Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 234986 - app-crypt/seahorse-2.22.3: passwords containing "%s" followed by anything are improperly handled
Summary: app-crypt/seahorse-2.22.3: passwords containing "%s" followed by anything are...
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] GNOME (show other bugs)
Hardware: AMD64 Linux
: High major (vote)
Assignee: Gentoo Linux Gnome Desktop Team
URL: http://bugzilla.gnome.org/show_bug.cg...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-08-17 06:02 UTC by Jeremy Bopp
Modified: 2011-04-03 11:41 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Bopp 2008-08-17 06:02:29 UTC 
Actually, if the password contains "%" followed by any *two* characters, i.e. "%sf" or "%vd", you will not be able to use seahorse to decrypt a private PGP key that was originally encrypted with gpg.  This means that you cannot change the key's password using seahorse nor can you use seahorse-agent to fetch your private key for signing text, etc.  If the private key is created or otherwise encrypted with seahorse using one of these passwords, gpg will not be able to decrypt the private key.

Reproducible: Always

Steps to Reproduce:
1. Create a new public/private key pair using gpg as follows:
   GPG_AGENT_INFO="" gpg --gen-key
2. Accept defaults for key type and key size, enter some user name, etc.
3. For the password enter "%ss".
4. Start seahorse and attempt to change the password for the new key.

Actual Results:  
No matter what password you enter, you will always receive an invalid password response.

Expected Results:  
Entering "%ss" as the password should allow you to go about changing the password on the new key.

It's possible to turn around the presented scenario and create a public/private keypair using seahorse and a password as specified.  gpg will be unable to decrypt the key using that password even though seahorse will be able to do so.  It's also possible to use seahorse to change the password on an existing key (as long as the password does not have the bad form) to a password which gpg will not be able to use to decrypt the key.

Basically, it looks like the password dialogs for seahorse are malfunctioning.
Comment 1 Gilles Dartiguelongue (RETIRED) gentoo-dev 2008-08-17 09:29:53 UTC 
nice analysis, could you report this upstream ?
Comment 2 Jeremy Bopp 2008-08-17 15:21:29 UTC 
Upstream defect reported: http://bugzilla.gnome.org/show_bug.cgi?id=548136.
Comment 3 Rémi Cardona (RETIRED) gentoo-dev 2008-08-18 06:19:16 UTC 
I've CCed us on the upstream bug, we'll track it there. Thanks for reporting
Comment 4 Gilles Dartiguelongue (RETIRED) gentoo-dev 2009-07-09 22:23:44 UTC 
upstream is in need of an update. Please try with 2.26 and tell them how it goes.
Comment 5 Märt Bakhoff 2010-01-22 16:20:32 UTC 
Hello. 

It seems the problem still persists. I'm using x86_64 with the following packages and am getting the exact same errors: 'Incorrect passphrase; please try again'. 
app-crypt/gnupg-2.0.14
app-crypt/gpgme-1.2.0
app-crypt/seahorse-2.28.1

Please try to reproduce with passphrase aaa%aaa

NB this does not happen in ubuntu 9.10
Comment 6 Dirk Salewski 2011-03-16 05:51:36 UTC 
One year later: 

x86_64
app-crypt/gnupg-2.0.17
app-crypt/gpgme-1.3.0
app-crypt/seahorse-2.32.0

The problem persists. Upstream closed that bug since no other reporters were found. Could anyone reproduce this and help me convince upstream?
Comment 7 Pacho Ramos gentoo-dev 2011-03-17 09:42:12 UTC 
Upstream cannot reproduce, please reply in upstream bug to:
https://bugzilla.gnome.org/show_bug.cgi?id=548136#c17
Comment 8 Pacho Ramos gentoo-dev 2011-04-03 11:41:28 UTC 
Will track upstream directly for now