[pkg-gnupg-maint] Bug#638619: Bug#638619: Bug#638619: Misleading "gpg: Ohhhh jeeee: no decrypt() for 17" message from gpg when trying to decrypt a file without the public key being imported

Mon May 18 02:15:20 UTC 2015

On 05/08/2015 04:51 PM, NIIBE Yutaka wrote:
> Finally, I managed to reproduce this bug.  Here is my scenario.
> 
> (1) With --gen-key, generate DSA+Elgamal key
> (2) make a encrypted file using (1)
> (3) make a copy of .gnupg/secring.gpg
> (4) With --edit-key, delkey Elgamal subkey
> (5) With --export, make public key file
> (6) With --delete-secret-key, delete the key generated by (1)
> (7) Restore .gnupg/secring.gpg by the copy of (3)
> (8) Import DSA only public key of (5)
> 
> Now, it has secret subkey, but no corresponding public key.
> 
> (8) Try to decrypt encrypted file of (2)
>     It asks the passphrase, then input it, then, it stops with:
> 
> 	gpg: Ohhhh jeeee: no decrypt() for 17
> 
> GnuPG is 1.4.18-7 in stable.  I think that it is better to
> check availability of public key for the subkey.

With a fix below, now, it fails with emitting error like this:

-------------------------------------
gpg: key 9541DC07: secret key without public key - skipped
gpg: encrypted with ELG-E key, ID 9541DC07
gpg: public key decryption failed: public key not found
gpg: decryption failed: secret key not available
-------------------------------------

I think that the message would be confusing for a user a bit (as it
is explained from the view point of the implementation), but
it's much better.

diff --git a/g10/getkey.c b/g10/getkey.c
index d5d1135..fc3c179 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -498,7 +498,19 @@ get_seckey( PKT_secret_key *sk, u32 *keyid )
     ctx.req_usage = sk->req_usage;
     rc = lookup( &ctx, &kb, 1 );
     if ( !rc ) {
+        u32 skid[2];
+
         sk_from_block ( &ctx, sk, kb );
+        keyid_from_sk ( sk, skid );
+        /*
+         * Make sure it's exact match of keyid.
+         * If not, it's secret subkey with no public key.
+         */
+        if (!(keyid[0] == skid[0] && keyid[1] == skid[1])) {
+          log_error (_("key %s: secret key without public key"
+                       " - skipped\n"), keystr(keyid));
+          rc = G10ERR_NO_PUBKEY;
+        }
     }
     get_seckey_end( &ctx );
     release_kbnode ( kb );
-- 

