Subject: pkg/18144: pgp5 package doesn't recognize valid passwords
To: None <gnats-bugs@gnats.netbsd.org>
From: None <bpstark@pacbell.net>
List: netbsd-bugs
Date: 09/01/2002 21:46:06
>Number: 18144
>Category: pkg
>Synopsis: pgp5 package doesn't recognize valid passwords
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Sep 01 21:51:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Brian Stark
>Release: NetBSD 1.6F
>Organization:
Brian Stark
bpstark@pacbell.net
>Environment:
System: NetBSD rainforest.private.net 1.6F NetBSD 1.6F (CALLISTO) #3: Sun Aug 11 22:47:21 PDT 2002 bstark@rainforest.private.net:/usr/src/sys/arch/i386/compile/CALLISTO i386
Architecture: i386
Machine: i386
>Description:
The version of security/pgp5 in NetBSD-current doesn't recognize
valid passwords for decrypting encrypted information, or for
signing information. The version of pgp5 in precompiled binary form
for NetBSD 1.5 (available on ftp.netbsd.org) works correctly.
It appears that one or more of the patches for pgp5 have broken
its functionality.
>How-To-Repeat:
* install pre-compiled version of pgp5 from ftp.netbsd.org
(use version for i386/1.5)
* generate a new key
* sign a file
* remove installed pgp5 package
* using latest available security/pgp5 sources, compile pgp5
* install compiled version of pgp5 from pkgsrc
* try to sign a file using a key that was generated with the
pre-compiled version of pgp5 (this won't work now).
I was able to reproduce this on my 1.6F/i386 system yesterday and
posted an email to tech-pkg@netbsd.org. Feico Dillema replied and
confirmed that this problem was observed on a system running
1.6_RC2. Here is the log I attached to my email to tech-pkg about
this:
rainforest:bstark$ pkg_info | grep pgp5
rainforest:bstark$ pwd
/users/bstark
rainforest:bstark$ ls -l .pgp/
rainforest:bstark$ ls -l pgp5-5.0i.tgz
-rw-r--r-- 1 bstark wheel 966711 Mar 28 14:03 pgp5-5.0i.tgz
rainforest:bstark$ md5 pgp5-5.0i.tgz
MD5 (pgp5-5.0i.tgz) = 0a053c4bb5100a3bd19d8605328697fa
rainforest:bstark$ pkg_add ^C
rainforest:bstark$ su
Password:
rainforest:{root}# pkg_add pgp5-5.0i.tgz
===========================================================================
$NetBSD: MESSAGE,v 1.2 2002/03/26 18:14:11 wennmach Exp $
There are a number of large changes from the 2.6.2 distribution. Most
notable is that the command line has changed substantially. See
the pgp5(1) man page for a discussion of how to use the new command
line.
Also, to allow easy interoperation with older versions on the same
system, a number of filename changes have been made:
~/.pgp/pubring.pgp is now ~/.pgp/pubring.pkr
~/.pgp/secring.pgp is now ~/.pgp/secring.skr
~/.pgp/config.txt is now ~/.pgp/pgp.cfg
~/.pgp/language.txt is now ~/.pgp/language50.txt
The application will NOT automatically migrate these files for you; if
you wish to retain your existing keyrings and configuration files, you
should copy them yourself. Note that copying language.txt to
language50.txt is a decidedly bad idea. Also note that language50.txt
is entirely optional; US English is the only language it contains at
this time.
===========================================================================
rainforest:{root}# exit
rainforest:bstark$ pgpk -g
No randseed file found.
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
Choose the type of your public key:
1) DSS/Diffie-Hellman - New algorithm for 5.0 (default)
2) RSA
Choose 1 or 2: 1
Pick your public/private keypair key size:
(Sizes are Diffie-Hellman/DSS; Read the user's guide for more information)
1) 768/768 bits- Commercial grade, probably not currently breakable
2) 1024/1024 bits- High commercial grade, secure for many years
3) 2048/1024 bits- "Military" grade, secure for forseeable future(default)
4) 3072/1024 bits- Archival grade, slow, highest security
Choose 1, 2, 3 or 4, or enter desired number of Diffie-Hellman bits
(768 - 4096): 1
You need a user ID for your public key. The desired form for this
user ID is your FULL name, followed by your E-mail address enclosed in
<angle brackets>, if you have an E-mail address. For example:
Joe Smith <user@domain.com>
If you violate this standard, you will lose much of the benefits of
PGP 5.0's keyserver and email integration.
Enter a user ID for your public key: test@private.net
Enter the validity period of your key in days from 0 - 999
0 is forever (and the default): 0
You need a pass phrase to protect your private key(s).
Your pass phrase can be any sentence or phrase and may have many
words, spaces, punctuation, or any other printable characters.
Enter pass phrase:
Enter again, for confirmation:
Enter pass phrase:
Collecting randomness for key...
We need to generate 539 random bits. This is done by reading
/dev/random. Depending on your system, you may be able
to speed this process by typing on your keyboard and/or moving your mouse.
0 * -Enough, thank you.
******* ..................................******* .
...........***asdf**'kmlm*p* qfm; v;asmfoifru45.ur.wefpm.sjf.u234u23.12.-4.wmsdfm.g9*qrjg**kg**o40*it*
Keypair created successfully.
If you wish to send this new key to a server, enter the URL of the server,
below. If not, enter nothing.
rainforest:bstark$ pgpk -l
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
Type Bits KeyID Created Expires Algorithm Use
sec+ 768 0x2E578BB1 2002-09-01 ---------- DSS Sign & Encrypt
sub 768 0x2DFFA0DA 2002-09-01 ---------- Diffie-Hellman
uid test@private.net
1 matching key found
rainforest:bstark$ pgps -u test@private.net /etc/hosts -o hosts.pgp
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
A private key is required to make a signature.
Need a pass phrase to decrypt private key:
768 bits, Key ID 2E578BB1, Created 2002-09-01
"test@private.net"
Enter pass phrase:
Pass phrase is good.
Creating output file hosts.pgp
rainforest:bstark$ su
Password:
rainforest:{root}# pkg_delete pgp5-5.0i
rainforest:{root}# cd /usr/pkgsrc/security/pgp5
rainforest:{root}# make all > pgp.output 2>&1
rainforest:{root}# make install > pgp.install.output 2>&1
rainforest:{root}# exit
rainforest:bstark$ cd
rainforest:bstark$ pgpk -l
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
Type Bits KeyID Created Expires Algorithm Use
sec+ 768 0x2E578BB1 2002-09-01 ---------- DSS Sign & Encrypt
sub 768 0x2DFFA0DA 2002-09-01 ---------- Diffie-Hellman
uid test@private.net
1 matching key found
rainforest:bstark$
rainforest:bstark$ ls -l hosts.pgp
-rw------- 1 bstark staff 1204 Aug 31 22:21 hosts.pgp
rainforest:bstark$ pgpv hosts.pgp
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
Opening file "hosts" type binary.
Good signature made 2002-09-01 05:21 GMT by key:
768 bits, Key ID 2E578BB1, Created 2002-09-01
"test@private.net"
rainforest:bstark$ pgps -u test@private.net /etc/hosts -o hosts2.pgp
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
A private key is required to make a signature.
Need a pass phrase to decrypt private key:
768 bits, Key ID 2E578BB1, Created 2002-09-01
"test@private.net"
Enter pass phrase:
Error: Bad pass phrase.
Enter pass phrase:
Stopped at user request.
rainforest:bstark$ cat /etc/mk.conf
#
# NetBSD operating system environment variables
#
# careful! 'DESTDIR' will affect package installations!
# DESTDIR=/altroot
# note, this should work, but....
#
COPTS+=-march=pentium -pipe
MKKERBEROS=no
OBJMACHINE=yes
MKOBJDIRS=yes
#
# NetBSD package system environment variables
#
DISTDIR=/usr/local/distfiles
WRKOBJDIR=/usr/pkgsrc.work/${MACHINE}
USA_RESIDENT=YES
NS_ENCRYPTION=us
ACCEPTABLE_LICENSES+=shareware
ACCEPTABLE_LICENSES+=adobe-acrobat-license
ACCEPTABLE_LICENSES+=fee-based-commercial-use
ACCEPTABLE_LICENSES+=pine-license
ACCEPTABLE_LICENSES+=jdk13-license
rainforest:bstark$ uname -a
NetBSD rainforest.private.net 1.6F NetBSD 1.6F (CALLISTO) #3: Sun Aug 11 22:47:21 PDT 2002 bstark@rainforest.private.net:/usr/src/sys/arch/i386/compile/CALLISTO i386
rainforest:bstark$ su
Password:
rainforest:{root}# cd /usr/pkgsrc/security/pgp5
rainforest:{root}# pkg_delete pgp5
rainforest:{root}# vi /etc/mk.conf
rainforest:{root}# cat /etc/mk.conf
#
# NetBSD operating system environment variables
#
# careful! 'DESTDIR' will affect package installations!
# DESTDIR=/altroot
# note, this should work, but....
#
# COPTS+=-march=pentium -pipe
MKKERBEROS=no
OBJMACHINE=yes
MKOBJDIRS=yes
#
# NetBSD package system environment variables
#
DISTDIR=/usr/local/distfiles
WRKOBJDIR=/usr/pkgsrc.work/${MACHINE}
USA_RESIDENT=YES
NS_ENCRYPTION=us
ACCEPTABLE_LICENSES+=shareware
ACCEPTABLE_LICENSES+=adobe-acrobat-license
ACCEPTABLE_LICENSES+=fee-based-commercial-use
ACCEPTABLE_LICENSES+=pine-license
ACCEPTABLE_LICENSES+=jdk13-license
rainforest:{root}#
rainforest:{root}# make clean
===> Cleaning for pgp5-5.0i
rainforest:{root}#
rainforest:{root}# make all > pgp.output2 2>&1
rainforest:{root}# make install > pgp.install.output2 2>&1
rainforest:{root}# exit
rainforest:bstark$ cd
rainforest:bstark$ pgpk -l
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
Type Bits KeyID Created Expires Algorithm Use
sec+ 768 0x2E578BB1 2002-09-01 ---------- DSS Sign & Encrypt
sub 768 0x2DFFA0DA 2002-09-01 ---------- Diffie-Hellman
uid test@private.net
1 matching key found
rainforest:bstark$ pgps -u test@private.net /etc/hosts -o hosts3.pgp
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
A private key is required to make a signature.
Need a pass phrase to decrypt private key:
768 bits, Key ID 2E578BB1, Created 2002-09-01
"test@private.net"
Enter pass phrase:
Error: Bad pass phrase.
Enter pass phrase:
Stopped at user request.
rainforest:bstark$
>Fix:
Don't use latest version of security/pgp5. Use precompiled version
from NetBSD 1.5.
>Release-Note:
>Audit-Trail:
>Unformatted: