KGPG editor decrypt fails if > 3 recipients

Version: 1.2.2 (using KDE KDE 3.5.3)
Installed from: Ubuntu Packages
OS: Linux

If a message encrypted to several recipients is pasted into (or opened in) the KGPG editor; KGPG seems to try only the first 3 keys. It asks for the password for each of the first 3 keys then fails. When you start clicking cancel to close the multiple password windows the application crashes.

I believe KGPG should first determine if the the user actually has any secret keys that will decrypt the message, then ask for only the password for the correct key.

Thanks,

Lance

Hello,

could you explain how I can reproduce this issue ?

I have gpg 1.4.6 and kgpg 1.2.2

I tried but can't reproduce this problem.
My steps:
- i go to the editor
- i write something
- i click "encrypt"
- i select more than 3 recipients
- there are two cases : the option "Hide user id" is selected or is not selected

First case: "Hide user id" is NOT selected
When I want to decrypt, gpg will automatically detect if I have a secret key that will decrypt the message (because all userid are stored in the encrypted message)
If I have a good key, kgpg asks me to give the password and decrypt the message.
If I don't have any key, kgpg will fail.

Second case: "Hide user id" is selected
When I want to decrypt the message, gpg will try with every secret keys in my keyring until it can decrypt the message.

Thanks

Created attachment 21516
error message

For some reason the message portion of the above attachment was discarded, here is a repost:

The behavior seems to have changed since it was first reported, something must have upgraded. Now it does appear to work sometimes. Other times kgpg correctly identifies the message as having been encrypted to my key & asks for my passphrase 3 times very quickly, without waiting for a reply. When this happens I receive the error message above (MISSING_PASSPHRASE).

When entering passphrase or closing the 3 passphrase windows, kgpg usually crashes.

I suggest you subscribe to the public PGP chat group, http://groups.yahoo.com/group/PGPNET/

You will be able to collect several examples of pgp encrypted messages that are encrypted to well over a dozen people using various OpenPGP programs. You should be able to see that some work in kgpg, but others do not. These are not bad postings...they decrypt using enigmail (and the exact same version of GnuPG).

I don't know enough what to look for, but something is different about some messages. It seems dependent on what software or settings the sender has chosen, as the same senders' messages usually (always?) crash. Certain algorithms? Certain hashes?

Thanks,

Lance

OK,

I think I've got a resolution...You're not gonna believe this:

Normally, plain text following the encrypted message is ignored; it's just left there to be read either before or after the decryption takes place.

For some reason I can't explain, the YahooGroups trailing text crashes kgpg!

the bad text follows this line & starts with some blank lines:

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/PGPNET/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/PGPNET/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:<email address hidden>
    mailto:<email address hidden>

<*> To unsubscribe from this group, send an email to:
    <email address hidden>

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Hi, i'm not able to crash kgpg. :(

If i copy/past this encrypted message:
http://tech.groups.yahoo.com/group/PGPNET/message/14116
kgpg doesn't crash.

I have tried with some other encrypted messages.

If I add the YahooGroups trailing text, kgpg doesn't crash.

What should i do ?
Thanks :)

Created attachment 21527
this crashes kgpg from clipboard, but not from HD file.

You're right, there is more going on here than just trailing text: This
message I received today (from that same group), crashes kgpg when I click
"decrypt from keyboard" but decrypts fine when saved to hard drive and opened
from there by clicking it.
Some other messages decrypt fine using "decrypt from keyboard". Unfortunately,
I don't know if you can learn anything looking at this file, as it's not
encrypted to your key.

OK,

Regarding the http://tech.groups.yahoo.com/group/PGPNET/message/14116 text:

If save it to desktop and click to open, kgpg properly asks for my passphrase & writes a decrypted version to desktop.

However, if I highlight the message and copy to the clipboard; then right-click kgpg in the tray an choose "Decrypt Clipboard"; kgpg asks 3 times for my passphrase (quickly), then crashes.

Lance

Is this issue still present?

Unfortunately I can't answer that:

As most distros have gone to KDE4, I found it unusable on older, smaller video cards like gForce2 or embedded Intel video, which I have. This is compounded by Debian & Ubuntu both ditching proprietary drivers for poor substitutes, like Nouveau, which don't enable hardware acceleration. I've been stuck using gnome, against my will, for about a year now.

Thank you for the bug report.

As this report hasn't seen any changes in 5 years or more, we ask if you can please confirm that the issue still persists.

If this bug is no longer persisting or relevant please change the status to resolved.