in reply to Re: GPG signing Issue
in thread GPG signing Issue

Revisiting this I am no further on and would appreciate any pointers. Here's a trivial test:

use strict;
use warnings;

use Test::More tests => 1;

use Crypt::OpenPGP;

my $message = "Hello world!\n";
my $pgp = Crypt::OpenPGP->new ();
my $sig = $pgp->sign (
    Data        => $message,
    Clearsign   => 1,
    KeyID       => $ENV{GPG_SECRET_KEY},
    Passphrase  => $ENV{GPG_PP}
);

ok ($sig) or diag ($pgp->errstr);

[download]

With a valid secret key ID (in the form "ABCD1234") it bombs out as follows:

$ perl openpgp_sample.t 
1..1
encrypt: datasize not multiple of blocksize (16 bytes) at /usr/local/s
+hare/perl5/Crypt/OpenPGP/CFB.pm line 57.
# Looks like your test exited with 2 before it could output anything.

[download]

The keypair was created with gpg --gen-key for testing and is perfectly usable for signing via the gpg binary. What am I missing?

Some version info:

Replies are listed 'Best First'.
Re^3: GPG signing Issue
by pryrt (Abbot) on Jan 29, 2019 at 17:11 UTC

    I cannot replicate, using two similar (but not identical) setups. First is my windows machine, second is a virtual linux machine; both used perl v5.20.3, but have wildly different gpg versions. Both worked just fine (though I learned that virtual machines do not like building entropy; it took forever to generate my dummy key or to sign the message).

    Read more... (3 kB)

    ... So no, I don't know what's going wrong with yours... I don't know whether it will help to know it does work on similar-but-not-identical situations. My best bet would be some bug in the interface with your specific version of gpg... Oh, are you using 32b or 64b perl? And is the gpg 32b or 64b? Maybe data is trying to cross a bitness boundary?

    update: oh, right, I think it's just Windows that has mixed bitness. I confirmed my linux virtual box was 32bit. And on Windows, it was 64bit perl as shown, with 32bit gpg.exe, so at least in that direction, it was okay to be mixed; I also tried with a 32bit v5.26.1 on windows, with the same results.

[reply]
[d/l]
[select]

      Thanks, pryrt. It does indeed help to know that a similar setup has been shown to work in that I know it isn't a complete non-starter. Both the perl and gpg binaries are 64bit and I'm using Linux on a physical host (although if I can get this working it will go on VMs in production).

      Will keep plugging away at it and report back if I get anywhere.

      Update: It appears to be dependent on the key size. A valid signature is produced from a 1024 bit key but not a 4096 bit key (which I tend to use by default these days).

      Update 2: It's more complicated than that. It only works with some 1024 bit keys. I'm beginning to think that maybe this module isn't suitable for production environments after all. :-/

[reply]

        ooh, updates. :-) Glad I happened to come back to the thread. (I use Newest Nodes, which doesn't flag nodes that have been edited).

        Anyway, I was about to say "time to file a bug report", but it turns out that rt://126994 was filed months ago, and sounds like a similar issue. Add more data onto that ticket? Or give up? Your choice, really. :-)

        edit: given that Crypt-OpenPGP repo hasn't been updated since 2015, "giving up" may be the most efficient choice. Looks like there are Pull Requests ranging from 2011-2017 -- apparently, everyone on GitHub gave up 1.5 years ago. :-(

[reply]

In Section Seekers of Perl Wisdom