1 Reply by jeff.sadowski

(11 replies, posted in Bugs & problems)

sid77 wrote:

unfortunately, IPC is the only way to go: both using a temp file and --passphrase is insecure, as password can be easily read through the file or with "ps -aux | grep gpg"

I'm glad you mentioned this I was using an option to send the password for the rdesktop like so

passwd=`cat ~/domainpassword.gpg | gpg2 --decrypt --use-agent`
rdesktop -f -u abbatech\\root -p ${passwd} $* &

So I checked to see if I could see the password from ps. Funny thing though my ps was not showing the results of
`cat ~/domainpassword.gpg | gpg2 --decrypt --use-agent` it was showing XXXXXXXXXX

ps -aux | grep rdesktop
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
root     15534  0.0  0.1  10200  2588 pts/4    S    13:12   0:00 rdesktop -f -u Username -p XXXXXXXXXXX computer
root     15560  0.0  0.0   3880   656 pts/4    R+   13:22   0:00 grep rdesktop

it should be -ef actually I remember hearing about this somewhere

ps -ef | grep rdesktop
root     15534     1  0 13:12 pts/4    00:00:00 rdesktop -f -u Username -p XXXXXXXXXXX computer
root     15564 15220  0 13:23 pts/4    00:00:00 grep rdesktop

I am kind of puzzled here is my "ps" command intelligent enough to strip this would it also be intelligent  enough to strip
the password from a gpg command.

apparently not, but why. Ok maybe the rdesktop command sends XXXXXXXXX to ps instead of that argument so we would have to talk with the gpg developers. and I think gpg is left in favor of gpg2

Go to forum: Bugs & problems

2 Topic by jeff.sadowski

(1 replies, posted in Requests)

I would like to see the same message in my alert box as I see in the gmail part.

Also I would like to see better locale keywords


verifFailed(good)
verifSuccess(good)
noData(good)
noPass(good)
noKey(good)
GMailSOK(not so good, why a different message for gmail than in other message boxes)
GMailNoS( "   "     "        "    "  "              "         "    "        "    "   "        "           "    )
GMailSErr( "   "     "        "    "  "              "         "    "        "    "   "        "           "    )

also

I'd like a
verifError
and
verifNoKeyFor


if there must be different messages for gmail and the text box I recommend passing them into the
GPG.baseVerify function and having most of the word processing be done there or by passing back
the data from the GPG.baseVerify in a structure itself if javascript supports structures.

for my current layered implementation I did most of the text proccessing in the GPG.baseVerify function
and only on the gmail side I replaced tabs with 8

Go to forum: Requests

3 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

ok i perfected my signature inside signature checking :-)

baseVerify: function(text) {
        this.initGPGACCESS();

        return " \n" + this.layers(text,0);

    },

    layers: function(text,layer) {
        var newline = new RegExp("\r","gi");
        text = text.replace(newline,"\n");
        text="\n" + text;

        var begintxt = "-----BEGIN PGP SIGNED MESSAGE-----";
        var midtxt = "-----BEGIN PGP SIGNATURE-----";
        var endtxt = "-----END PGP SIGNATURE-----";

        var division=0;
        var verifytxt="<br>\n";

        var layerbegin = new RegExp("- " + begintxt,"gi");
        var layermid = new RegExp("- " + midtxt,"gi");
        var layerend = new RegExp("- " + endtxt,"gi");
        var begin = new RegExp("\n" + begintxt,"gi");
        var end = new RegExp("\n" + endtxt,"gi");

        var firstPosition = 0;
        var lastPosition = 0;
        var divisiontxt = "";

        while(firstPosition!=-1 && lastPosition!=-1)
        {
                firstPosition = text.search(begin);
                lastPosition = text.search(end);
                if( firstPosition!=-1 && lastPosition!=-1)
                {
                        division++;
                        var divisiontxt=text.substring(firstPosition,lastPosition+endtxt.length+1);
                        var tmpverifytxt = this.layerverify(divisiontxt,layer,division);
                        divisiontxt = divisiontxt.replace(begin,"");
                        divisiontxt = divisiontxt.replace(end,"");
                        divisiontxt = divisiontxt.replace(layerbegin,begintxt);
                        divisiontxt = divisiontxt.replace(layermid,midtxt);
                        divisiontxt = divisiontxt.replace(layerend,endtxt);
                        verifytxt = verifytxt + tmpverifytxt + this.layers(divisiontxt,layer+1);
                        text=text.substring(lastPosition+endtxt.length);
                }
        }
        return verifytxt;
    },
    layerverify: function(text,layer,division)
    {
        var spaces="";
        tmpverifytxt=this.GPGAccess.verify(text);
        for(x=0;x<layer;x++)
        {
            spaces=spaces+"_";
        }
        var goodsig=tmpverifytxt.indexOf("GOODSIG");
        if(goodsig!=-1)
        {
            tmpverifytxt = "Good Signature from " + tmpverifytxt.substring(goodsig+8,tmpverifytxt.indexOf("\n",goodsig));
        }
        else
        {
            var badsig = tmpverifytxt.indexOf("BADSIG");
            tmpverifytxt = "Bad Signature from " + tmpverifytxt.substring(badsig+7,tmpverifytxt.indexOf("\n",badsig));
        }
        return spaces+tmpverifytxt;
    },

Go to forum: Bugs & problems

4 Reply by jeff.sadowski

(1 replies, posted in Requests)

try signing stuff in the first textbox
layer it and add signed stuff to the bottom
my javascript separates them and sends the individually to the verify function
you can see the things the verify is getting they show up between ====begin division x of layer x=== and ===end division x of layer x ===
in the third textbox
the second textbox is an example of how I want the verify messages
oh and the button between the first 2 textboxes activates the scripts

Go to forum: Requests

5 Topic by jeff.sadowski

(1 replies, posted in Requests)

<script>

var composite;

function copytext()
{
composite="";
document.myform.here.value="";
document.myform.mytext.value="";
document.myform.mytext2.value="";
document.myform.mytext.value=layers(document.myform.text.value,0);
document.myform.mytext2.value=composite;
}

function layers(text,layer)
{
text="\n" + text + "\n";

var begintxt = "-----BEGIN PGP SIGNED MESSAGE-----\n";
var midtxt = "-----BEGIN PGP SIGNATURE-----\n";
var endtxt = "-----END PGP SIGNATURE-----\n";

var division=0;
var verifytxt="";

var layerbegin = new RegExp("- " + begintxt,"gi");
var layermid = new RegExp("- " + midtxt,"gi");
var layerend = new RegExp("- " + endtxt,"gi");
var begin = new RegExp("\n" + begintxt);
var end = new RegExp("\n" + endtxt);

var firstPosition = 0;
var lastPosition = 0;
var divisiontxt = "";

while(firstPosition!=-1 && lastPosition!=-1)
{
  firstPosition = text.search(begin);
  lastPosition = text.search(end);
  if( firstPosition!=-1 && lastPosition!=-1)
  {
   division++;
   var divisiontxt=text.substring(firstPosition,lastPosition+endtxt.length);
   var tmpverifytxt = verify(divisiontxt,layer,division);
   divisiontxt = divisiontxt.replace(begin,"");
   divisiontxt = divisiontxt.replace(end,"");
   divisiontxt = divisiontxt.replace(layerbegin,begintxt);
   divisiontxt = divisiontxt.replace(layermid,midtxt);
   divisiontxt = divisiontxt.replace(layerend,endtxt);
   verifytxt = verifytxt + tmpverifytxt +"\n"+layers(divisiontxt,layer+1);
   text=text.substring(lastPosition+endtxt.length);
  }
}

return verifytxt;
}

function verify(text,layer,division)
{
composite = composite + "\n=====begin division " + division + " of layer ";
composite = composite + layer + "=====\n" + text + "\n=====end division" + division + " of layer " + layer + "=====\n";
var spaces="";
for(x=0;x<layer;x++)
{
  spaces=spaces+" ";
}
return spaces+"test";
}

</script>

<form name=myform>
<textarea name=text rows=40 cols=60></textarea>
<input type=button onclick="copytext()">
<textarea name=mytext rows=40 cols=60></textarea>
<textarea name=mytext2 rows=40 cols=60></textarea>
<br>
<input name=begin type=text>
<input name=end type=text>
<input name=here type=text>
</form>

Go to forum: Requests

6 Reply by jeff.sadowski

(11 replies, posted in Bugs & problems)

another option might be to use a use-agent

Go to forum: Bugs & problems

7 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

better fix :-)

baseVerify: function(text) {
        this.initGPGACCESS();

        var text = "\n" + text + "\n"; //add new line chars so we can use the following
        var begin = new RegExp("\n-----BEGIN PGP SIGNED MESSAGE-----\n");
        var end   = new RegExp("\n-----END PGP SIGNATURE-----\n");
        var firstPosition = text.search(begin);
        var lastPosition = text.search(end);

        // Verify GPG'data presence
        if(firstPosition == -1 || lastPosition == -1)
            return "noGpg";

        text = text.substring(firstPosition,lastPosition + ("-----END PGP SIGNATURE-----").length);

        // We get the result
        var result = this.GPGAccess.verify(text);

        // If check failled
        if(result.indexOf("GOODSIG") == "-1") {
            return "erreur";
        }
        else {
            // If he work, we get informations of the Key
            var infos = result;

            infos = infos.substring(0,infos.indexOf("GOODSIG") + 8);
            infos = result.replace(infos, "");
            infos = infos.substring(0,infos.indexOf("GNUPG") - 2);

            return infos;
        }
},

Go to forum: Bugs & problems

8 Reply by jeff.sadowski

(7 replies, posted in Bugs & problems)

the_glu wrote:

Ok, but we can maybe remove this chars...

No, we would have to replace the two characters 302 240 with a space; but there is no way of knowing if those characters where put in before or after they signed.
That gets into checking all possible combinations; not pretty.

This also gets into the problem of word wrap.
When someone signs a message and pastes it into an email program that performs a word wrap you would get similar behavior. There is no knowing of where the word wrap took place.

Go to forum: Bugs & problems

9 Reply by jeff.sadowski

(7 replies, posted in Bugs & problems)

the_glu wrote:

So:

With outlook (web access), there are some strange characters into the mesage, who fail validations of sign.
With a copy/past who ignore this special char, the sign are valid.

It's only signs of FireGPG ?

"Outlook Web Access" is a web interface to the exchange server. It is opened in firefox.
I am selecting the text in firefox (copy) and paste to a file opened in vi.
save the file and use "gpg --verify file"
valid pgp signature.

firegpg sees the text as is special charaters and all. when I select the text and right click go down to firegpg and select validate it can not validate the pgp signature.

Repeat this is not firegpg at fault consider this a bug on the other end. What ever the person sending this too me was using to send mail is at fault.
Nothing can be done about it.

Go to forum: Bugs & problems

10 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

the_glu wrote:

And it's remove the problem of sign inside signs ?

yes it fixes this problem

Notes: as originally intended it just validaes the outside signature and the first one

example 1:

--begin sig 1--
- --begin sig 2--
- --end sig 2--
--end sig 1--
--beging sig 3--
--end sig 3--

only sig 1 is validated sig 3 is ignored this looked to me like the original intention

example 2:

--begin sig 1--
--end sig1--
--begin sig2--
- --begin sig3--
- --end sig3--
--end sig2--

again only sig 1 is validated everything after --end sig1-- is ignored.

latter I will demonstrate my nested validating :-)

Go to forum: Bugs & problems

11 Reply by jeff.sadowski

(7 replies, posted in Bugs & problems)

Like I was saying above I'm beginning to think this is a "MS Word" issue in sending the email. A problem on the sending side.
I have suspicion that word is replacing some spaces with simmilar characters after the pgp program is encrypting it.

I used my script I mentioned earlier (its easy to debug now) and am getting a copy of the message being sent to gpg for verification.
I then compare that file with copying and pasting text into vi.

then I did a diff on the two files.
Lone behold there are differences that are naked to the human eye.

diff steve.msg test.sh_verify_20070622082019
4c4
< I believe I can have the interface ready for entering data by July.   I will need Jeff to get the www test environment up, install Tomcat, and the Apache JK connector
---
> I believe I can have the interface ready for entering data by July.   I will need Jeff to get the www test environment up, install Tomcat, and the Apache JK connector
32c32
< What is the status of the database?  We would like to begin really using it in July.
---
> What is the status of the database?  We would like to begin really using it in July.
65c65
< -----END PGP SIGNATURE-----
---
> -----END PGP SIGNATURE-----
\ No newline at end of file


the newline one can be ignored

diff steve.msg test.sh_verify_20070622082019|hexdump -c
0000000   4   c   4  \n   <       I       b   e   l   i   e   v   e
0000010   I       c   a   n       h   a   v   e       t   h   e       i
0000020   n   t   e   r   f   a   c   e       r   e   a   d   y       f
0000030   o   r       e   n   t   e   r   i   n   g       d   a   t   a
0000040       b   y       J   u   l   y   .               I       w   i
0000050   l   l       n   e   e   d       J   e   f   f       t   o
0000060   g   e   t       t   h   e       w   w   w       t   e   s   t
0000070       e   n   v   i   r   o   n   m   e   n   t       u   p   ,
0000080       i   n   s   t   a   l   l       T   o   m   c   a   t   ,
0000090       a   n   d       t   h   e       A   p   a   c   h   e
00000a0   J   K       c   o   n   n   e   c   t   o   r  \n   -   -   -
00000b0  \n   >       I       b   e   l   i   e   v   e       I       c
00000c0   a   n       h   a   v   e       t   h   e       i   n   t   e
00000d0   r   f   a   c   e       r   e   a   d   y       f   o   r
00000e0   e   n   t   e   r   i   n   g       d   a   t   a       b   y
00000f0       J   u   l   y   . 302 240 302 240       I       w   i   l
0000100   l       n   e   e   d       J   e   f   f       t   o       g
0000110   e   t       t   h   e       w   w   w       t   e   s   t
0000120   e   n   v   i   r   o   n   m   e   n   t       u   p   ,
0000130   i   n   s   t   a   l   l       T   o   m   c   a   t   ,
0000140   a   n   d       t   h   e       A   p   a   c   h   e       J
0000150   K       c   o   n   n   e   c   t   o   r  \n   3   2   c   3
0000160   2  \n   <       W   h   a   t       i   s       t   h   e
0000170   s   t   a   t   u   s       o   f       t   h   e       d   a
0000180   t   a   b   a   s   e   ?           W   e       w   o   u   l
0000190   d       l   i   k   e       t   o       b   e   g   i   n
00001a0   r   e   a   l   l   y       u   s   i   n   g       i   t
00001b0   i   n       J   u   l   y   .  \n   -   -   -  \n   >       W
00001c0   h   a   t       i   s       t   h   e       s   t   a   t   u
00001d0   s       o   f       t   h   e       d   a   t   a   b   a   s
00001e0   e   ? 302 240       W   e       w   o   u   l   d       l   i
00001f0   k   e       t   o       b   e   g   i   n       r   e   a   l
0000200   l   y       u   s   i   n   g       i   t       i   n       J
0000210   u   l   y   .  \n   6   5   c   6   5  \n   <       -   -   -
0000220   -   -   E   N   D       P   G   P       S   I   G   N   A   T
0000230   U   R   E   -   -   -   -   -  \n   -   -   -  \n   >       -
0000240   -   -   -   -   E   N   D       P   G   P       S   I   G   N
0000250   A   T   U   R   E   -   -   -   -   -  \n   \       N   o
0000260   n   e   w   l   i   n   e       a   t       e   n   d       o
0000270   f       f   i   l   e  \n
0000277

as you can see it seems spaces after punctuations are different when looked at with hexdump(typical MS auto correct)

for example

"J   u   l   y   .               I" from my vi copied one
versus
"J   u   l   y   . 302 240 302 240       I" from the one firegpg was sending.

Like I was saying earlier I think firegpg was right here and that it is an invalid signature versus my copy and paste and gpg saying it was a valid signature.
Because I suspect an issue with copy and paste in linux(I have noticed it before) in which linux is correcting the bad characters into spaces.
Example: when I select text from vi that has tabs in it the copied text has spaces that approximate the tab. I think something similar is happening.

hmm maybe that is the unicode character for space. unicode would take up 2 characters

Go to forum: Bugs & problems

12 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

the_glu wrote:

1) Can you me more clear ?
2) Can you stop doing a lot of double-post ? You can edit your messages.

ok sorry I'll try and edit more ;-)

oops I messed up the first time I did this I made some changes FIREGPGTRALALAENDHIHAN was too long

in file firegpg/content/cgpg.js
In the baseVerify function
I changed

from
text = text.replace(reg, "FIREGPGTRALALABEGINHIHAN");
to
text = text.replace(reg, "FIREGPGTRALALABEGINHIHAN123456789012");

and

from
text = text.replace(reg, "FIREGPGTRALALAENDHIHAN");
to
text = text.replace(reg, "FIREGPGTRALALAENDHIHAN1234567");

and

from
reg = new RegExp("FIREGPGTRALALABEGINHIHAN", "gi");
to
reg = new RegExp("FIREGPGTRALALABEGINHIHAN123456789012", "gi");

and

from
text = text.replace(reg, "-----BEGIN PGP SIGNED MESSAGE-----");
to
text = text.replace(reg, "- -----BEGIN PGP SIGNED MESSAGE-----");

and

from
reg = new RegExp("FIREGPGTRALALAENDHIHAN", "gi");
to
reg = new RegExp("FIREGPGTRALALAENDHIHAN1234567", "gi");

and

from
text = text.replace(reg, "-----END PGP SIGNATURE-----");
to
text = text.replace(reg, "- -----END PGP SIGNATURE-----");

Go to forum: Bugs & problems

13 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

Counting mistake I made. I said count all "&" 's and "test" 's this is untrue we should only count the ones before the key word, and we should count our replaced items
"&" 's and "&ourphrase;" 's since the calculations are being done after the replacement.

Go to forum: Bugs & problems

14 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

how to send patch? or did I describe what I did good enough?

Go to forum: Bugs & problems

15 Topic by jeff.sadowski

(7 replies, posted in Bugs & problems)

I don't know what is going on. ok here are the symptoms.

I'm using outlook web access(not my choice)
a colleague of mine sent me a signed message.
I selected the message with my mouse and expected after the fixes I made for it to work perfectly
then it said it couldn't verify :-( so then I opened up vi and pasted the text and it verified :-/
Ok so then I thought well maybe its doing something funny so I checked with my breakout
script to see what was going on and took a diff of the _verify_ that my script produced and the file
created with vi. There where a couple of lines that diff returned but they looked identical by eye.
So I sent the diff to a "hexdump -c" and found out that the file produced by firegpg had strange
characters the file created by firegpg had the two characters octal represented as 302 240 in place of
one space(and its not all spaces replaced by this) from my vi created via paste and im not sure what is
going on. I actually like firegpg's assessment better I'm thinking. Cause those characters are probably what is really there
and when I paste I think my X windows environment is just interpreting them as spaces and fixing it(it really shouldn't).

Go to forum: Bugs & problems

16 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

The two things I don't like about this method are as follows
1. This is inband tokening meaning someone can mess up this algorithm using keywords like if FIREGPGTRALALABEGINHIHAN
2. to do verifying on inner messages would get difficult if we wish to do this later. I have ideas about doing that with my layered idea
if you want unbreakable inband we could do that too we could have counted how many instances we replaced and made up the space
difference with calculations instead of padding and then use an inband message replacement method like html does or shell escaping method
first replacing key tags with a key tag chain then replace the thing your going after then reverse that on the way back
example

lets say we want to replace "test" with &ourkeyphrase; lets first replace all & with & like html
example test phrase
"a tricky test phrase &"
we would first make our & substitution
"a tricky test phrase &amp;"
then we  do our substitutions
"a tricky &ourkeyphrase; &amp;"
now we have our working string after we are done we make the substitutions back
I'm using an html type method in this example.

now lets combine this with counting displacement characters
first we would count how many "&" 's we have and multiply that by 4 because we have 4 extra characters
then we would count how many "test" 's we have and multiply that by 10 because we have 10 extra characters.
add those numbers together and subtract them from our count total on our working phrase.
if we had less we would subtract

Go to forum: Bugs & problems

17 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

I found the cause of your bugs and fixed it using your programming logic.
I'd still like to get away from this and I'll see what I can do but here is two problems I found

to get the lastPosition the calculations are comming out wrong because the distance of -----BEGIN PGP SIGNED MESSAGE----- and FIREGPGTRALALABEGINHIHAN are not the same for now I just padded FIREGPGTRALALABEGINHIHAN with extra spaces to make it the same length.

the second mistake is when replacing it back you forgot the extra "- " in front

Go to forum: Bugs & problems

18 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

an idea about what is going wrong. After removing all the text replacement and sending the full content of the selected text it was able to verify my example
I see what you are trying to do and I think I understand the issue. I'd like to introduce and idea of layer searching
as you know a signature inside a signature appends "- " in front so when you search for a close to this you should look for an equal amount of "- "'s at the beginning
we can step through text a little at a time.

I'll try and write something up to demonstrate my idea.

also to append my idea I know there is a limmit to how much can go in a text input box before it wraps and maybe introduce a wrapping before sending it to gpg.

Go to forum: Bugs & problems

19 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

the_glu wrote:

Stop make strange files ^^

what?

I'm talking about the file firegpg is creating from the selected text.
firegpg is replacing text in it.

it looks like you are doing a lot of extra work

gpg will ignore text outside of a signature
you should just be able to send the entire content of what is selected

Go to forum: Bugs & problems

20 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

ooh I actually see where the problem lies :-)

in cgpg.js verify
replacing text

Go to forum: Bugs & problems

21 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

we may be talking about the same file
the files following the --verify <this file>

Go to forum: Bugs & problems

22 Reply by jeff.sadowski

(20 replies, posted in Bugs & problems)

Did you know that the file being sent to be verified was corrupted?

Go to forum: Bugs & problems

23 Topic by jeff.sadowski

(20 replies, posted in Bugs & problems)

I took out my script to test this and then put it back in place to try and trouble shoot
Ok here is my message

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

test
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGetyjjQunEb2baXIRAgBhAKCXi99F8V2/SbXQMp6Pyo11knKlCgCghA2P
p8NJaChS363cSozKbvzaOcs=
=lod8
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGetyujQunEb2baXIRAqf4AJ9XnHN8/k1zhcl5hjeIAS8UlSYA9gCgwGvE
hAVXz4H+aIoBUF40f3sRn6A=
=LQMx
-----END PGP SIGNATURE-----


here is the private key I used for this


-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.7 (GNU/Linux)

lQHhBEZ5eGIRBACo8ewHUUgJlYZGq2hOzyecvt6JDTWcVdOx8C2KlsdjMt8FnNJL
hKP3+Y4F8KzoPKanF/xyi91Z0d0MkNHadNN0XI9y4fm6vVZR0x80ngBsgyguRLlU
shDCqTl6jdLTxshzrpkX3UynrpHqJQBzbs7yRmWGQZrWvRXupmb3N2wH0wCgz+1Y
y6DMBXlwKn/E5SVmMQbeo28D/iv0lANfYNiWvOXC7vV2Sc9oRBHEoQWF70uBRg2n
qy5bvq+YliXrS/QI0PaHzAWEiSU1RY/VlDMcPuk3lRtK/eRoBqYqAfKFbzPnkhK4
9MFeX6ElycMZht4ZLF3dal+h8M9V/SuwSo6HISPOgAzFnPz96Y+NADg/vZGgeS6l
ampoBACcRkHhhZrtRz2zHjoU5dsuGZwgasbqBTKeritcAHfJy9C3J2dpWkMafSsZ
7buPz1Cm1E6Cnr7JsdRKFlDX9YAsuyA2CauvAmJye2eN0lBPmYlfFW9Zx4zCV1Ca
YKjT4DmrvGpxCpYxfhJkJLdzb6niKwJxi3/t1zhbeQb/aXfjSv4DAwLzNVNn9FnC
XWAoMOGbsWfRyVeZerxzAkV8POSCZZMRoz5oNRqyVpWCsy75vhXlPHZtrCD347GN
KjRsBLQlVGVzdCAodGhpcyBpcyBhIHRlc3QpIDx0ZXN0QHRlc3QuY29tPohgBBMR
AgAgBQJGeXhiAhsjBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQjQunEb2baXJ7
HwCdE3Ub6ouCN5SsWdVYmsHgxA1cemYAn0Tpb+f9hnCQwoFdTJyK7uwdOsMInQFY
BEZ5eGIQBADSTMSwchMNNwsKCSCnDMmQlJwoK0xRI/8vI4Kfg+51U9XAKb3zqv13
pYFjHndjQ3ztRVMC4DrxUiazIRMuX1h/YbNXxlW4TcI8ihxXXDu+DUy1z9irtyeC
oRpypbhjx7rdNaZMsvIM02Lr7kNquLSPAYwlCEJHQRdZKaRqhK6UcwADBQP/d34w
9nNMyl6y0B3LwnvZcfUMTaz3DVeLQtyAV3JNLMlJfoQ9aSZmNQVHdbz+4cnTt87Q
MWv0HJy9PD+8crp+Q46Zc2wdK+Ij2xcwPmk5iYTuIQbQdxf8/saRBqVL33UJdLoa
erA+ET5yketeJXMzdfUTYBIHZlKI1GWIAoUw0rf+AwMC8zVTZ/RZwl1gnrWcMF/Q
1Wui6ETNZV7CtiI4/c5ltZnRijztgKiTpL9EbxtFjPKyETWLXidnGbCqPUBHB689
/QzvAFnaeFWISQQYEQIACQUCRnl4YgIbDAAKCRCNC6cRvZtpcos0AJ9uSeVtOsUd
2l8ajleNtmxVjkEXygCdHjBj82ydpsaPcqsdC4OOq+edQz4=
=xkyu
-----END PGP PRIVATE KEY BLOCK-----

it is a test one with password "testing"

here is its public key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (GNU/Linux)

mQGiBEZ5eGIRBACo8ewHUUgJlYZGq2hOzyecvt6JDTWcVdOx8C2KlsdjMt8FnNJL
hKP3+Y4F8KzoPKanF/xyi91Z0d0MkNHadNN0XI9y4fm6vVZR0x80ngBsgyguRLlU
shDCqTl6jdLTxshzrpkX3UynrpHqJQBzbs7yRmWGQZrWvRXupmb3N2wH0wCgz+1Y
y6DMBXlwKn/E5SVmMQbeo28D/iv0lANfYNiWvOXC7vV2Sc9oRBHEoQWF70uBRg2n
qy5bvq+YliXrS/QI0PaHzAWEiSU1RY/VlDMcPuk3lRtK/eRoBqYqAfKFbzPnkhK4
9MFeX6ElycMZht4ZLF3dal+h8M9V/SuwSo6HISPOgAzFnPz96Y+NADg/vZGgeS6l
ampoBACcRkHhhZrtRz2zHjoU5dsuGZwgasbqBTKeritcAHfJy9C3J2dpWkMafSsZ
7buPz1Cm1E6Cnr7JsdRKFlDX9YAsuyA2CauvAmJye2eN0lBPmYlfFW9Zx4zCV1Ca
YKjT4DmrvGpxCpYxfhJkJLdzb6niKwJxi3/t1zhbeQb/aXfjSrQlVGVzdCAodGhp
cyBpcyBhIHRlc3QpIDx0ZXN0QHRlc3QuY29tPohgBBMRAgAgBQJGeXhiAhsjBgsJ
CAcDAgQVAggDBBYCAwECHgECF4AACgkQjQunEb2baXJ7HwCdE3Ub6ouCN5SsWdVY
msHgxA1cemYAn0Tpb+f9hnCQwoFdTJyK7uwdOsMIuQENBEZ5eGIQBADSTMSwchMN
NwsKCSCnDMmQlJwoK0xRI/8vI4Kfg+51U9XAKb3zqv13pYFjHndjQ3ztRVMC4Drx
UiazIRMuX1h/YbNXxlW4TcI8ihxXXDu+DUy1z9irtyeCoRpypbhjx7rdNaZMsvIM
02Lr7kNquLSPAYwlCEJHQRdZKaRqhK6UcwADBQP/d34w9nNMyl6y0B3LwnvZcfUM
Taz3DVeLQtyAV3JNLMlJfoQ9aSZmNQVHdbz+4cnTt87QMWv0HJy9PD+8crp+Q46Z
c2wdK+Ij2xcwPmk5iYTuIQbQdxf8/saRBqVL33UJdLoaerA+ET5yketeJXMzdfUT
YBIHZlKI1GWIAoUw0reISQQYEQIACQUCRnl4YgIbDAAKCRCNC6cRvZtpcos0AJ4s
cf0x/AOnHH6AVV49tg35SLNGHgCfUNPiOcpgHcplKPtUacUQN45+OhU=
=iD9W
-----END PGP PUBLIC KEY BLOCK-----

using my script to intercept it looks as if the temporary file it is sending contains the following

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

test
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGetmi+VN5CeSqsGYRAgHOAJoCelH/QuvQYffi9r9PXgKaanlQJQCggN6F
8EdDUK002pZ2eTXOqTd9gfY=
=EENy
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGetnD+VN5CeSqsGYRAsu1AJ9WKhb9oywanoCnr6tqwsEPeggprACeMHoS
TErh0ohxVNn1nHIrJXR/h1o=
=ajFO
-----END PGP

so it looks like it got scrambled could you please verify or deny what I did thanks

Go to forum: Bugs & problems

24 Reply by jeff.sadowski

(9 replies, posted in Bugs & problems)

Strange characters did not cause any of the problems it should be fine using any character combination. :-)

Following is my script to intercept gpg and copy important files for troubleshooting. :-/ sorry for accusing your plugin it wasn't your plugin at all it was me choosing gpg2 which completely ignores the --no-use-agent and the --passphrase-file options. I was also having issues because previous versions of my intercept script were messing up.

#!/bin/bash
# This script is to intercept arguments being passed to gpg and to
# copy the important files needed for trouble shooting.
# I needed to make sure the files contained what I thought they contained
# It was very helpful in trouble shooting the
# signature inside a signature problem
date=`date +%Y%m%d%H%M%S`

echo input args >>$0_passed_arguments_${date}
echo $* >>$0_passed_arguments_${date}

usgae()
{
    echo $0 gpg arguments
}

longopts="quiet,no-tty,no-verbose,status-fd:,armor,version,"
longopts="${longopts}clearsign:,batch,default-key:,output:,"
longopts="${longopts}passphrase-file:,comment:,with-colons,"
longopts="${longopts}no-use-agent,list-secret-keys,"
longopts="${longopts}verify:,trust-model:"
shortopts="qhs"

argument()
{
        echo $1|sed s/^\'// |sed s/\'$//
}

args=`getopt -l ${longopts} ${shortopts} $*`||error=1
if [ "${error}" = "1" ];then
        usage
        exit 1
fi

set -- ignored ${args}
for i
do
    shift
    if [ "$1" != "--" ];then
        arglist="${arglist} `argument $1`"
    fi
    case "$1" in
        --passphrase-file)
            shift
            arglist="${arglist} `argument $1`"
             cat `argument $1` > $0_sent_password_${date}
            continue;
        ;;
        --verify)
            shift
            arglist="${arglist} `argument $1`"
             cat `argument $1` > $0_verify_${date}
            continue;
        ;;
        --)
            break;
        ;;
        *)
            echo unknown;
        ;;
    esac
done

echo output args >>$0_passed_arguments_${date}
echo ${arglist} >>$0_passed_arguments_${date}
gpg ${arglist}

Go to forum: Bugs & problems

25 Reply by jeff.sadowski

(9 replies, posted in Bugs & problems)

yes I do have symbols in most of my passwords let me try ones without

Go to forum: Bugs & problems