same to share?

Thanks!

Peace,
david
-- 
David H. Wolfskill				david at catwhisker.org
If you want the best Fake News, go to the best source of it: Donald J. Trump.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20180102/8fc6803f/attachment.sig>

More information about the freebsd-ports mailing list