Announcement

Collapse
No announcement yet.

KGpg: how to make it ask for the pass-phrase twice.

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    KGpg: how to make it ask for the pass-phrase twice.

    Hello:

    Although I've been using GPG with the console command and the Enigmail plug-in of Thunderbird for a long time, today I've used KGpg for first time. I've checked that, when you encrypt a file using a symmetric key algorithm, it asks for a pass-phrase only once. It doesn't ask you to re-enter the pass-phrase to check that it's effectively what you wanted to enter. I consider this behaviour dangerous, because you might enter a wrong pass-phrase and be unable to decrypt the file some time later.

    Is there a way to force KGpg to ask for the pass-phrase twice?

    Thank you!

    #2
    It isn't necessary. The pass-phrase you type is checked against the key you originally created.
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    Comment


      #3
      Originally posted by Snowhog View Post
      It isn't necessary. The pass-phrase you type is checked against the key you originally created.
      I believe that you haven't understood me. I'm referring to the symmetric encryption type, in which you simply set a pass-phrase for a file, which has no relation with the private and public keys that you may have created before. It's just a password to decrypt the file. To use it, you must click on a file with the right button and choose "Encrypt file". Then go to "Options > Symmetrical encryption". This creates an encrypted file.

      Thank you .

      Comment


        #4
        Hm. It's working here.

        File context menu -> Actions -> Encrypt file




        Click Options, select Symmetrical encryption


        Password prompt from PinEntry


        Repeat password prompt from PinEntry


        Result -- encrypted file


        Are these the same steps you're following?

        Comment


          #5
          Yes, that's exactly what I've been doing. When I do that, a request window like this one shows up:



          But it appears only once. Then, the encrypted file is created without the possibility to confirm the pass-phrase one more time.

          When I use the "gpg" command, the pass-phrase is always requested to me twice, so I guess that it's not the fault of some parameter of GPG. It has to be something related to KGpg specifically. The version that I'm using is 2.12.1, which comes from the official Ubuntu 14.04.2 repository.

          Thank you.

          PS: In my Kubuntu 14.04.2, the option "Encrypt File" appears directly in the context menu, not under "Actions". I doubt that's really relevant, but anyway I comment it.
          Last edited by negora; Mar 17, 2015, 01:58 AM.

          Comment


            #6
            Hm. In your case, KGpg is prompting for the passphrase. On mine, it's PinEntry. What's the output of
            Code:
            dpkg -l | egrep 'gpg|gnupg|pinentry'

            Comment


              #7
              The output of your command is as follows:

              Code:
              ii  gnupg                 1.4.16-1ubuntu2.1     amd64   GNU privacy guard - a free PGP replacement
              ii  gnupg-agent           2.0.22-3ubuntu1.1     amd64   GNU privacy guard - password agent
              ii  gnupg2                2.0.22-3ubuntu1.1     amd64   GNU privacy guard - a free PGP replacement (new v2.x)
              ii  gpgsm                 2.0.22-3ubuntu1.1     amd64   GNU privacy guard - S/MIME version
              ii  gpgv                  1.4.16-1ubuntu2.1     amd64   GNU privacy guard - signature verification tool
              ii  kgpg                  4:4.13.2-0ubuntu0.1   amd64   graphical front end for GNU Privacy Guard
              ii  libgpg-error0:amd64   1.12-0.2ubuntu1       amd64   library for common error values and messages in GnuPG components
              ii  libgpg-error0:i386    1.12-0.2ubuntu1       i386    library for common error values and messages in GnuPG components
              ii  libgpgme++2           4:4.13.3-0ubuntu0.2   amd64   c++ wrapper library for gpgme
              ii  libgpgme11:amd64      1.4.3-0.1ubuntu5.1    amd64   GPGME - GnuPG Made Easy (library)
              ii  libkpgp4              4:4.13.3-0ubuntu0.1   amd64   gpg based crypto library
              ii  libqgpgme1            4:4.13.3-0ubuntu0.2   amd64   library for GpgME++ integration with Qt
              ii  pinentry-qt4          0.8.3-1ubuntu1        amd64   Qt-4-based PIN or pass-phrase entry dialog for GnuPG
              When I run this command in the console:

              Code:
              gpg -c <path-of-file-to-encrypt>
              It asks me for the pass-phrase twice:

              Code:
              Enter passphrase:
              Repeat passphrase:
              It also mentions the word "passphrase" instead of "PIN" or "password". Anyway, all these terms mean approximately the same thing, Right?

              When it asks me for the pass-phrase, I enter a random password. Anything that I enter is OK, as long as the repeated pass-phrase is equal to the first one (obviously). This pass-phrase is not related to the pass-phrase of my private key, because I'm using one that is totally different.

              Thank you!
              Last edited by SteveRiley; Mar 18, 2015, 08:35 PM.

              Comment


                #8
                I've just tested all this in a Kubuntu 14.04.1 that I had installed in VirtualBox, and KGpg has prompted for the pass-phrase twice. But it has called it "passphrase" too, not "PIN" :S .

                The output of dpkg -l | egrep 'gpg|gnupg|pinentry' in this case is:

                Code:
                ii  gnupg                                      1.4.16-1ubuntu2.1                     i386         GNU privacy guard - a free PGP replacement
                ii  gnupg-agent                                2.0.22-3ubuntu1.1                     i386         GNU privacy guard - password agent
                ii  gnupg2                                     2.0.22-3ubuntu1.1                     i386         GNU privacy guard - a free PGP replacement (new v2.x)
                ii  gpgsm                                      2.0.22-3ubuntu1.1                     i386         GNU privacy guard - S/MIME version
                ii  gpgv                                       1.4.16-1ubuntu2.1                     i386         GNU privacy guard - signature verification tool
                ii  kgpg                                       4:4.13.2-0ubuntu0.1                   i386         graphical front end for GNU Privacy Guard
                ii  libgpg-error0:i386                         1.12-0.2ubuntu1                       i386         library for common error values and messages in GnuPG components
                ii  libgpgme++2                                4:4.13.3-0ubuntu0.2                   i386         c++ wrapper library for gpgme
                ii  libgpgme11:i386                            1.4.3-0.1ubuntu5.1                    i386         GPGME - GnuPG Made Easy (library)
                ii  libkpgp4                                   4:4.13.3-0ubuntu0.1                   i386         gpg based crypto library
                ii  libqgpgme1                                 4:4.13.3-0ubuntu0.2                   i386         library for GpgME++ integration with Qt
                ii  pinentry-qt4                               0.8.3-1ubuntu1                        i386         Qt-4-based PIN or pass-phrase entry dialog for GnuPG
                I've updated the packages of this virtual machine to their latest versions, and it's still working fine. Now I'm going to do more tests in my physical machine and check if something changes :/ .
                Last edited by negora; Mar 17, 2015, 12:09 PM.

                Comment


                  #9
                  OK, after lots of tests, I think that I've found the cause. If you configure the file ~/.gnupg/gpg.conf with the option "use-agent", it asks for the pass-phrase twice. It's the default option. However, my configuration file was empty, so it was not using the agent. In this case, I guess that KGpg was using its own mechanism, which doesn't ask for the pass-phrase twice, but only once. I don't know why it works that way, but I still believe that's risky. I suppose that no one has realized about it because most people use the agent. I'll think that I'll fill a bug report.

                  I also have realized that the new versions of KGpg complain when you haven't got the ~/.gnupg/ directory created beforehand:



                  In my opinion, if the directory doesn't exist, KGpg should create the directory by itself, just as "gpg" does by default. Otherwise, less experienced users will need to mess with the command line. What do you opine?

                  Salutes.

                  PD: I've created 2 bug reports, one for each issue:
                  Bug 345296 - When you don't use "gpg-agent", KGpg asks for the pass-phrase only once in symmetric encryptions.
                  Bug 345298 - KGpg complains when you haven't created the ~/.gnupg/ directory beforehand.
                  Last edited by negora; Mar 18, 2015, 03:58 AM.

                  Comment


                    #10
                    Interesting. In my case, PinEntry is asking for the passphrase, not KGpg. According to various sources revealed by Google, that's standard behavior when the GPG agent is running. So it would seem that without the GPG agent, KGpg relies on itself for obtaining the passphrase. I agree with you, it should prompt twice.

                    Comment

                    Working...
                    X