Weird filename on decryption: name="-&11"

Question

Weird filename on decryption: name="-&11"

Opened this issue 10 years ago · 8 comments

User prompted to save decrypted file into weird filename.

$ gpg  encrypted.file
You need a passphrase to unlock the secret key for
...
gpg: encrypted with 4096-bit ELG-E key, ID...
gpg: encrypted.file: unknown suffix
Enter new filename [-&11]:

$ gpg --list-packets encrypted.file
...
:compressed packet: algo=2
:literal data packet:
        mode b (62), created 1428044156, name="-&11",
        raw data: unknown length

Data was encrypted with simple GPGME::Crypto.new.encrypt('data', :recipients => 'xxxxxxxx').

My guess, this is related to file descriptor redirection.

Answer 1 · 2015-04-03T08:53:28.000Z

"-&N" is a special filename which gpg and GPGME (C library) use to denote a file descriptor. see --enable-special-filenames option of gpg:
https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html#index-enable_002dspecial_002dfilenames

however, I can't reproduce it with gpg 2.0.25. maybe it has been fixed in gpg itself?

Answer 2 · 2015-04-03T09:17:01.000Z

Thanks. Lets hope it's fixed in new ver. My gpg is 1.4.7, which one is used for encryption, I assume. I have also gpg2 (2.0.4) installed, but it seems not used by gpgme. On decryption side gpg 2.0.14 shows same output (as pasted in the first message).

Answer 3 · 2018-10-30T22:13:29.000Z

This may be related to "suggested embedded filenames". GPG can be invoked with:

--set-filename string Use string as the filename which is stored inside messages. This overrides the default, which is to use the actual filename of the file being encrypted. Using the empty string for string effectively removes the filename from the output.
--use-embedded-filename/--no-use-embedded-filename Try to create a file with a name as embedded in the data. This can be a dangerous option as it enables overwriting files. Defaults to no.

When I encrypt a buffer, and not a file on disk, then give the gpg-encrypted file to others who use a different gpg client (in this case a GUI tool on Windows), their client defaults to using the embedded filename, which is apparently always the file descriptor "-&14" in my case. They changed the default behavior by changing the option to "ignore embedded suggested filenames" and now they get what you'd expect, which is the gpg file's file name, minus the .gpg or .asc extension. This latter approach seems to be the default in most command line gpg clients, so I never ran into this problem before.

My personal problem is solved, but I'm now trying to figure out how I can invoke the --set-filename via gpgme so even if they don't have the default option changed, they'll still get the right output file name

Answer 4 · 2018-10-31T09:48:31.000Z

Indeed, the relevant function gpgme_data_set_file_name is not exported from the ruby interface. A PR adding it would be appreciated.

Answer 5 · 2018-10-31T17:05:37.000Z

@ueno does #99 not expose it? I just noticed that PR and it's associated issue

Answer 6 · 2018-11-01T10:03:04.000Z

Oh indeed, my working copy was outdated. So if you have 2.0.16 installed you should be able to set it with GPGME::Data#file_name=.

Answer 7 · 2019-01-15T18:46:49.000Z

is there a way to set the file name or a name for encryption?

crypto = GPGME::Crypto.new
options = @options
data = crypto.encrypt byte_array, options
data.file_name=('sample_file_name')


Such that the output file has a name? When the encrypted string is written to a file? For example:

gpg --list-packets outt.gpg

:literal data packet:
	mode b (62), created 1547573148, name="",
	raw data: 23 bytes

Answer 8 · 2019-08-15T23:37:25.000Z

@adet4ever if you set data.file_name = embedded_name the gpg client has the option of using that embedded_name or doing something like just removing .gpg off the end of the original file name. So, in the end, you can only suggest the output filename, it's up to the gpg client/user to decide what to actually call it