I follow the exact sequence of steps described in http://docs.kde.org/stable/en/kdeutils/kgpg/encryption.html#konqui: Right-click the file to symmetrically encrypt -> Actions Menu -> Encrypt FIle. When the dialog opens, choose "Options" -> Symmetric encryption. When I click "Ok" the dialog silently closes, nothing happens, no error message, no visible crash. Reproducible: Always
Created attachment 81645 [details] Screen Capture: following the exact steps (1)
Created attachment 81646 [details] Screen Capture: following the exact steps (2)
I tried the same and as result I got a .asc file that holds the contents of the input file, and decrypting using the editor worked fine. Since you don't have the ASCII-option enabled in your screenshot you would have got a .gpg file (binary content). Please try this from your command line: gpg --symmetric /your/input/file This should work, and it's basically the same that KGpg does (it adds some more options to make sure it can understand what gpg says).
(In reply to comment #3) > I tried the same and as result I got a .asc file that holds the contents of > the input file, and decrypting using the editor worked fine. Since you don't > have the ASCII-option enabled in your screenshot you would have got a .gpg > file (binary content). > > Please try this from your command line: > > gpg --symmetric /your/input/file > > This should work, and it's basically the same that KGpg does (it adds some > more options to make sure it can understand what gpg says). Thank you for your comment, Rolf. In fact, it doesn't make a difference if I select or not the ASCII encryption option, it still silently closes with no output. The command line works fine, so the problem is clearly within the graphical interface. Also, there is no way to symmetrically encrypt multiple files in bulk using the same password through the command line, since gpg incredibly does not accept wildcards (!!!) and the --multifile option does not work together with symmetric encryption. So, if I want to encrypt 200+ files within the same folder using the same password I would have to do it one by one. Simply unnacceptable. I am replaced gpg with the very old ccencrypt/ccdecrypt and it allows me to use wildcards. I would like to use KGPG to perform those operations in a pleasant graphic environment, but it is virtually uselless.
Additional information: I tried to use the editor to encrypt a piece of text. When I chose the symmetric encryption option, it returned an error, which loosely translates to English as "Cryptgraphy Failure - A failure in cryptography occurred with error code 2" (I am using the Portuguese version).
Please build a kgpg version from source and configure it using cmake -D KGPG_DEBUG_TRANSACTIONS=ON /path/to/source Then make sure no other KGpg instance is running and start KGpg from a terminal, then do symmetrical encryption from an editor window. My output looks like this: kgpg(6412) KGpgTransaction::setSuccess: 0 0 kgpg(6412) KGpgTransaction::start: KGpgEncrypt(0x2d6d360) ("/usr/bin/gpg2", "--no-secmem-warning", "--no-tty", "--no-greeting", "--options", "/home/eike/.gnupg/gpg.conf", "--debug-level", "none", "--status-fd=1", "--armor", "--symmetric", "--command-fd=0", "--multifile", "/tmp/foo", "/tmp/bar") kgpg(6412) KGpgTransaction::setSuccess: 0 2 kgpg(6412)/kdecore (KSycoca) KSycocaPrivate::openDatabase: Trying to open ksycoca from "/var/tmp/kdecache-eike/ksycoca4" kgpg(6412): No language dictionaries for the language : "de" kgpg(6412) KGpgTransaction::setSuccess: 0 0 kgpg(6412) KGpgTransaction::start: KGpgEncrypt(0x2fabe70) ("/usr/bin/gpg2", "--no-secmem-warning", "--no-tty", "--no-greeting", "--options", "/home/eike/.gnupg/gpg.conf", "--debug-level", "none", "--status-fd=1", "--armor", "--symmetric") kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) "[GNUPG:] NEED_PASSPHRASE_SYM 3 3 2" kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) "[GNUPG:] BEGIN_ENCRYPTION 0 3" kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) "-----BEGIN PGP MESSAGE-----" kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) "Version: GnuPG v2.0.19 (GNU/Linux)" kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) "" kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) "jA0EAwMClbQu3NEyberTyRkWq0a3sQBzr+tEeZDa2ifhG8w4/eVgdaCP" kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) "=zxy2" kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) "-----END PGP MESSAGE-----" kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) "[GNUPG:] END_ENCRYPTION" It's the result of encrypting "abc" with password "abc".
(In reply to comment #6) > Please build a kgpg version from source and configure it using > > cmake -D KGPG_DEBUG_TRANSACTIONS=ON /path/to/source > > Then make sure no other KGpg instance is running and start KGpg from a > terminal, then do symmetrical encryption from an editor window. My output > looks like this: > > kgpg(6412) KGpgTransaction::setSuccess: 0 0 > > kgpg(6412) KGpgTransaction::start: KGpgEncrypt(0x2d6d360) ("/usr/bin/gpg2", > "--no-secmem-warning", "--no-tty", "--no-greeting", "--options", > "/home/eike/.gnupg/gpg.conf", "--debug-level", "none", "--status-fd=1", > "--armor", "--symmetric", "--command-fd=0", "--multifile", "/tmp/foo", > "/tmp/bar") > > kgpg(6412) KGpgTransaction::setSuccess: 0 2 > > kgpg(6412)/kdecore (KSycoca) KSycocaPrivate::openDatabase: Trying to open > ksycoca from "/var/tmp/kdecache-eike/ksycoca4" > > kgpg(6412): No language dictionaries for the language : "de" > > kgpg(6412) KGpgTransaction::setSuccess: 0 0 > kgpg(6412) KGpgTransaction::start: KGpgEncrypt(0x2fabe70) ("/usr/bin/gpg2", > "--no-secmem-warning", "--no-tty", "--no-greeting", "--options", > "/home/eike/.gnupg/gpg.conf", "--debug-level", "none", "--status-fd=1", > "--armor", "--symmetric") > kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) > "[GNUPG:] NEED_PASSPHRASE_SYM 3 3 2" > kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) > "[GNUPG:] BEGIN_ENCRYPTION 0 3" > kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) > "-----BEGIN PGP MESSAGE-----" > kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) > "Version: GnuPG v2.0.19 (GNU/Linux)" > kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) "" > kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) > "jA0EAwMClbQu3NEyberTyRkWq0a3sQBzr+tEeZDa2ifhG8w4/eVgdaCP" > kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) > "=zxy2" > kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) > "-----END PGP MESSAGE-----" > kgpg(6412) KGpgTransactionPrivate::slotReadReady: KGpgEncrypt(0x2fabe70) > "[GNUPG:] END_ENCRYPTION" > > It's the result of encrypting "abc" with password "abc". Again, Rolf, thank you for your answer. I just do not know how to "build a kgpg version from source"... :-P I only install software using Muon, Synaptics or standard command line apt-get, but compiling from source code is a bit way too techie for my computing skills. But if you tell me step-by-step I will be glad to follow your instructions to the letter.
I can confirm this is a bug with KGpg. If I right click on a text file in Konqueror and select Actions->Encrypt File, I get the KGpg dialog box. Next I click on Options button at bottom, and select ONLY symmetrical encryption. Click Ok and the dialog box goes away and nothing happens. What is suppose to happen is another dialog box is suppose to popup and ask for a passphrase. Then after entering your password, a new file is created: filename.txt.gpg. However DE-Crypting works: if I click on an already encrypted .gpg file, KGpg properly launches a dialog box which asks for the passphase and once entered KGpg properly de-crypts the file. Also if I just go to a terminal and type: gpg --symmetric myfile.txt I will be asked for a passphrase and the text file will be property encrypted.
(In reply to linuxguy from comment #8) > If I right click on a text file in Konqueror and select Actions->Encrypt > File, I get the KGpg dialog box. Next I click on Options button at bottom, > and select ONLY symmetrical encryption. Click Ok and the dialog box goes > away and nothing happens. > > What is suppose to happen is another dialog box is suppose to popup and ask > for a passphrase. Then after entering your password, a new file is created: > filename.txt.gpg. I do infact see that "another dialog box", asking for password and whether to store that passwd in a "password-store" - for which another password is required. so you deal with 2 passwords here, already leading to confusion. But of course, Kgpg breaks and it is impossible to ever make use of said "password-store". And that bloody store is not KWALLETMANAGER, it appears. Cannot be in firefox either. Then again, it might be, since exactly zero information is given anywhere in KDE about which password-store that is, and which it is not. Of course, those doing gpg-proper documentation could not care less about filling the gaps in the GUIs docs. The Kgpg manual refers to gpg but seemingly, the gpg people just ignaore this reference. I looked into the source code but that is tricky as well. so the question is: which file is Kgpg's "password-store" and when and how to set a password for it? why do they not use KWALLETMANAGER as one would expect from a KDE app.
Please send pictures of these dialogs, and use a user account with English locale to make tracing easier.
*** Bug 390699 has been marked as a duplicate of this bug. ***
(In reply to Rolf Eike Beer from comment #11) > *** Bug 390699 has been marked as a duplicate of this bug. *** in my other report it is ver< obvious how to reproduce the bug. maybe the problem is using this ignored option in Kgpg: --secret-keyring file This is an obsolete option and ignored. All secret keys are stored in the ‘private-keys-v1.d’ directory below the GnuPG home directory.
option "save in password manager" is totally broken. Just remove it, it is no good.
in fact, try this: do a symmetric file encrypt first ith Kleopatra - it will work as expected, whether or not "save password" is used. Then do the exact same thing with Kgpg and try "save password in keyring" - breakage ! just look up how Kleopatra does it. it doesn't break, at least not right there.
well, now I recompiled kgpg 17.12.1 from sources on a rolling release Manjaro. The bug is gone! weird. for giggles I changed this, but it seemed to make no difference: void KGpgSignTransactionHelper::setSecringFile(const QString &filename) { // QStringList secringargs(QLatin1String( "--secret-keyring" )); // "--secret-keyring" 2018 no longer supported by gpg QStringList secringargs(QLatin1String( " " )); // secringargs << filename; asTransaction()->insertArguments(1, secringargs); } anyhow, I rest my case.
so I thought. after the big ARCH update today, even gpg exhibits the problem. so gpg and kgpg act the same way. both are buggy. how to set that keyring password - Ubuntu suggests to delete the whole keyring. the screenshot shows that no one can tell which password is for what. very poor usability.
Created attachment 110805 [details] password + passphrase - where and when has the "keyring password" been set at all? It seems impossible to find documentation on the lower 2 windows. man gpg2 does not talk about a keyring password or passphrase. WTF? the lower "password" dialog is the big problem.
Comment on attachment 110805 [details] password + passphrase - where and when has the "keyring password" been set at all? It seems impossible to find documentation on the lower 2 windows. man gpg2 does not talk about a keyring password or passphrase. WTF? how was the UNLOCK PASSWORD been defined? impossible to find out!
the problematic windows is /usr/lib/gcr/gcr-prompter from package gcr . documentation is pretty worthless, as was to be expected. maybe some stuff in /etc/pam.d/ plays into it. who knows.
ah btw, deleting the keyring in ~/gpg/ altogether does not help. of course not.
Created attachment 110806 [details] how not to program a GUI - keep the user in the dark about all seemingly the only way to get rid of this problem is to delete / move all files from ~/.local/share/keyrings/ when gpg only talks about his ~/.gpg directory complete failure of documentation !
the root cause of the problem is clear: Linux has too few password-stores. /etc/passwd , firefox has 2, KDEWALLET has x , gpg has 2+ that is not enough ! it is not confusing at all ! we need 5000 password stores per user. that'll solve all problems.
I _think_ this is going on: KGpg runs gpg. Gpg starts a pinentry to ask for the passphrase (gcr in your case). That offers to store the password in a keyring (the gnome one I think). That's why the KGpg documentation says nothing about it: it's a totally different program that has is only a helper for gpg, so "far away" in the dependency chain. KGpg does not store passwords, and GnuPG does not encrypt it's keyrings (only the private keys with the key password). The mixup if it is called password or passphrase is either in gcr or in KDE frameworks, I suspect the former. What you can try: replace gcr with pinentry-qt5 (no idea how that package is called on your distro).
At least the wiki must reflect the accurate state of affairs, if it deserves to be called 'wiki'. We're on it.
Created attachment 110843 [details] more explanatory getpin-qt a more explanatory getpin-qt tells the user what it wants and were the password is stored. this is how it SHOULD be. in the real world, users are told a PID and that's it. package "getpin" is available eg.g for Manjaro/netrunner.
Created attachment 110844 [details] where is the password stored now? ( using pinentry-qt) OK I removed package gcr and gnome-keyring. Now indeed pinentry-qt is being used. But in which file is the password being stored when "save in pwd manager" is enabled ? No one knows.
Comment on attachment 110844 [details] where is the password stored now? ( using pinentry-qt) I guess enabling the option will silently be ignored.
so to answer my own question: the password will not be stored, i.e. will be stored nowhere.
(In reply to Rolf Eike Beer from comment #23) > That's why the KGpg documentation says > nothing about it: it's a totally different program that is only a helper > for gpg, so "far away" in the dependency chain. that is an explanation, but it is not satisfactory for the user to not know where his passwords are stored. It is crucial to know that.
amazing, how nobody feels the need to document where the heck (i.e. file & path) those darn passwords are being stored. or is it anywhere on https://developer.gnome.org/gnome-keyring/stable/ch01.html
even the seahorse GUI does not tell you in which file those passwds ares stored. Why not? its important to know.
to summarize: I cannot see a bug, but documentation is lacking imho.
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version? If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!