gpa fails to deal with my key: Invalid crypto engine

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

gpa fails to deal with my key: Invalid crypto engine

Jim Meyering
[Also posted here:
  http://wald.intevation.org/forum/forum.php?thread_id=988&forum_id=27

Hello,

gpa appears to be incapable of doing anything with my key.
To demonstrate the problem, run these commands:
(src/gpa was just built from git on Fedora 15: gpa-0.9.0-15-g71cfe73)

    gpg --keyring test --import \
      <(wget -O - http://meyering.net/key/000BEEEE.gpg)
    src/gpa --keyring=test

The main window appears, but also a "GPA Error" window, which says:

    The GPGME library returned an unexpected
    error. The error was:

    Invalid crypto engine

    This is probably a bug in GPA.
    GPA will now try to recover this error.

    CLOSE

When I hit the CLOSE button, that window
disappears, but it is immediately replaced by
an identical one.  That means I can never (afaik)
manage to use the main window.

_______________________________________________
Gpa-dev mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpa fails to deal with my key: Invalid crypto engine

Werner Koch
Hi,

just a few quick comments for now:

On Sat,  3 Sep 2011 10:26, [hidden email] said:

>     gpg --keyring test --import \
>       <(wget -O - http://meyering.net/key/000BEEEE.gpg)

  gpg --keyring test --fetch-key http://meyering.net/key/000BEEEE.gpg

is easier ;-)

>     src/gpa --keyring=test

GPA does not support --keyring with a value.  --keyring merely means to
start with the key manager.

>     The GPGME library returned an unexpected
>     error. The error was:

To debug this you may do

  GPGME_DEBUG=9:/foo/gpgme.log src/gpa --keyring

watch out for gpg started with --version.



Shalom-Salam,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gpa-dev mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpa fails to deal with my key: Invalid crypto engine

Jim Meyering
Werner Koch wrote:

> just a few quick comments for now:
>
> On Sat,  3 Sep 2011 10:26, [hidden email] said:
>
>>     gpg --keyring test --import \
>>       <(wget -O - http://meyering.net/key/000BEEEE.gpg)
>
>   gpg --keyring test --fetch-key http://meyering.net/key/000BEEEE.gpg
>
> is easier ;-)
And more portable ;-)
Thanks!

>>     src/gpa --keyring=test
>
> GPA does not support --keyring with a value.  --keyring merely means to
> start with the key manager.
>
>>     The GPGME library returned an unexpected
>>     error. The error was:
>
> To debug this you may do
>
>   GPGME_DEBUG=9:/foo/gpgme.log src/gpa --keyring
>
> watch out for gpg started with --version.
Thanks.
It reports gpg2, which is gnupg2-2.0.17-1.fc15.x86_64

Here's a reproducer that imports into an empty $HOME and .gnupg directory:

    #!/bin/sh
    d=$(mktemp -d)
    echo $d
    mkdir -p $d/.gnupg
    export HOME=$d

    gpg --fetch-key http://meyering.net/key/000BEEEE.gpg

    # Or wherever you have gpa cloned
    GPGME_DEBUG=9:/foo/gpgme.log ~/w/gpa/src/gpa

Here's the full log:


_______________________________________________
Gpa-dev mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gpa-dev

gpgme.log.gz (20K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpa fails to deal with my key: Invalid crypto engine

Werner Koch
On Sun,  4 Sep 2011 10:49, [hidden email] said:

> Here's a reproducer that imports into an empty $HOME and .gnupg directory:
>
>     #!/bin/sh
>     d=$(mktemp -d)
>     echo $d
>     mkdir -p $d/.gnupg
>     export HOME=$d

That makes X non working on my system.  Thus I used GNUPGHOME for a
quick test. I found no problem with my current installation - however
this is 2.1 and not 2.0.17.  I better test it on a plain amd64 box - but
not today.

> Here's the full log:

I can't spot an obvious problem.  Debugging gpa might be easier for me.


Shalom-Salam,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gpa-dev mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpa fails to deal with my key: Invalid crypto engine

Jim Meyering
Werner Koch wrote:

> On Sun,  4 Sep 2011 10:49, [hidden email] said:
>
>> Here's a reproducer that imports into an empty $HOME and .gnupg directory:
>>
>>     #!/bin/sh
>>     d=$(mktemp -d)
>>     echo $d
>>     mkdir -p $d/.gnupg
>>     export HOME=$d
>
> That makes X non working on my system.  Thus I used GNUPGHOME for a
> quick test. I found no problem with my current installation - however
> this is 2.1 and not 2.0.17.  I better test it on a plain amd64 box - but
> not today.
>
>> Here's the full log:
>
> I can't spot an obvious problem.  Debugging gpa might be easier for me.

Did you manage to reproduce the failure?

I've just built gnupg using the latest of all of these from git:

    gnupg
    libassuan
    libgpg-error
    libgcrypt
    libksba

(with the caveat that I had to work around a build failure due to
 libgcrypt's recent removal of gcry_md_start_debug, as I've just
 posted to gnupg-devel)

Even with that, I still end up with the pesky undismissable
"GPA error" dialog.

For the record, gpg2 now reports this:

    $ gpg2 --version
    gpg (GnuPG) 2.1.0-git0dcf517
    libgcrypt 1.6.0-gitba71277

_______________________________________________
Gpa-dev mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpa fails to deal with my key: Invalid crypto engine

Werner Koch
On Mon, 19 Sep 2011 21:22, [hidden email] said:

> Did you manage to reproduce the failure?

No.  I tried to reproduce but it worked (Debian Sid on x86).

>     gnupg
>     libassuan
>     libgpg-error
>     libgcrypt
>     libksba

I use the same except for Libgcrypt which is 1.5.0 due to the ABI
change.  But that is not the problem.
>
> Even with that, I still end up with the pesky undismissable
> "GPA error" dialog.

>From the log:

 gpgme_set_protocol: enter: ctx=0x9d9600, protocol=1 (CMS)
 gpgme_set_protocol: check: ctx=0x9d9600, releasing ctx->engine=0x958ae0
 gpgme_set_protocol: leave
 gpgme_op_keylist_start: enter: ctx=0x9d9600, pattern=(null), secret_only=1
 gpgme_op_keylist_start: error: Invalid crypto engine <GPGME>

Do you have any X.509 key?  I have not tested without.  Let's try to set

  cms_hack = 1; /* CMS is now always enabled.  */

in gpa/src/gpa.c to 0.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gpa-dev mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpa fails to deal with my key: Invalid crypto engine

Jim Meyering
Werner Koch wrote:

> On Mon, 19 Sep 2011 21:22, [hidden email] said:
>
>> Did you manage to reproduce the failure?
>
> No.  I tried to reproduce but it worked (Debian Sid on x86).
>
>>     gnupg
>>     libassuan
>>     libgpg-error
>>     libgcrypt
>>     libksba
>
> I use the same except for Libgcrypt which is 1.5.0 due to the ABI
> change.  But that is not the problem.
>>
>> Even with that, I still end up with the pesky undismissable
>> "GPA error" dialog.
>
>>From the log:
>
>  gpgme_set_protocol: enter: ctx=0x9d9600, protocol=1 (CMS)
>  gpgme_set_protocol: check: ctx=0x9d9600, releasing ctx->engine=0x958ae0
>  gpgme_set_protocol: leave
>  gpgme_op_keylist_start: enter: ctx=0x9d9600, pattern=(null), secret_only=1
>  gpgme_op_keylist_start: error: Invalid crypto engine <GPGME>
>
> Do you have any X.509 key?

No.

That you always use one makes me wonder.
Would you recommend doing so, in general?

> I have not tested without.  Let's try to set
>
>   cms_hack = 1; /* CMS is now always enabled.  */
>
> in gpa/src/gpa.c to 0.

I made that change, recompiled gpa, and now it works.
Thanks!

_______________________________________________
Gpa-dev mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpa fails to deal with my key: Invalid crypto engine

Werner Koch
On Tue, 20 Sep 2011 10:38, [hidden email] said:

> That you always use one makes me wonder.

I don't use it really.  However I have a couple of test keys and I also
store SSL server keys with gpgsm.

> Would you recommend doing so, in general?

No.

> I made that change, recompiled gpa, and now it works.
> Thanks!

I'll look into this.  This is probably a long standing bug.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gpa-dev mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpa fails to deal with my key: Invalid crypto engine

Werner Koch
On Tue, 20 Sep 2011 11:46, [hidden email] said:

> I'll look into this.  This is probably a long standing bug.

Fixed.


    Detect a uninstalled GPGSM
   
    Without GPGSM being installed we ran into an endless loop of warning
    about invalid engines.  With this change we detect it and disable the
    X.509 support.  Also added an option to disable X.509 on the command
    line or via the conf file.



Shalom-Salam,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gpa-dev mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpa fails to deal with my key: Invalid crypto engine

Jim Meyering
Werner Koch wrote:

> On Tue, 20 Sep 2011 11:46, [hidden email] said:
>
>> I'll look into this.  This is probably a long standing bug.
>
> Fixed.
>
>
>     Detect a uninstalled GPGSM
>
>     Without GPGSM being installed we ran into an endless loop of warning
>     about invalid engines.  With this change we detect it and disable the
>     X.509 support.  Also added an option to disable X.509 on the command
>     line or via the conf file.

Quick service.  Thank you!

_______________________________________________
Gpa-dev mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Loading...