Bugzilla Bug 159870

gnupg-2.0.1-r2 seems to break compatibility with old key files:

$ gpg -vv test.gpg
:pubkey enc packet: version 3, algo 1, keyid 0123456789ABCDEF
        data: [1024 bits]
gpg: public key is 98765432
gpg: protection algorithm 1 (IDEA) is not supported
:encrypted data packet:
        length: 30
gpg: encrypted with 1024-bit RSA key, ID 98765432, created 1995-05-02
      "Abcd Efgh <ijk@domain.invalid>"
gpg: public key decryption failed: Invalid cipher algorithm
gpg: decryption failed: No secret key

With gnupg-1.4.6, everything used to work fine.


$ emerge --info
Portage 2.1.2_rc4-r5 (default-linux/x86/2006.1/desktop, gcc-4.1.1,
glibc-2.5-r0, 2.6.19-gentoo-r2 i686)
=================================================================
System uname: 2.6.19-gentoo-r2 i686 Intel(R) Pentium(R) M processor 1.73GHz
Gentoo Base System version 1.12.8
Last Sync: Wed, 03 Jan 2007 16:00:03 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.4.4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.19
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium-m -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib/fax /usr/share/X11/xkb
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/ /var/spool/fax/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=pentium-m -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://mirrors.sec.informatik.tu-darmstadt.de/gentoo
http://gentoo.osuosl.org http://gentoo.inode.at"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/ulm /usr/portage/local/layman/sunrise
/usr/portage/local/layman/a1 /usr/portage/local/layman/xeffects"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X Xaw3d aalib acpi alsa amr asf berkdb bitmap-fonts bzip2 cairo caps
cdparanoia cdr cli clisp cracklib crypt dbus directfb dlloader dri dvd dvdr eds
emacs emacs-w3 emboss encode exif expat fam fbcon ffmpeg firefox fortran gcj
gdbm gif glitz glut gnome gpm gstreamer gtk gtkhtml guile iconv idea ieee1394
imap ipv6 irda isdnlog java jbig jpeg libcaca libg++ logrotate mad mikmod mmx
mng motif mozbranding mp3 mpeg ncurses nls nocd nptl nptlonly nsplugin
offensive ogg opengl oss pcmcia pcre pdf perl png postgres ppds pppd python qt3
qt4 quicktime readline real recode reflection sdl session skey sox spell spl
sse sse2 ssl tcpd tetex tiff truetype truetype-fonts type1-fonts udev unicode
userlocales vorbis wifi win32codecs x86 xml xorg xv zlib" ALSA_CARDS="ali5451
als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938
es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx
via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop
empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi
null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard
mouse synaptics" KERNEL="linux" USERLAND="GNU" VIDEO_CARDS="fbdev i810 vesa
vga"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS

Right.
IDEA is not supported by gcrypt.
I could not find any patch to add idea support into gcrypt.
I will continue looking.

alonbl:
here is IDEA support for libgcrypt
http://www.kfwebs.net/articles/article/42/GnuPG-2.0---IDEA-support

It was discussed on the gnupg-devel mailing list.

Thanks!
I had to do some modification to this patch, did not work as-is it couldn't
have worked...

But it should be OK now, please add idea USE flag to libgcrypt and try it out.

I can't emerge world now, and I suspect that this somehow migt be responsible
for that. (But I might be wrong also, I don't know enough about ebuilds)

When I do

  sudo emerge -DuavN --with-bdeps y world

I get 

These are the packages that would be merged, in order:

Calculating world dependencies... done!
Traceback (most recent call last):
  File "/usr/bin/emerge", line 5254, in ?
    retval = emerge_main()
  File "/usr/bin/emerge", line 5249, in emerge_main
    myopts, myaction, myfiles, spinner)
  File "/usr/bin/emerge", line 4605, in action_build
    mydepgraph.display(
  File "/usr/bin/emerge", line 2472, in display
    debug=self.edebug)
  File "/usr/lib/portage/pym/portage.py", line 5748, in getfetchsizes
    myuris, myfiles = self.getfetchlist(mypkg,useflags=useflags)
  File "/usr/lib/portage/pym/portage.py", line 5725, in getfetchlist
    myurilist = portage_dep.use_reduce(myurilist,uselist=useflags,matchall=all)
  File "/usr/lib/portage/pym/portage_dep.py", line 193, in use_reduce
    additions = use_reduce(target, uselist, masklist, matchall, excludeall)
  File "/usr/lib/portage/pym/portage_dep.py", line 200, in use_reduce
    raise portage_exception.InvalidDependString(
portage_exception.InvalidDependString: "Conditional without parenthesis:
'idea?'"

This is my 'emerge --info'

Portage 2.1.2_rc4-r5 (default-linux/x86/2006.1/desktop, gcc-4.1.1,
glibc-2.5-r0, 2.6.19-gentoo-r2 i686)
=================================================================
System uname: 2.6.19-gentoo-r2 i686 AMD Athlon(tm) MP 2000+
Gentoo Base System version 1.13.0_alpha10
Last Sync: Thu, 04 Jan 2007 20:50:01 +0000
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.4.4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.19
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O3 -march=athlon-mp"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O3 -march=athlon-mp"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox sfperms
strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="sv_SE.utf8"
LINGUAS="sv"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X Xaw3d alsa ao apache2 audiofile berkdb bitmap-fonts
bonobo bzip2 bzlib cairo caps cdda cddb cdio cdparanoia cdr cdrom chroot cli
crypt curl dba dbus dlloader dri dvd dvdr dvdread eds emacs emboss encode esd
fam firefox flac fluidsynth fortran ftp gcj gd gdbm gif glx gnome gphoto2
gstreamer gtk gtk2 gtkhtml hal iconv idea imagemagick imap innodb isdnlog
ithreads jack java jikes jpeg kde libg++ mad mbox mikmod mime mmx mmxext mng
motif mozilla mp3 mpeg musicbrainz ncurses net network nls noamazon nptl
nptlonly nsplugin offensive ogg oggvorbis opengl pcre pda pdf perl plotutils
png postgres ppds pppd python qt4 quicktime radeon readline real reflection sdl
session sndfile sox spell spl sse ssl svg tcltk tcpd threads tiff timidity
truetype truetype-fonts type1-fonts udev unicode usb userlocales utf8
visualization vorbis win32codecs x86 xfs xine xinerama xml xml2 xorg xosd xpm
xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci
emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m
maestro3 trident usb-audio via82xx via82xx-modem ymfpci"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file
hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route
share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux"
LINGUAS="sv" USERLAND="GNU" VIDEO_CARDS="fbdev radeon fglrx"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS

Just one more little bit of info

I just removed the file
/usr/portage/dev-libs/libgcrypt/libgcrypt-1.2.3-r1.ebuild

And now I can emerge world again.

There is a missing set of parentheses around the idea srource:
 !bindist? ( idea? (mirror://gentoo/${P}-idea.diff.bz2 ))

(In reply to comment #3)
> But it should be OK now, please add idea USE flag to libgcrypt and try it out.

There is no more message about the unsupported IDEA algorithm. But the program
now complains that the passphrase would be wrong. (I have _definitely_ used the
correct passphrase and I have double checked this.)

$ gpg -vv test.gpg 
:pubkey enc packet: version 3, algo 1, keyid 0123456789ABCDEF
        data: [1024 bits]
gpg: public key is 98765432

You need a passphrase to unlock the secret key for
user: "Xxx Yyy <zzz@domain.invalid>"
1024-bit RSA key, ID 98765432, created 1995-05-02

gpg: no running gpg-agent - starting one
gpg: DBG: connection to agent established
gpg: Invalid passphrase; please try again ...

[repeated two times]

:encrypted data packet:
        length: 32
gpg: encrypted with 1024-bit RSA key, ID 98765432, created 1995-05-02
      "Xxx Yyy <zzz@domain.invalid>"
gpg: public key decryption failed: Bad passphrase
gpg: decryption failed: No secret key

Again, gnupg-1.4.6 has no problem with this file/key/passphrase.

hmm, I'll have to look into that. 

btw, the workaround is to remove the passphrase from the key, it works then,
but obviously not when the key is protected itself. 

Ok. will have to much around in gnupg / libgcrypt to fix this at a later point.
Let me just say that this is not related to the IDEA package, but errors out
before that. Easiest way to debug that is to do a gpg --show-session-key
--homedir . -vv file.pgp using gpg 1.4 and get the session key, like gpg:
session key: `1:9E1805541D862FBAAABBF1BABBF4F589' that you can throw into the
libgcrypt addon as gpg2 --override-session-key
1:9E1805541D862FBAAABBF1BABBF4F589 --homedir . -vv file.pgp

a gpg --verson will give Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA while gpg2
--version Pubkey: RSA, ELG, DSA, ELG . It is not a problem of password hashing
differences, as it then would function if setting the password in gpg 2 in the
first place (removing the password in pgp 2 or gnupg 1.4)

I tried to re-encrypt the key using gnupg 1.4 gpg --s2k-cipher-algo=Blowfish
--s2k-digest-algo=sha1 --compress-algo=1 --homedir . --edit-key test , but it
still bugs out. 

Historically key decryption has been handled by gnupg and the unencrypted key
is  used by libgcrypt. the issue is probably either the un-encryption of the
key in gnupg, although I would have presumed in this case that re-encrypting
the secret key using gnupg1.4 would have fixed it. so I'm starting to wonder if
the troublemaker is RSA, with reference to the differences in the --version .

Anyone that is more familiar to gnupg that have an insight?

Hmmm....
Thanks for the description!

From libgcrypt

./src/gcrypt.h:
enum gcry_pk_algos
  {
    GCRY_PK_RSA = 1,
    GCRY_PK_RSA_E = 2,      /* deprecated */
    GCRY_PK_RSA_S = 3,      /* deprecated */
    GCRY_PK_ELG_E = 16,     /* use only for OpenPGP */
    GCRY_PK_DSA   = 17,
    GCRY_PK_ELG   = 20
  };
cipher/rsa.c:
gcry_pk_spec_t _gcry_pubkey_spec_rsa =
  {
    "RSA", rsa_names,
    "ne", "nedpqu", "a", "s", "n",
    GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,
<snip>

So the RSA_E, RSA_S are not implemented, only previous "RSA" is implemented.
Can you please verify that the key that is not working is part of RSA_E or
RSA_S algorithms?

Please keep in mind though, that if no password is set on the secret key,
everything works. So at least something is implemented. So it has to be related
to decryption of the secret key at one point or another. 

looking at the output from --debug-all across the two versions I notice that
gpg2 comes to +gpg: DBG: parse_packet(iob=1): type=9 length=28
(parse.mainproc.c.1192)
 gpg: encrypted with 1024-bit RSA key, ID AAB61C01, created 2007-01-04
       "test"
+gpg: public key decryption failed: Bad passphrase

while gnupg 1.4.6 goes through -gpg: DBG: iobuf-1.1: push `decode_filter'
-gpg: DBG: iobuf chain: 1.1 `decode_filter' filter_eof=0 start=0 len=0
-gpg: DBG: iobuf chain: 1.0 `file_filter(fd)' filter_eof=0 start=157 len=175
-gpg: DBG: iobuf-1.1: underflow: req=8192
 after -gpg: DBG: parse_packet(iob=1): type=9 length=28 (parse.mainproc.c.1203)

type=9 here represents conventionally encrypted data, id est the secret key.

gpg 1.4.6 does say gpg: DBG: pubkey_decrypt: algo=1 , so that indicate an
ordinary RSA key, not RSA-E. 

Hello All,
Tried to get some help from gnupg mailing list, but got no response...
Can you please try to do this individually? I mean try to get some reply from
upstream/user community?
Thanks!

I tried to get some info from gnupg-devel (
http://lists.gnupg.org/pipermail/gnupg-devel/2007-January/023511.html ). I'm
currently trying to debug it myself by altering the source systematically to
try to find where it errors, but have so far been unsuccessful. 

Again, I would like to mention that everything works if the secret key is not
password protected. Which makes it even more bizarre that it errors when a
password is added to the private key.

Sadly I don't have too much available time, but I'll keep looking for a reason
it fails, as it tickles my curiosity. 

Thanks for your help!

I am curios... Upstream does not support IDEA... Any reason why you all use
this algorithm?

alonbl: upstream doesn't support it because it's patented, but there is a usage
case for it because PGP2.0 uses it, and if you want to interoperate between
GnuPG and PGP2.0, you need it :-(.

There are several existing / old systems using pgp back to version 2.x, not to
mention old emails in my archive encrypted to an old key of mine. I keep the
~/.gnupg folder and the emails in an encrypted volume itself, so I'm not
particulary worried of anyone grabbing the old PGP key (which is only used to
get some archived messages anyways these days), so I can live with it not
having a password I guess.

I still have difficulty believing the problem is with the IDEA part of it all,
if that was the case it wouldn't have worked at all. I tried to eliminate that
option by using another s2k cipher to encrypt the private asymmetric key using
CAST5 instead of IDEA (although it resulted in annoyingly many replies on that
specific element in gnupg-devel ) :p

At this point the motivation is really my annoyance of it not working as I want
it to, though. 

Given that no immediate solution seems to be at hand, would it be possible to
reconsider SLOTting for the gnupg package?

Hello all,

Unfortunately, The original patch author will not fix this problem any soon.

As I have never used IDEA, can someone create a scenario of:
1. Creating IDEA encrypted keys or IDEA keys (gpg1)
2. Testing these keys working (gpg1).
3. Showing the same keys are not working (gpg2).
4. Remove IDEA encryption from key (gpg1), show that works (gpg2).

This will save much time for me.
I have some free time this week-end.

Thanks!

Created an attachment (id=122353) [edit]
Example PGP 2.6.3 public key

Created an attachment (id=122355) [edit]
Example PGP 2.6.3 secret key

(In reply to comment #20)
> As I have never used IDEA, can someone create a scenario of:
> 1. Creating IDEA encrypted keys or IDEA keys (gpg1)

I have attached a key pair, generated with PGP 2.6.3in. Passphrase is "abc"
(without the quotes).

> 2. Testing these keys working (gpg1).
> 3. Showing the same keys are not working (gpg2).

Hm, it's the same messages as in comment #7.

> 4. Remove IDEA encryption from key (gpg1), show that works (gpg2).

I've never done that before, but will try and attach the unencrypted key if I
succeed.

Created an attachment (id=122357) [edit]
Secret key with passphrase removed

This works for decrypting with gpg-2.

Maybe I should summarize the behaviour for gpg 1 and 2, w.r.t. the attached
keys:

- gnupg-1.4.7-r1 works well with all three attached keys.
- gnupg-2.0.4 works with the public key from attachment #122353 [edit].
- gnupg-2.0.4 also works with the secret key from attachment #122357 [edit] where the
  passphrase was removed.
- However, gnupg-2.0.4 does _not_ work with the secret key from
  attachment #122355 [edit]. For this one, it does not accept the passphrase
  (message "invalid passphrase").

Created an attachment (id=122810) [edit]
gnupg-2.0.4-idea.patch

OK... There are two bytes that are part of the checksum but not part of the
key.
So remove them before the key decode seems like a solution.
Can you please check it out with your configuration?

(In reply to comment #26)
> Created an attachment (id=122810) [edit]
> gnupg-2.0.4-idea.patch

Good work!

> OK... There are two bytes that are part of the checksum but not part of the
> key.
> So remove them before the key decode seems like a solution.
> Can you please check it out with your configuration?

Yes, it is functioning nicely with all test cases that I have here.

Great!
Thank you.

Created an attachment (id=147425) [edit]
test.msg

$ GNUPGHOME=. gpg --decrypt < test.msg