Bug 130334

Summary: file is reported as not found if passphrase is wrong when opening encrypted file
Product: [Applications] kmymoney Reporter: brad <bkn>
Component: generalAssignee: KMyMoney Devel Mailing List <kmymoney-devel>
Status: CONFIRMED ---    
Severity: wishlist CC: stantontas
Priority: NOR    
Version: git (master)   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:

Description brad 2006-07-06 01:56:24 UTC 
Version:           0.8.2 (using KDE KDE 3.5.3)
Installed from:    Ubuntu Packages
OS:                Linux

Reproduce:
Save file as encrypted. Attempt to open file, enter wrong passphrase or click cancel. A dialog appears saying: File '<kmymoneyfile>.kmy' not found! The same behavior occurs when the user clicks 'Cancel' on the passphrase dialog. 

Problem:
This message leads the user to believe their file doesn't exists when the file does exists. 

Solution:
Change message to something along the lines: "Can't decrypt '<kmymoneyfile>.kmy'"
Comment 1 Thomas Baumgart 2006-07-06 10:21:55 UTC 
Due to the wonderful KIOSlave subsystem, the application does not know at this point, why the operation fails. A possible solution would be to setup the error message before the actual file IO happens as this is where the application still knows about the file contents. Nevertheless, in case of an encrypted file, the message would say that the "file was not found or the passphrase was wrong".

Ideas, suggestions?
Comment 2 brad 2006-07-06 16:45:29 UTC 
I looked at the libkgpgfile.{h,cpp} files. Perhaps you could split the open() call into a few functions diagnostic(), decrypt() and open(). 
   - diagnostic() - check to make sure the gpg is working and test if the file is readable and exists.
   - decrypt() - ask for passphrase and decrypt
   - open() - open the file.

another approach could be to have open() return a masked integer so multiple codes in mask could be returned. 

I also noticed that libkgpgfile uses the gpg executable and anyone sniffing stdin/stdout can grab the passphrase and file contents. why not use the gpgme library?

Also the variable QCString pwd; (libkgpgfile.cpp:174) should be scrambled after it is used. perhaps some pattern random character pattern. 

These last point could be a separate bug. I can enter it as separate bugs if you'd like.
Comment 3 Stan Tontas 2008-09-05 18:26:01 UTC 
Perhaps linked to this, Kmymoney 0.85 on debian stable and KDE 3.5.8 seems unable to save my file when using GPG encryption.

There are no indications of problems when saving, the problem only becomes apparent the next session when the file has not changed from its initial state (i.e. the version I had before starting to use GPG.
Comment 4 Cristian OneČ› 2014-08-20 20:31:48 UTC 
Moving this wish to kmymoney4.
Comment 5 Jack 2020-06-13 23:10:40 UTC 
This still seems at least partly the case.  Trying to open an encrypted file, and failing to enter the passphrase three times produces a popup: "Cannot open file as requested."  Expanding the details points to ".../kmymoney-5.0.8/kmymoney/plugins/xml/xmlstorage.cpp:150"  It appears all of the detailed exceptions thrown in that file are caught in kmymoney/kmymoney.cpp and the generic error shown in a messagebox, thus losing any of the details of the different causes of the exception.