After upgrading app-crypt/gnupg from 2.2.29 to 2.2.30, decrypting a symetrically-encrypted (AES.CFB) .gpg file fails with: gpg -d file.txt.gpg gpg: AES.CFB encrypted data gpg: problem with the agent: End of file gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key This is the case with files encrypted prior to 2.2.30 as well as with that version itself. The problem is with the gpg-agent program. Applying the simple fix at https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=4b2cfec2dc2fd524a4fed6c17bb11e6a7baf15f2 solves the problem. Reproducible: Always
This made one of my systems unbootable, since it is using disk encryption with a GnuPG-encrypted key file. I got a passphrase prompt from pinentry-curses, but after returning the passphrase gpg-agent segfaulted, according to dmesg (which I did not save from the emergency rescue system). After downgrading to 2.2.29 I could boot again.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fa3c6009b4f72fbb63ae44dd1360c74f0b2f6b6 commit 1fa3c6009b4f72fbb63ae44dd1360c74f0b2f6b6 Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-09-17 07:41:31 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-09-17 07:41:31 +0000 app-crypt/gnupg: [QA] drop 2.2.30 * 2.2.30 breaks symmetric encryption Bug: https://bugs.gentoo.org/812668 Signed-off-by: David Seifert <soap@gentoo.org> app-crypt/gnupg/Manifest | 1 - app-crypt/gnupg/gnupg-2.2.30.ebuild | 152 ------------------------------------ 2 files changed, 153 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff7cd1c0ff19f55d94b284fbac72865b504fb8d3 commit ff7cd1c0ff19f55d94b284fbac72865b504fb8d3 Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-09-17 07:41:30 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-09-17 07:41:30 +0000 app-crypt/gnupg: [QA] add 2.2.31 Bug: https://bugs.gentoo.org/812668 Signed-off-by: David Seifert <soap@gentoo.org> app-crypt/gnupg/Manifest | 1 + app-crypt/gnupg/gnupg-2.2.31.ebuild | 152 ++++++++++++++++++++++++++++++++++++ 2 files changed, 153 insertions(+)
(In reply to Karl-Johan Karlsson from comment #1) > This made one of my systems unbootable, since it is using disk encryption > with a GnuPG-encrypted key file. > > I got a passphrase prompt from pinentry-curses, but after returning the > passphrase gpg-agent segfaulted, according to dmesg (which I did not save > from the emergency rescue system). > > After downgrading to 2.2.29 I could boot again. Please test 2.2.31.
(In reply to David Seifert from comment #3) > (In reply to Karl-Johan Karlsson from comment #1) > > This made one of my systems unbootable, since it is using disk encryption > > with a GnuPG-encrypted key file. > > > > I got a passphrase prompt from pinentry-curses, but after returning the > > passphrase gpg-agent segfaulted, according to dmesg (which I did not save > > from the emergency rescue system). > > > > After downgrading to 2.2.29 I could boot again. > > Please test 2.2.31. 2.2.31 (which includes the patch referred to in the link in the original report for this bug) fixes the problem with 2.2.30 for the use case as originally reported.