Mailinglist Archive: opensuse (1352 mails)

< Previous Next >
Re: [opensuse] KGPG : Serious fault
On 2018-06-04 10:01, John Andersen wrote:
On June 3, 2018 11:17:40 PM PDT, ellanios82 <ellanios82@xxxxxxxxx> wrote:
On 04/06/18 06:04, John Andersen wrote:
On 06/03/2018 07:56 PM, David C. Rankin wrote:
On 06/03/2018 03:50 PM, Carlos E. R. wrote:


But can't we assume that some form of Pin Entry did appear, because the OP
stated that it did in fact decrypt the file, and showed it to be decrypted
in spite of the error message?

Are we not Up the wrong tree barking? (again).



 - me , OP : using XFCE on Tumbleweed :

 "Decryption : upon entering password , error message appears

 saying "Decryption failed" , but , there is a tiny box for "Details"
: upon opening details , full-page , there appears

entire file in Decrypted form in PLAIN TEXT !

This is alarming and dangerous ."



So we don't have a pinentry problem. You were asked for and supplied a
password.

Nor was it dangerous. You did supply the correct password, and it properly
decrypted the file. If you could Key in any random password, or none at all,
THAT might be dangerous.

Alarming, perhaps.

Clearly you were alarmed. Now that you know that the only failure was a bogus
error message, I rather suspect it's a lot less alarming.

No, it is indeed dangerous.

kgpg produced an error, saying "decryption failed", but left a decrypted
copy of the file in the directory. This is dangerous: the user thinks
his data is still kept secret, but it is not. It is open. A thief
stealing the disk would be able to read the secret file.

This is a kgpg bug.


If the purpose is to read plain text files, I still say to use instead
emacs to read them, because it does not generate a deciphered file, but
reads it in memory only. Or find another tool to view protected files in
memory.

--
Cheers / Saludos,

Carlos E. R.
(from 42.3 x86_64 "Malachite" at Telcontar)

< Previous Next >
Follow Ups