Announcement

**Snowhog** · Mar 16, 2015, 08:57 AM

It isn't necessary. The pass-phrase you type is checked against the key you originally created.

**negora** · Mar 16, 2015, 09:14 AM

Originally posted by Snowhog View Post

It isn't necessary. The pass-phrase you type is checked against the key you originally created.

I believe that you haven't understood me. I'm referring to the symmetric encryption type, in which you simply set a pass-phrase for a file, which has no relation with the private and public keys that you may have created before. It's just a password to decrypt the file. To use it, you must click on a file with the right button and choose "Encrypt file". Then go to "Options > Symmetrical encryption". This creates an encrypted file.

Thank you

.

**SteveRiley** · Mar 16, 2015, 11:01 PM

Hm. It's working here.

File context menu -> Actions -> Encrypt file

Click Options, select Symmetrical encryption

Password prompt from PinEntry

Repeat password prompt from PinEntry

Result -- encrypted file

Are these the same steps you're following?

**negora** · Mar 17, 2015, 01:54 AM

Yes, that's exactly what I've been doing. When I do that, a request window like this one shows up:

But it appears only once. Then, the encrypted file is created without the possibility to confirm the pass-phrase one more time.

When I use the "gpg" command, the pass-phrase is always requested to me twice, so I guess that it's not the fault of some parameter of GPG. It has to be something related to KGpg specifically. The version that I'm using is 2.12.1, which comes from the official Ubuntu 14.04.2 repository.

Thank you.

PS: In my Kubuntu 14.04.2, the option "Encrypt File" appears directly in the context menu, not under "Actions". I doubt that's really relevant, but anyway I comment it.

**SteveRiley** · Mar 17, 2015, 11:09 AM

Hm. In your case, KGpg is prompting for the passphrase. On mine, it's PinEntry. What's the output of

Code:

dpkg -l | egrep 'gpg|gnupg|pinentry'

**negora** · Mar 17, 2015, 11:28 AM

The output of your command is as follows:

Code:

ii  gnupg                 1.4.16-1ubuntu2.1     amd64   GNU privacy guard - a free PGP replacement
ii  gnupg-agent           2.0.22-3ubuntu1.1     amd64   GNU privacy guard - password agent
ii  gnupg2                2.0.22-3ubuntu1.1     amd64   GNU privacy guard - a free PGP replacement (new v2.x)
ii  gpgsm                 2.0.22-3ubuntu1.1     amd64   GNU privacy guard - S/MIME version
ii  gpgv                  1.4.16-1ubuntu2.1     amd64   GNU privacy guard - signature verification tool
ii  kgpg                  4:4.13.2-0ubuntu0.1   amd64   graphical front end for GNU Privacy Guard
ii  libgpg-error0:amd64   1.12-0.2ubuntu1       amd64   library for common error values and messages in GnuPG components
ii  libgpg-error0:i386    1.12-0.2ubuntu1       i386    library for common error values and messages in GnuPG components
ii  libgpgme++2           4:4.13.3-0ubuntu0.2   amd64   c++ wrapper library for gpgme
ii  libgpgme11:amd64      1.4.3-0.1ubuntu5.1    amd64   GPGME - GnuPG Made Easy (library)
ii  libkpgp4              4:4.13.3-0ubuntu0.1   amd64   gpg based crypto library
ii  libqgpgme1            4:4.13.3-0ubuntu0.2   amd64   library for GpgME++ integration with Qt
ii  pinentry-qt4          0.8.3-1ubuntu1        amd64   Qt-4-based PIN or pass-phrase entry dialog for GnuPG

When I run this command in the console:

Code:

gpg -c <path-of-file-to-encrypt>

It asks me for the pass-phrase twice:

Code:

Enter passphrase:
Repeat passphrase:

It also mentions the word "passphrase" instead of "PIN" or "password". Anyway, all these terms mean approximately the same thing, Right?

When it asks me for the pass-phrase, I enter a random password. Anything that I enter is OK, as long as the repeated pass-phrase is equal to the first one (obviously). This pass-phrase is not related to the pass-phrase of my private key, because I'm using one that is totally different.

Thank you!

**negora** · Mar 17, 2015, 11:48 AM

I've just tested all this in a Kubuntu 14.04.1 that I had installed in VirtualBox, and KGpg has prompted for the pass-phrase twice. But it has called it "passphrase" too, not "PIN" :S .

The output of dpkg -l | egrep 'gpg|gnupg|pinentry' in this case is:

Code:

ii  gnupg                                      1.4.16-1ubuntu2.1                     i386         GNU privacy guard - a free PGP replacement
ii  gnupg-agent                                2.0.22-3ubuntu1.1                     i386         GNU privacy guard - password agent
ii  gnupg2                                     2.0.22-3ubuntu1.1                     i386         GNU privacy guard - a free PGP replacement (new v2.x)
ii  gpgsm                                      2.0.22-3ubuntu1.1                     i386         GNU privacy guard - S/MIME version
ii  gpgv                                       1.4.16-1ubuntu2.1                     i386         GNU privacy guard - signature verification tool
ii  kgpg                                       4:4.13.2-0ubuntu0.1                   i386         graphical front end for GNU Privacy Guard
ii  libgpg-error0:i386                         1.12-0.2ubuntu1                       i386         library for common error values and messages in GnuPG components
ii  libgpgme++2                                4:4.13.3-0ubuntu0.2                   i386         c++ wrapper library for gpgme
ii  libgpgme11:i386                            1.4.3-0.1ubuntu5.1                    i386         GPGME - GnuPG Made Easy (library)
ii  libkpgp4                                   4:4.13.3-0ubuntu0.1                   i386         gpg based crypto library
ii  libqgpgme1                                 4:4.13.3-0ubuntu0.2                   i386         library for GpgME++ integration with Qt
ii  pinentry-qt4                               0.8.3-1ubuntu1                        i386         Qt-4-based PIN or pass-phrase entry dialog for GnuPG

I've updated the packages of this virtual machine to their latest versions, and it's still working fine. Now I'm going to do more tests in my physical machine and check if something changes :/ .

**negora** · Mar 18, 2015, 03:27 AM

OK, after lots of tests, I think that I've found the cause. If you configure the file ~/.gnupg/gpg.conf with the option "use-agent", it asks for the pass-phrase twice. It's the default option. However, my configuration file was empty, so it was not using the agent. In this case, I guess that KGpg was using its own mechanism, which doesn't ask for the pass-phrase twice, but only once. I don't know why it works that way, but I still believe that's risky. I suppose that no one has realized about it because most people use the agent. I'll think that I'll fill a bug report.

I also have realized that the new versions of KGpg complain when you haven't got the ~/.gnupg/ directory created beforehand:

In my opinion, if the directory doesn't exist, KGpg should create the directory by itself, just as "gpg" does by default. Otherwise, less experienced users will need to mess with the command line. What do you opine?

Salutes.

PD: I've created 2 bug reports, one for each issue:
Bug 345296 - When you don't use "gpg-agent", KGpg asks for the pass-phrase only once in symmetric encryptions.
Bug 345298 - KGpg complains when you haven't created the ~/.gnupg/ directory beforehand.

**SteveRiley** · Mar 18, 2015, 08:49 PM

Interesting. In my case, PinEntry is asking for the passphrase, not KGpg. According to various sources revealed by Google, that's standard behavior when the GPG agent is running. So it would seem that without the GPG agent, KGpg relies on itself for obtaining the passphrase. I agree with you, it should prompt twice.

Announcement

KGpg: how to make it ask for the pass-phrase twice.

KGpg: how to make it ask for the pass-phrase twice.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment