Description of problem:
gnupg2 2.0.14 has a known regression bug that in all cases where gpg-agent creates a new protected key or changes the protection fails to encode a new iteration count into the file. Instead the old constant value of 65536 (encoded as 96) is written to the file. If you then try to use the key and enter the passphrase, gpg-agent uses the wrong iteration count from the file (65536) and thus can't unprotect the key.
The end result is that one is unable to properly interact with gpg-agent. Specifically kmail cannot s/mime sign email, kleopatra cannot decrypt previously encrypted files, and gpgsm decryption fails.
Described by Werner Koch (developer) @:
Patch provided @:
Version-Release number of selected component (if applicable):
According to above post, happens whenever gpg-agent (version 2.0.14) is used.
Steps to Reproduce:
Assuming you have an existing gpgsm certificate pair.
1. Create random text file - trash.txt
2. gpgsm -r <your key id> -o trast.txt.gpg -e trash.txt
3. gpgsm -d trast.txt.gpg
passphrase input fails, secret key decryption failure, contents of trast.txt.gpg cannot be seen
contents of trast.txt.gpg decrypted
Applying provided vendor patch to 2.0.14-6 src rpm, rebuilding (via specfile updates), and upgrading gnupg2 installation corrects this issue.
Thanks for the detailed report!
gnupg2-2.0.14-7.fc13 has been submitted as an update for Fedora 13.
gnupg2-2.0.14-7.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update gnupg2'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/gnupg2-2.0.14-7.fc13
gnupg2-2.0.14-7.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.