Kontact: No possibility to enter en- or decryption passphrase --> "passphrase" is invalid

Bug #278177 reported by H.i.M on 2008-10-04
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
kdepim (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: kontact

Kubuntu 8.10
KDE4.1.2
kontact 1.3
Kmail 1.10.1
Kgpg 2.0.0

When receiving an e-mail, which is encrypted with my public-key, i cant decrypt the message, because no "please enter passphrase"-dialog appears. Only the message, that he cant decrypt because of an invalid passphrase.

Same thing when i want to sign a message. I cant sign it because no dialog to enter the passphrase appears.

This is, for me, security vulnerable.
Greetings H.i.M

H.i.M (hir-i-mogul-gmail) wrote :
^rooker (rooker) wrote :

Similar problem when using a smartcard & Kgpg in konqueror.
Kgpg never asks for the PIN, accesses the smartcard with an empty one - and then returns the error "Decryption failed".

WARNING:
Don't try this more than *once*, since it decreases your PIN-retry counts on your smartcard.

Here's the exact error from Kgpg (with some personal info removed):
<quote>
[GNUPG:] ENC_TO AC75B8B82029EAD6 1 0
gpg: detected reader `SCM SCR 335 (21120819319285) 00 00'
[GNUPG:] CARDCTRL 3 D276000124010101000100000D440000
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1 D276000124010101000100000D440000/87FCE57B5C8CAD7819F607AFAC75B8B82029EAD6
[GNUPG:] GET_HIDDEN passphrase.pin.ask
[GNUPG:] GOT_IT
gpg: PIN for CHV2 is too short; minimum length is 6
[GNUPG:] SC_OP_FAILURE 2
gpg: encrypted with 1024-bit RSA key, ID ********, created 2008-**-**
      "Name of key owner <mail-adress>"
gpg: public key decryption failed: bad passphrase
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
gpg: decryption failed: secret key not available
[GNUPG:] END_DECRYPTION
</quote>

It seems that Kgpg thinks it asked me for a pin? ("GET_HIDDEN passphrase.pin.ask / GOT_IT")

H.i.M (hir-i-mogul-gmail) wrote :

Addendum:

I installed a fresh Kubuntu 8.10 on my notebook.
The problem doesnt exist there. I tried to find out what the error on my fully upgraded apha5 pc is.

1. I copied package list. (all packages, which exists on the notebook, are on my pc too)
2. purged all kgpg, kmail, kontact, gnupg, etc... gpg-related-packages.
3. installed them new. (+kubuntu-desktop)
4. deleted the ".gnupg" folder in my home.
5. looked for any gpg-related configs on the system & removed them
5. made a new user.

Nevertheless the error exists even now.
If anyone has any tip for PLEASE answer!

I really need these pgp-features!

^rooker (rooker) wrote :

@H.i.M:
Just for clarification:
- You write that the problem "does NOT" exist on 8.10 (intrepid).
  (which application versions: kde, kgpg, ...)
- Which kubuntu version are you using that *has* the problem 8.04 (hardy)?

I hope that this won't be another "works with kde4 - won't fix for kde3" bug, because kde3 will be around for a longer time.

H.i.M (hir-i-mogul-gmail) wrote :

I use a fully updated Kubuntu 8.10 (KDE 4.1.3) on two Sytems. My Notebook and my PC.

The problem occurs in Dolphin while decrypting an encrypted file, too.

KDE 4.1.3
Kgpg: 2.0.0
Kontact: 1.3
Kmail: 1.10.3
Dolphin 1.1
pinentry-qt4 0.7.3+svn799201-1ubuntu
libpgp-error0 1.4-2ubuntu7

anything missing? please ask!

H.i.M (hir-i-mogul-gmail) wrote :

Addendum:
1. The Notebook was later installed with Kubuntu 8.10RC1. The PC got Kubunt 8.10 Alpha 5.

2. Both are now fully updated and use the same sources.list.

3. The PC gots all packets the notebook uses.

Greetings H.i.M

Justin Searle (meeas) (meeas) wrote :

I can confirm this problem on a fresh Kubuntu install of 8.10 and that it is still a problem in the new 4.1.3 KDE packages in intrepid-proposed. Here are the current set of packages I have installed.

kgpg 4:4.1.3-0ubuntu1~intrepid1
kontact 4:4.1.3-0ubuntu1~intrepid2
kmail 4:4.1.3-0ubuntu1~intrepid2
dolphin 4:4.1.3-0ubuntu1~intrepid1
pinentry-qt4 0.7.3+svn799201-1ubuntu1
libgpg-error0 1.4-2ubuntu7
libgpgme11 1.1.6-2ubuntu1

Justin Searle (meeas) (meeas) wrote :

I just got mine working, but I don't have time to retest to make sure this is it.

Create a file "~/.gnupg/gpg-agent.conf" with the following text:

pinentry-program /usr/bin/pinentry-qt4
no-grab
default-cache-ttl 1800

Please post back to the but if this works for you.

^rooker (rooker) wrote :

I've tried your workaround, but it fails for kgpg (maybe it works for kontact, though)
However, the "/usr/bin/pinentry-qt4" is called "/usr/bin/pinentry-qt" on kde3 systems.

H.i.M (hir-i-mogul-gmail) wrote :

I 've also tried it. It does'nt work in Kontact1.3, Kmail 1.10.3
Maybe I have to restart a service or reboot the whole machine (like window users do).
This evening (UTC+1) I will compare both the .gnugpg folder on my gpg-working laptop and and non-working-"workstation".
Maybe we'll see a difference.

Greetings H.i.M

seespatz (seespatz) wrote :

You can active "Use GnuPG-Agent" in the the Gpg configuration. Together with creating gpg-agent.con (see above, also give a chmod 600 on it) and a restart of KDE4 it works.

Regards,
SeeSpatz

H.i.M (hir-i-mogul-gmail) wrote :

The Problem is solved!

Finally i dont know which of your great workarounds finally made the job. I already had given it up.
But since a few days it started working again.

thx again@all
H.i.M

That's good to hear. Sounds like this has been fixed upstream. We uploaded KDE4.2beta2 earlier this week so it's likely the fix came with that. If we can get one more confirmation that this is fixed we can close this bug.

H.i.M (hir-i-mogul-gmail) wrote :

Exactly same problem, different Notebook.
Fresh Install Kubuntu 8.10 + KDE 4.1.85, fully updated

KDE 4.1.85
Kontact 1.3
Kmail 1.10.92
Kgpg 4:4.1.85-0ubuntu1~intrepid1~ppa1
pinentry-qt4 0.7.3+svn799201-1ubuntu1

 will try the suggested fixes above now!
- My PC with 4.1.85 works ^^
- The Notebook not...

ScottMiller (stmiller) wrote :

I had to have pinentry-qt4 and pinentry-qt both installed and that fixed it for me.

mrvanes (mrvanes) wrote :

I was affected by this bug in Jaunty (alpha fresh install, gradually updated to current beta1). Changing the pinentry-qt binary reference to pinentry-qt4 in gpg-agent.conf fixed it for me. Too bad this can't be/isn't handled in a global gpg-agent.conf that can be adopted to reflect changes in binary naming...

Ralph Janke (txwikinger) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. We are sorry that we do not always have the capacity to look at all reported bugs in a timely manner.

There have been many changes in Ubuntu since that time you reported the bug and your problem may have been fixed with some of the updates. It would help us a lot if you could test the current Ubuntu version (10.04). If you can test it, and it is still an issue, we would appreciate if you could upload updated logs by running apport-collect <bug #>, and any other logs that are relevant for this particular issue.

Changed in kdepim (Ubuntu):
status: New → Incomplete
Harald Sitter (apachelogger) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as requested in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the "Status" column, and change the status back to "New". Thanks again!

Changed in kdepim (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers