Roundcubemail: Enigma: Decryption failed. Private key not found.

Created on 5 Aug 2018  路  13Comments  路  Source: roundcube/roundcubemail

Now I'm fairly certain this _might_ have been brought up before, But if so I didn't see anything specifically pertaining to this.

If I'm User A, with my key pair and User B's public key in my keyring. My key pair ID starts with 6D2.
User B also has their key pair and my public key in their keyring.

When I attempt to send them an encrypted message, it's decrypted. When they attempt to send _me_ an encrypted message in reply, I'm told no private key with ID "EBB07C0B" exists. We both check, all the key IDs match on both sides and nowhere is this apparent private key to be found.

Further investigaton: I emailed _myself_ an encrypted message, and that also failed to decrypt. But copying the raw data and putting it through gpg2 locally has it out just fine. Also generating a new key pair on the server produces the same result, so I have a feeling it's not as simple as having an invalid key pair.

Is this an actual issue here, or have I just forgot something blatantly obvious?

need feedback

All 13 comments

You say it works with command line with the same keyring? Enable enigma_debug and provide the log (for the moment when you send the message and when you open it). What Roundcube/Enigma/gpg version?

Of course I forgot something that basic. One moment...

Command line (working) gpg: gpg (GnuPG) 2.1.11
Server gpg (From armored mail header): GnuPG v2.0.22 (GNU/Linux)

Roundcube: 1.3.6

Enigma (from composer.json): 0.7

enigma_debug log: enigma.txt

Note: While reaching back to retrieve the failing message, _unlike before_, I was asked for my key passphrase and then it decrypted correctly.

So the issue seems to be less of an invalid key and more of it not correctly asking for a password. As for what caused it to start, I don't know.

Passphrase handling on gpg 2.0 is cumbersome, that's not the best version for use. Anyway, it looks like maybe we do not handle "missing passphrase" case properly in some cases. Here, indeed the result is:

ERROR: gpg: encrypted with 4096-bit RSA key, ID CA54AB6F, created 2018-04-29
ERROR:       "Jackson W (StorageBay GitLab) <[email protected]>"
ERROR: gpg: public key decryption failed: Bad passphrase
ERROR: gpg: decryption failed: No secret key

I guess "No secret key" error gets more prio than "Bad passphrase" or sth like that. I'd have to verify, but I don't have gnupg 2.0 box for testing so it may take some time.

Last thing, what Crypt_GPG version? I remember some fixes around that issue in 1.6.0.

Looks like Crypt_GPG version 1.6.2. And unfortunately I don't see any updates to gpg in CentOS 7, so should I force it to use gpg 1.5.3 instead?

There's no such version of gnupg as 1.5.x

You.... Yeah, you're right. I was reading a line off. (this.NeedCoffee is definitely at true)
_Not_ reading something else says.... Machine only has 2.0, gpg is an alias for gpg2.

Please, re-check that you don't have some old Crypt_GPG version somewhere in the system. This really sounds like a fixed bug. Check /usr/share/php/PEAR and in Roundcube's vendor folder.

/usr/share/php/PEAR: No such file or directory:

Roundcube vendor folder: 1.6.2

Doing a system search for GPG.php shows only one location, the vendor folder.

I reviewed the debug again. This is a strange issue. I can't reproduce with gnupg 2.1. I have no clue. Could you try with this patch?

--- a/Crypt/GPG/ProcessHandler.php
+++ b/Crypt/GPG/ProcessHandler.php
@@ -916,7 +916,7 @@ class Crypt_GPG_ProcessHandler
                 }

                 if ($_keyId === $keyId) {
-                    $passphrase = $pass;
+                    $passphrase = (string) $pass;
                     break;
                 }
             }

What PHP version?

PHP version 5.4.16.

Patch:

patching file Crypt/GPG/ProcessHandler.php
Hunk #1 succeeded at 911 (offset -5 lines).

Unfortunately I'm unable to directly test this at the moment because now I'm _correctly_ prompted for the password, unlike before.

As of this time I'm no longer being prompted for a password, and "Private key not found" is back.

Nearly two months later and I'm seeing no trace of this. Whatever caused it before seems to have disappeared completely. Marking as closed.

Was this page helpful?
0 / 5 - 0 ratings