Bug#853935: rephrase: No more works with gpg2 and causes one pinentry popup per guess

Axel Beckert abe at debian.org
Thu Feb 2 10:37:30 UTC 2017 

Package: rephrase
Version: 0.2-1
Severity: grave
Tags: patch

It seems that rephrase is incompatible or at least not yet ported to
GnuPG 2.x.

Trying to use it on Sid or Stretch causes one pinentry window popup per
guessed try (i.e. potentially thousands). And since pinentry usually
grabs the keyboard, I can't press Ctrl-C or similar on rephrase itself.

Pressing Cancel or the Escape key in the pinentry window does not end
the rephrase session either but just makes the next pinentry window pop
up. This makes the X session unusable until either:

* No more tries are left
* gpg is killed from outside the X session (e.g. text console or via SSH)

I then tried to see if it at least works in general and tried it with
only very few variants (2 variants, hence 4 tries), but even if the
correct passphrase was under those very few tries (tried with 2 and 4
tries), rephrase fails to recognize the correct passphrase and always
ends with the following message:

  Passphrase doesn't match pattern (or no such key/file/device)

I think to solve this issue for Debian Stretch in the short term,
rephrase needs to

1) depend on "gnupg1" instead of "gnupg", and
2) replace all calls to "gpg" with "gpg1".

The following patch fixes the issue for me and also reports the correct
passphrase if it was under the given variants.

diff --git a/debian/control b/debian/control
index 61b6be0..48981c5 100644
--- a/debian/control
+++ b/debian/control
@@ -11,7 +11,7 @@ Vcs-Git: git://anonscm.debian.org/forensics/rephrase.git
 
 Package: rephrase
 Architecture: any
-Depends: ${misc:Depends}, ${shlibs:Depends}, gnupg
+Depends: ${misc:Depends}, ${shlibs:Depends}, gnupg1
 Description: Specialized passphrase recovery tool for GnuPG
  If you can nearly remember your GnuPG passphrase - but not quite - then
  Rephrase may be able to help. Tell Rephrase the parts of the passphrase you
diff --git a/debian/rules b/debian/rules
index 6da28e8..fd8216b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,4 +7,4 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all
        dh $@
 
 override_dh_auto_build:
-       dh_auto_build -- GPG=/usr/bin/gpg
+       dh_auto_build -- GPG=/usr/bin/gpg1

In the long term, upstream should try to make it working with gnupg2,
too.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (980, 'unstable-debug'), (600, 'testing'), (111, 'buildd-unstable'), (111, 'buildd-experimental'), (110, 'experimental'), (105, 'experimental-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rephrase depends on:
ii  gnupg  2.1.18-3
ii  libc6  2.24-9

rephrase recommends no packages.

rephrase suggests no packages.

-- no debconf information

More information about the forensics-devel mailing list