From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id iGQZBK5QUWTQswAASxT56A (envelope-from ) for ; Tue, 02 May 2023 20:04:30 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id iAz+A65QUWRP8AAAauVa8A (envelope-from ) for ; Tue, 02 May 2023 20:04:30 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 848C0A8E2 for ; Tue, 2 May 2023 20:04:29 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ptuLp-0000Dr-Mi; Tue, 02 May 2023 14:03:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ptuLn-0000DT-Jx for emacs-orgmode@gnu.org; Tue, 02 May 2023 14:03:43 -0400 Received: from [2409:8a28:6038:2b80:52d2:f5ff:fe16:c591] (helo=Mac-mini.local) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ptuLk-00067N-LA for emacs-orgmode@gnu.org; Tue, 02 May 2023 14:03:43 -0400 Received: by Mac-mini.local (Postfix, from userid 501) id D70AA8ACDE25; Wed, 3 May 2023 02:03:32 +0800 (CST) References: <87pm7lyvdd.fsf@localhost> <87jzxsqyme.fsf@localhost> <874jow8eaf.fsf@localhost> <871qk08bwi.fsf@localhost> <87jzxrdjyn.fsf@localhost> User-agent: mu4e 1.10.3; emacs 30.0.50 From: "Christopher M. Miles" To: Ihor Radchenko Cc: "Christopher M. Miles" , emacs-orgmode@gnu.org, Karl Voit Subject: Re: [EasyPG (epa)] Emacs can't save modified encrypted file Date: Wed, 03 May 2023 01:38:06 +0800 In-reply-to: <87jzxrdjyn.fsf@localhost> Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Host-Lookup-Failed: Reverse DNS lookup failed for 2409:8a28:6038:2b80:52d2:f5ff:fe16:c591 (deferred) Received-SPF: softfail client-ip=2409:8a28:6038:2b80:52d2:f5ff:fe16:c591; envelope-from=numbchild@gmail.com; helo=Mac-mini.local X-Spam_score_int: 25 X-Spam_score: 2.5 X-Spam_bar: ++ X-Spam_report: (2.5 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, MSGID_MULTIPLE_AT=1, NML_ADSP_CUSTOM_MED=0.9, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, SPOOFED_FREEMAIL_NO_RDNS=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: numbchild@gmail.com Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1683050669; a=rsa-sha256; cv=none; b=QXPlWtNCPEkzOd3QLPhwZdWd7sg0AsjwRw/FkbGzScKS/ImC5yvoTdfpHxfxEnf+TzTcp0 JQIq+NAyqZQp5VNX2+/vqJ5gyJXuIFjPjzmITV6Y6tbVGqWWACMAiDPz4PmMAmG7IpCx4N zElq6TLG+X5pfs6KA+mWxuXATiC2XGZuI0nGF2ik9a43C1CNgNGKXnfvbvK+E2PyPLbm1N KX24OwbnzjfWSpnDRc5qHhA84nhWYzaXn2GeO1Bpkk5JbDe0NENPrdqZ2q2l9XM/UqmeNN D5YE5ljeVlOuEyJ3D9o8ubgxSrXFrtj1tWQjnDSCKEuWo6p5vNo3p1QVfJspIw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1683050669; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=MDHW/J9sIjT22jExTMvG+NYoi6b7LYJCTziSYPaonao=; b=W10kXbxdKfDfCPyeO7jqsS0A3GNtUjon5v0YanBcFwL2cxlmEE0xXuJyBwMBXCe5mZEyaD bXbRxCwVSr5hKf+AQM7qJmH8RdOf8D1lgCYA11Q7LbqFRcY3nJnDmrrtZokVbLK96AnwWR Z9BumdS6lVRAk0cTDK1nocmUAqqQHW2+jugj1V9stFoeJ2Rh7oAX0Cx/INuaCzhB7H0p9r VUb0Ok3O5NY0ELfUbXkSmiMaAQlcwewL35xEoEndU07AGvE2lZY3Tv0yNaAope8YF1rsXD w7THW47hsJwDbmKK1p0r0ToZIRLTM4CYy6TFdqs5rLxUcmtiUSH3jj7x4Gt3Jw== X-Migadu-Spam-Score: -2.00 X-Spam-Score: -2.00 X-Migadu-Queue-Id: 848C0A8E2 X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-TUID: EkFvSCUDOwjm --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Ihor Radchenko writes: > "Christopher M. Miles" writes: > >> I downgrade gnupg, then the problem solved. But the downgrade version is >> very old (gnupg@2.4.1 -> gnupg@2.2.41). I suspend problem is somewhere >> else, like Emacs interaction with GnuPG process. > > Do you have any issues decrypting and encrypting files from command > line? If no, what about from M-x shell? If yet no, what if you call gpg > via `start-process'? > =2D [X] test decrypt & encrypt in terminal with gpg command. -> works fine. =2D [X] test decrypt & encrypt in Emacs =3D[M-x shell]=3D with gpg command.= -> works fine. #+begin_example bash-5.2$ bash-5.2$=20 bash-5.2$ pwd=20 /Users/stardiviner/.config/emacs/secrets bash-5.2$ gpg -d authinfo.gpg > authinfo=20 gpg: encrypted with rsa2048 key, ID 0251FA6886EB6B77, created 2015-01-31 "stardiviner (numbchild@gmail.com) " gpg: encrypted with rsa2048 key, ID AEDA8A17BB08B786, created 2012-03-02 "Christopher Miles (stardiviner, numbchild) " gpg: using "F09F650D7D674819892591401B5DF1C95AE89AC3" as default secret k= ey for signing bash-5.2$ ls=20 accounts.json.gpg authinfo authinfo.gpg bash-5.2$=20 #+end_example =2D [X] test decrypt & encrypt in Emacs with ~start-process~ -> works fine #+begin_src emacs-lisp :dir "~/.config/emacs/secrets/" :results output (let ((output-buffer "*gnupg-decrypt*")) (pwd) (when (get-buffer output-buffer) (with-current-buffer (get-buffer output-buffer) (erase-buffer))) (start-process "gnupg-testing" output-buffer "gpg" "--decrypt" "authinfo.gpg" ;; ">" "authinfo" ) (sleep-for 2) (print (with-current-buffer (get-buffer output-buffer) (buffer-substring-no-properties (point-min) (point-max))))) #+end_src >> 4. I press =3D[C-g]=3D to quit got following stacktrace: >> >> #+begin_example >> Debugger entered--Lisp error: (quit) >> accept-process-output(# 1) > > This certainly looks like gpg itself is waiting for something and Emacs > is waiting for gpg... > >> When I save modified "=3D~/.config/emacs/secrets/authinfo.gpg=3D", got p= rompt: >> >> #+begin_example >> Untrusted key AEDA8A17BB08B786 Christopher Miles (stardiviner, numbchild= ) . Use anyway? (y or n) >> #+end_example > >> If I input "n" for prompt: >> >> #+begin_example >> Debugger entered--Lisp error: (file-error "Opening output file" "Encrypt= failed" "Unusable public key: B8C4B8E547C32433 (key not tru...") > > This reminds me of https://orgmode.org/list/2023-01-22T18-32-17@devnull.K= arl-Voit.at > CC-ing Karl as he might be interested to join this discussion. > His error indeed same with mine. I have read email and check my private key. Here is my private key info: Check out my private key info: #+begin_src sh # gpg -K gpg --list-secret-keys --verbose --with-subkey-fingerprints #+end_src #+RESULTS[(2023-05-03 01:41:09) 80ae7b09060704481af2e01ae6f6086262d4a05c]: #+begin_example /Users/stardiviner/.gnupg/pubring.kbx =2D------------------------------------ sec rsa2048 2015-01-31 [SC] F09F650D7D674819892591401B5DF1C95AE89AC3 uid [ultimate] stardiviner (numbchild@gmail.com) uid [ultimate] stardiviner (Christopher Miles) uid [ultimate] [jpeg image of size 3384] ssb rsa2048 2015-01-31 [E] 32A8581A6E137ABD26DA2F570251FA6886EB6B77 #+end_example >> - [X] find bellowing two key ID belongs where >> >> Untrusted key "AEDA8A17BB08B786" ---> fingerprint "0DEF7425E79FE2E0090B4= 24BAEDA8A17BB08B786" --> my old key >> ((invalid-recipient (reason . 10) (requested . "B8C4B8E547C32433"))) -->= "F09F650D7D674819892591401B5DF1C95AE89AC3" --> my current new gnupg key >> >> Question: I don't know why my current gnupg key and old gnupg key are to= gether. >> >> Here is my Emacs EasyPG (epa) config: >> >> #+begin_src emacs-lisp >> (use-package epa >> ;; force Emacs to use its own internal password prompt instead of an e= xternal >> ;; pinentry program. >> :preface (setenv "GPG_AGENT_INFO" nil) > > I do not use this setting on my side and simply stick to gtk password > prompt. > I check my pinentry on macOS. Found package "pinentry-mac" installed by Homebrew. Then I use it as pinentry-program in "gpg-agent.conf" config file. Then I tested by remove upper (setenv "GPG_AGENT_INFO" nil) line. Restart Emacs still same problem. Then I disable my "epa" config, restart Emacs, still same problem. > Not sure if it is of any help, but on my side I used > https://wiki.gentoo.org/wiki/GnuPG for GPG configuration. That wiki > page is rather detailed - you might find some clues. > > Also, my gpg config, for reference > https://github.com/yantar92/emacs-config/blob/master/system-config.org#gpg Thanks for sharing helpful links. I read whole page of Gentoo wiki of GnuPG. I have not found clue about my problem. I Googled more similar search query keywords. Still no clue. Paste my gpg.conf here for reference: #+begin_src conf default-recipient stardiviner require-cross-certification charset utf-8 keyserver hkp://keys.gnupg.net auto-key-retrieve pinentry-mode loopback default-key F09F650D7D674819892591401B5DF1C95AE89AC3 encrypt-to 32A8581A6E137ABD26DA2F570251FA6886EB6B77 # default-key 1B5DF1C95AE89AC3 # encrypt-to 0251FA6886EB6B77 # gpg-agent use-agent cert-digest-algo SHA256 no-emit-version no-comments personal-cipher-preferences AES AES256 AES192 CAST5 personal-digest-preferences SHA256 SHA512 SHA384 SHA224 ignore-time-conflict allow-freeform-uid #+end_src =2D-=20 [ stardiviner ] I try to make every word tell the meaning that I want to express without mi= sunderstanding. Blog: https://stardiviner.github.io/ IRC(libera.chat, freenode): stardiviner, Matrix: stardiviner GPG: F09F650D7D674819892591401B5DF1C95AE89AC3 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8J9lDX1nSBmJJZFAG13xyVromsMFAmRRUHQACgkQG13xyVro msPK7wf+IGqM9sVzXk6a4NKg87jiXmWsqtY3KZEVivXutfgksLreiWDPxT4KEO0V A6bisOpSj7GN7knwnipNkZgKhQ6EE6Xc82BJrgNJRyWOcfz12WfPf1Q/nKu7v/IC NNNXUnQW3CkZf/Abadyd0klKTkgCLVFN05bEGjq0XSJozj5hclr8nf8CRsPug9mJ ICuJy8zVmQJjv2SMJrsZHdHoBNIcieNLeFjIP9WIuhVE6NDXRPRKUpp9HJehrYwJ SKseTTlalj1kb3zcZd28PSO19UM8epgckw19I3TC7v4gZOhIPCR5EBM3pVxpjkrm ttI/NTUL0LGz/WaAOXvXHFCWazGA0g== =OvJZ -----END PGP SIGNATURE----- --=-=-=--