* org-crypt fails if default key is expired while non-default key is to be used
@ 2023-01-22 17:41 Karl Voit
2023-01-23 10:16 ` Ihor Radchenko
0 siblings, 1 reply; 9+ messages in thread
From: Karl Voit @ 2023-01-22 17:41 UTC (permalink / raw)
To: emacs-orgmode
Hi,
I think I've found a bug with org-crypt:
Org mode version 9.5.5 (release_9.5.5 @
/home/vk/src/external_compilations/emacs/lisp/org/)
GNU Emacs 28.2 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.33,
cairo version 1.16.0) of 2023-01-09
SUMMARY:
org-crypt fails to encrypt when org-encrypt-entry is set to a
different key than the default openpgp key and the default key is
expired.
BACKGROUND:
My setup involves an openpgp-key which is specifically used for
org-crypt. This key is not my default key A1234567 which I'm using
for encrypting and singing emails and such.
org-crypt-key is set to this secondary key, let's call it
org-openpgp-key. So the org-crypt setup is correct in that sense
that org-mode should not care about other keys than my
org-openpgp-key.
However, I've had the situation where the default openpgp key
expired on a machine. Please note that my org-openpgp-key did not
expire.
When I invoked org-decrypt-entry, decrypting works like always. Then
I modified something in this heading which is tagged with :crypt:.
On saving that buffer, org-crypt issues an error message:
| Error: (error "GPG error: \"Encrypt failed\", \"Unusable public key:
| A1234567; Exit\"")
This A1234567 key is my default key and not the org-openpgp-key.
org-encrypt-entry is causing this error at:
| ;; Text and key have to be identical, otherwise we
| ;; re-crypt.
| (if (and (equal crypt-key key)
| (string= checksum (sha1 contents)))
| (get-text-property 0 'org-crypt-text contents)
| (epg-encrypt-string epg-context contents crypt-key)))
After fixing the expiry date of A1234567, org-crypt was working
properly, using the correct org-openpgp-key again.
I do think this is wrong behavior: when the default key is expired
but a specific secondary key is used, encryption should be possible.
--
get mail|git|SVN|photos|postings|SMS|phonecalls|RSS|CSV|XML into Org-mode:
> get Memacs from https://github.com/novoid/Memacs <
Personal Information Management > http://Karl-Voit.at/tags/pim/
Emacs-related > http://Karl-Voit.at/tags/emacs/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: org-crypt fails if default key is expired while non-default key is to be used
2023-01-22 17:41 org-crypt fails if default key is expired while non-default key is to be used Karl Voit
@ 2023-01-23 10:16 ` Ihor Radchenko
2023-01-23 14:58 ` Karl Voit
0 siblings, 1 reply; 9+ messages in thread
From: Ihor Radchenko @ 2023-01-23 10:16 UTC (permalink / raw)
To: Karl Voit; +Cc: emacs-orgmode
Karl Voit <devnull@Karl-Voit.at> writes:
> When I invoked org-decrypt-entry, decrypting works like always. Then
> I modified something in this heading which is tagged with :crypt:.
> On saving that buffer, org-crypt issues an error message:
>
> | Error: (error "GPG error: \"Encrypt failed\", \"Unusable public key:
> | A1234567; Exit\"")
>
> This A1234567 key is my default key and not the org-openpgp-key.
>
> org-encrypt-entry is causing this error at:
>
> | ;; Text and key have to be identical, otherwise we
> | ;; re-crypt.
> | (if (and (equal crypt-key key)
> | (string= checksum (sha1 contents)))
> | (get-text-property 0 'org-crypt-text contents)
> | (epg-encrypt-string epg-context contents crypt-key)))
>
> After fixing the expiry date of A1234567, org-crypt was working
> properly, using the correct org-openpgp-key again.
>
> I do think this is wrong behavior: when the default key is expired
> but a specific secondary key is used, encryption should be possible.
All we do here is calling `epg-encrypt-string' with crypt key obtained
using `org-crypt-key-for-heading', which see.
May I know how exactly did you set `org-crypt-key'? Do you happen to
have CRYPTKEY properties somewhere in your buffer?
--
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: org-crypt fails if default key is expired while non-default key is to be used
2023-01-23 10:16 ` Ihor Radchenko
@ 2023-01-23 14:58 ` Karl Voit
2023-01-24 9:14 ` Ihor Radchenko
0 siblings, 1 reply; 9+ messages in thread
From: Karl Voit @ 2023-01-23 14:58 UTC (permalink / raw)
To: emacs-orgmode
Hi Ihor,
* Ihor Radchenko <yantar92@posteo.net> wrote:
> Karl Voit <devnull@Karl-Voit.at> writes:
>
>> When I invoked org-decrypt-entry, decrypting works like always. Then
>> I modified something in this heading which is tagged with :crypt:.
>> On saving that buffer, org-crypt issues an error message:
>>
>> | Error: (error "GPG error: \"Encrypt failed\", \"Unusable public key:
>> | A1234567; Exit\"")
>>
>> This A1234567 key is my default key and not the org-openpgp-key.
>>
>> org-encrypt-entry is causing this error at:
>>
>> | ;; Text and key have to be identical, otherwise we
>> | ;; re-crypt.
>> | (if (and (equal crypt-key key)
>> | (string= checksum (sha1 contents)))
>> | (get-text-property 0 'org-crypt-text contents)
>> | (epg-encrypt-string epg-context contents crypt-key)))
>>
>> After fixing the expiry date of A1234567, org-crypt was working
>> properly, using the correct org-openpgp-key again.
>>
>> I do think this is wrong behavior: when the default key is expired
>> but a specific secondary key is used, encryption should be possible.
>
> All we do here is calling `epg-encrypt-string' with crypt key obtained
> using `org-crypt-key-for-heading', which see.
>
> May I know how exactly did you set `org-crypt-key'? Do you happen to
> have CRYPTKEY properties somewhere in your buffer?
Sure. My config is on
https://github.com/novoid/dot-emacs/blob/master/config.org and I've
set it with:
(setq org-crypt-key "ABC12345") ;; I may have to mask this online as well ;-)
: grep -i CRYPTKEY *
... is empty when applied to my Org-mode files.
The only thing to fix my situation was to re-import a non-expired
version of my default OpenPGP sec key.
--
get mail|git|SVN|photos|postings|SMS|phonecalls|RSS|CSV|XML into Org-mode:
> get Memacs from https://github.com/novoid/Memacs <
Personal Information Management > http://Karl-Voit.at/tags/pim/
Emacs-related > http://Karl-Voit.at/tags/emacs/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: org-crypt fails if default key is expired while non-default key is to be used
2023-01-23 14:58 ` Karl Voit
@ 2023-01-24 9:14 ` Ihor Radchenko
2023-01-29 17:37 ` Karl Voit
0 siblings, 1 reply; 9+ messages in thread
From: Ihor Radchenko @ 2023-01-24 9:14 UTC (permalink / raw)
To: Karl Voit; +Cc: emacs-orgmode
Karl Voit <devnull@Karl-Voit.at> writes:
>> May I know how exactly did you set `org-crypt-key'? Do you happen to
>> have CRYPTKEY properties somewhere in your buffer?
>
> Sure. My config is on
> https://github.com/novoid/dot-emacs/blob/master/config.org and I've
> set it with:
>
> (setq org-crypt-key "ABC12345") ;; I may have to mask this online as well ;-)
What is the return value of
(epg-list-keys (epg-make-context nil t t) org-crypt-key)
?
Does it show the right key?
--
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: org-crypt fails if default key is expired while non-default key is to be used
2023-01-24 9:14 ` Ihor Radchenko
@ 2023-01-29 17:37 ` Karl Voit
2023-01-30 13:53 ` Ihor Radchenko
0 siblings, 1 reply; 9+ messages in thread
From: Karl Voit @ 2023-01-29 17:37 UTC (permalink / raw)
To: emacs-orgmode
Hi Ihor,
* Ihor Radchenko <yantar92@posteo.net> wrote:
> Karl Voit <devnull@Karl-Voit.at> writes:
>
>>> May I know how exactly did you set `org-crypt-key'? Do you happen to
>>> have CRYPTKEY properties somewhere in your buffer?
>>
>> Sure. My config is on
>> https://github.com/novoid/dot-emacs/blob/master/config.org and I've
>> set it with:
>>
>> (setq org-crypt-key "ABC12345") ;; I may have to mask this online as well ;-)
>
> What is the return value of
>
> (epg-list-keys (epg-make-context nil t t) org-crypt-key)
>
> ?
>
> Does it show the right key?
It shows:
(#s(epg-key ultimate
(#s(epg-sub-key ultimate ... nil 1 4096 "ABC12345" 1515327255 nil "AAAAAAAA...ABC12345")
#s(epg-sub-key ultimate ... nil 1 4096 "FFFFFFF" 1515327255 nil "FFFF.FFFFFFFF"))
(#s(epg-user-id ultimate "Karl Voit (Internal key for orgmode) <ABC12345@Karl-Voit.at>" nil))))
... with ABC12345 being the correct key for org-crypt and FFFFFFF being my
default OpenPGP key.
--
get mail|git|SVN|photos|postings|SMS|phonecalls|RSS|CSV|XML into Org-mode:
> get Memacs from https://github.com/novoid/Memacs <
Personal Information Management > http://Karl-Voit.at/tags/pim/
Emacs-related > http://Karl-Voit.at/tags/emacs/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: org-crypt fails if default key is expired while non-default key is to be used
2023-01-29 17:37 ` Karl Voit
@ 2023-01-30 13:53 ` Ihor Radchenko
2023-01-30 22:00 ` Karl Voit
0 siblings, 1 reply; 9+ messages in thread
From: Ihor Radchenko @ 2023-01-30 13:53 UTC (permalink / raw)
To: Karl Voit; +Cc: emacs-orgmode
Karl Voit <devnull@Karl-Voit.at> writes:
>> What is the return value of
>>
>> (epg-list-keys (epg-make-context nil t t) org-crypt-key)
>>
>> ?
>>
>> Does it show the right key?
>
> It shows:
>
> (#s(epg-key ultimate
> (#s(epg-sub-key ultimate ... nil 1 4096 "ABC12345" 1515327255 nil "AAAAAAAA...ABC12345")
> #s(epg-sub-key ultimate ... nil 1 4096 "FFFFFFF" 1515327255 nil "FFFF.FFFFFFFF"))
> (#s(epg-user-id ultimate "Karl Voit (Internal key for orgmode) <ABC12345@Karl-Voit.at>" nil))))
>
> ... with ABC12345 being the correct key for org-crypt and FFFFFFF being my
> default OpenPGP key.
Ok. What about
(let ((context (epg-make-context nil t t)))
(epg-decrypt-string context (epg-encrypt-string context "test" (epg-list-keys context org-crypt-key))))
--
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: org-crypt fails if default key is expired while non-default key is to be used
2023-01-30 13:53 ` Ihor Radchenko
@ 2023-01-30 22:00 ` Karl Voit
2023-01-31 10:32 ` Ihor Radchenko
0 siblings, 1 reply; 9+ messages in thread
From: Karl Voit @ 2023-01-30 22:00 UTC (permalink / raw)
To: emacs-orgmode
Hi Ihor,
* Ihor Radchenko <yantar92@posteo.net> wrote:
> Karl Voit <devnull@Karl-Voit.at> writes:
>
>>> What is the return value of
>>>
>>> (epg-list-keys (epg-make-context nil t t) org-crypt-key)
>>>
>>> ?
>>>
>>> Does it show the right key?
>>
>> It shows:
>>
>> (#s(epg-key ultimate
>> (#s(epg-sub-key ultimate ... nil 1 4096 "ABC12345" 1515327255 nil "AAAAAAAA...ABC12345")
>> #s(epg-sub-key ultimate ... nil 1 4096 "FFFFFFF" 1515327255 nil "FFFF.FFFFFFFF"))
>> (#s(epg-user-id ultimate "Karl Voit (Internal key for orgmode) <ABC12345@Karl-Voit.at>" nil))))
>>
>> ... with ABC12345 being the correct key for org-crypt and FFFFFFF being my
>> default OpenPGP key.
>
> Ok. What about
>
> (let ((context (epg-make-context nil t t)))
> (epg-decrypt-string context (epg-encrypt-string context "test" (epg-list-keys context org-crypt-key))))
>
It asks me for the passphrase of the orgmode key (the correct one)
and prints out "test".
--
get mail|git|SVN|photos|postings|SMS|phonecalls|RSS|CSV|XML into Org-mode:
> get Memacs from https://github.com/novoid/Memacs <
Personal Information Management > http://Karl-Voit.at/tags/pim/
Emacs-related > http://Karl-Voit.at/tags/emacs/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: org-crypt fails if default key is expired while non-default key is to be used
2023-01-30 22:00 ` Karl Voit
@ 2023-01-31 10:32 ` Ihor Radchenko
2023-04-18 13:28 ` Karl Voit
0 siblings, 1 reply; 9+ messages in thread
From: Ihor Radchenko @ 2023-01-31 10:32 UTC (permalink / raw)
To: Karl Voit; +Cc: emacs-orgmode
Karl Voit <devnull@Karl-Voit.at> writes:
>> Ok. What about
>>
>> (let ((context (epg-make-context nil t t)))
>> (epg-decrypt-string context (epg-encrypt-string context "test" (epg-list-keys context org-crypt-key))))
>>
>
> It asks me for the passphrase of the orgmode key (the correct one)
> and prints out "test".
We just followed what org-crypt does... And you see no error.
I have no more ideas how to investigate the original failure without a
reproducer.
--
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: org-crypt fails if default key is expired while non-default key is to be used
2023-01-31 10:32 ` Ihor Radchenko
@ 2023-04-18 13:28 ` Karl Voit
0 siblings, 0 replies; 9+ messages in thread
From: Karl Voit @ 2023-04-18 13:28 UTC (permalink / raw)
To: emacs-orgmode
* Ihor Radchenko <yantar92@posteo.net> wrote:
> Karl Voit <devnull@Karl-Voit.at> writes:
>
>>> Ok. What about
>>>
>>> (let ((context (epg-make-context nil t t)))
>>> (epg-decrypt-string context (epg-encrypt-string context "test" (epg-list-keys context org-crypt-key))))
>>>
>>
>> It asks me for the passphrase of the orgmode key (the correct one)
>> and prints out "test".
>
> We just followed what org-crypt does... And you see no error.
> I have no more ideas how to investigate the original failure without a
> reproducer.
Fully understand. If it was an issue that was caused just by me, the
better. Thanks for investing into that issue or non-issue anyway!
--
get mail|git|SVN|photos|postings|SMS|phonecalls|RSS|CSV|XML into Org-mode:
> get Memacs from https://github.com/novoid/Memacs <
Personal Information Management > http://Karl-Voit.at/tags/pim/
Emacs-related > http://Karl-Voit.at/tags/emacs/
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-04-18 13:29 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-22 17:41 org-crypt fails if default key is expired while non-default key is to be used Karl Voit
2023-01-23 10:16 ` Ihor Radchenko
2023-01-23 14:58 ` Karl Voit
2023-01-24 9:14 ` Ihor Radchenko
2023-01-29 17:37 ` Karl Voit
2023-01-30 13:53 ` Ihor Radchenko
2023-01-30 22:00 ` Karl Voit
2023-01-31 10:32 ` Ihor Radchenko
2023-04-18 13:28 ` Karl Voit
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).