GPGME::Error::BadPassphrase when using decrypt without pinentry dialog box

Question

GPGME::Error::BadPassphrase when using decrypt without pinentry dialog box

Opened this issue 9 years ago · 3 comments

Steps to reproduce:
Run bundle exec rails c
Run the following
crypto = GPGME::Crypto.new :armor=>true
decrypted_object = crypto.decrypt(encrypted_data, :password => my_password)
The Pinentry Mac dialog box appears as expected
Copy my password from my_password and paste into dialog box.
Text is decrypted as expected.
Exit the rails console.
Open up ~/.gnupg/gpg-agent.conf
and add
pinentry-program /usr/bin/pinentry-curses
to avoid having that dialog box come up
Save and close
Run echo RELOADAGENT | gpg-connect-agent to load the change
Run bundle exec rails c
run the following (same as above)
crypto = GPGME::Crypto.new :armor=>true
decrypted_object = crypto.decrypt(encrypted_data, :password => my_password)
Now I get the error:
GPGME::Error::BadPassphrase: GPGME::Error::BadPassphrase
from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/ctx.rb:398:in decrypt_verify' from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/crypto.rb:172:inblock in decrypt'
from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/ctx.rb:71:in new' from /Users/USERNAME/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/gpgme-2.0.8/lib/gpgme/crypto.rb:170:indecrypt'

Research indicates I'm using an incompatible version of gnupg, i.e. 2.0., however:
gpg --version gives:
gpg (GnuPG) 1.4.19
Home: ~/.gnupg
and gpg2 --version gives:
gpg (GnuPG) 2.1.4
libgcrypt 1.6.3
Home: ~/.gnupg

And finally, GPGME::Engine.info gives:

GPGME::EngineInfo:0x007fe4b8e8d2e0 @protocol=0, @file_name="/usr/local/bin/gpg2", @Version="2.1.4", @req_version="1.4.0",

GPGME::EngineInfo:0x007fe4b8e8d218 @protocol=1, @file_name="/usr/local/bin/gpgsm", @Version="2.1.4", @req_version="2.0.4",

GPGME::EngineInfo:0x007fe4b8e8d178 @protocol=2, @file_name="/usr/local/bin/gpgconf", @Version="2.1.4", @req_version="2.0.4",

GPGME::EngineInfo:0x007fe4b8e8d0d8 @protocol=3, @file_name="/Users/jevans/.gnupg/S.gpg-agent", @Version="1.0", @req_version="1.0", @home_dir="!GPG_AGENT",

GPGME::EngineInfo:0x007fe4b8e8d010 @protocol=6, @file_name="/nonexistent", @Version="1.0", @req_version="1.0"

Other info:
Mac 10.10.3
Installed GPG Tools - GPG Suite Beta 6 (gnupg 2.0.27)
Installed gpg2 via make
Installed gpg 1.4 via brew

Soo.....Any guidance on how to use the passphrase via the script rather than via the dialog box?

Answer 1 · 2015-06-05T01:18:11.000Z

does pinentry-curses work if you run gpg2 from the command line?
anyway, if you are using GnuPG 2.1, you can try loopback pinentry:

$ echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf

in your program:

plain = crypto.decrypt(cipher, {
                         :pinentry_mode => GPGME::PINENTRY_MODE_LOOPBACK,
                         :password => 'test'
                       })

Answer 2 · 2015-06-05T19:45:50.000Z

Thank you for the quick response. I made the modifications you suggested and
had there same issue.
At that point I drank too much coffee, uninstalled gpg and gpg2 and just
installed gpg 1.4 and used 2.0.4 of the gem.
I then got an engine error and fixed that by creating a symlink from
/bin/local/gpg to /bin/local/gpg2

And then it worked! The script I¹m working on is going to be in production
for a short time so this works for me. Thanks again.
Jim Evans
Intoximeters
2081 Craig Road | St. Louis, MO 63146 | (314) 429-4000 x207 |
http://www.intox.com http://www.intox.com/

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
or proprietary information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient,
immediately contact the sender by reply e-mail and destroy all copies of the
original message.

From: Daiki Ueno notifications@github.com
Reply-To: ueno/ruby-gpgme
<reply+00aa6294013ee8b011cefc83ea753d591e0e9e93c798680292cf000000011188bad59
2a169ce0512b664@reply.github.com>
Date: Thursday, June 4, 2015 at 8:18 PM
To: ueno/ruby-gpgme ruby-gpgme@noreply.github.com
Cc: Jim Evans jevans@intoxitrack.net
Subject: Re: [ruby-gpgme] GPGME::Error::BadPassphrase when using decrypt
without pinentry dialog box (#64)

does pinentry-curses work if you run gpg2 from the command line?
anyway, if you are using GnuPG 2.1, you can try loopback pinentry:

$ echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf
in your program:

plain = crypto.decrypt(cipher, {
:pinentry_mode => GPGME::PINENTRY_MODE_LOOPBACK,
:password => 'test'
})
�
Reply to this email directly or view it on GitHub
#64 (comment) .

Answer 3 · 2016-03-20T14:54:18.000Z

There is a way to prevent the pinentry completely if using gpg.exe 1.4.
The reason it uses the pinentry is because gpg4win is installed else where and when your copy of gpgme executes it finds gpgconf.exe and then uses the stupid pinentry instead of the callback. If you find gpgconf.exe and delete it that will prevent pinentry agent from executing.
If you use gpg2.exe AKA the modern version this won't work.