Re^3: GPG signing Issue

I cannot replicate, using two similar (but not identical) setups. First is my windows machine, second is a virtual linux machine; both used perl v5.20.3, but have wildly different gpg versions. Both worked just fine (though I learned that virtual machines do not like building entropy; it took forever to generate my dummy key or to sign the message).

use strict;
use warnings;

use Test::More tests => 1;

use Crypt::OpenPGP;
use Crypt::Rijndael;
use Config;

my $message = "Hello world!\n";
my %args = (Compat => 'GnuPG');
if($^O eq 'MSWin32') {
    @args{qw/PubRing SecRing/} = (
        '.../gnupg/pubring.gpg',
        '.../gnupg/secring.gpg',
    )
}
my $pgp = Crypt::OpenPGP->new (%args);
my $sig = $pgp->sign (
    Data        => $message,
    Clearsign   => 1,
    KeyID       => $ENV{GPG_SECRET_KEY},
    Passphrase  => $ENV{GPG_PP}
);

ok ($sig) or diag ($pgp->errstr);
diag $sig;
diag sprintf "%-20s => v%s (%s)", 'perl', $], $Config{myuname};
diag sprintf "%-20s => v%s", 'Crypt::OpenPGP', $Crypt::OpenPGP::VERSIO
+N;
diag sprintf "%-20s => v%s", 'Crypt::Rijndael', $Crypt::Rijndael::VERS
+ION;
diag qx/gpg --version/;
[download]

__WINDOWS__
1..1
ok 1
# -----BEGIN PGP SIGNED MESSAGE-----
# Hash: SHA256
#
# Hello world!
# -----BEGIN PGP SIGNATURE-----
# Version: Crypt::OpenPGP 1.12
# ...
# -----END PGP SIGNATURE-----
# perl                 => v5.020003 (Win32 strawberry-perl 5.20.3.3 #1
+ Sun Mar  6 19:06:29 2016 x64)
# Crypt::OpenPGP       => v1.12
# Crypt::Rijndael      => v1.13
# gpg (GnuPG) 2.2.11
[download]

__VIRTUAL__LINUX__
1..1
ok 1
# -----BEGIN PGP SIGNED MESSAGE-----
# Hash: SHA256
#
# Hello world!
# -----BEGIN PGP SIGNATURE-----
# Version: Crypt::OpenPGP 1.12
# ...
# -----END PGP SIGNATURE-----
# perl                 => v5.020003 (linux pryrtdebian 3.2.0-4-486 #1 
+debian 3.2.81-1 i686 gnulinux )
# Crypt::OpenPGP       => v1.12
# Crypt::Rijndael      => v1.13
# gpg (GnuPG) 1.4.12
[download]

... So no, I don't know what's going wrong with yours... I don't know whether it will help to know it does work on similar-but-not-identical situations. My best bet would be some bug in the interface with your specific version of gpg... Oh, are you using 32b or 64b perl? And is the gpg 32b or 64b? Maybe data is trying to cross a bitness boundary?

update: oh, right, I think it's just Windows that has mixed bitness. I confirmed my linux virtual box was 32bit. And on Windows, it was 64bit perl as shown, with 32bit gpg.exe, so at least in that direction, it was okay to be mixed; I also tried with a 32bit v5.26.1 on windows, with the same results.

Comment on Re^3: GPG signing Issue Select or Download Code

Replies are listed 'Best First'.
Re^4: GPG signing Issue by hippo (Archbishop) on Jan 29, 2019 at 19:06 UTC
Thanks, pryrt. It does indeed help to know that a similar setup has been shown to work in that I know it isn't a complete non-starter. Both the perl and gpg binaries are 64bit and I'm using Linux on a physical host (although if I can get this working it will go on VMs in production). Will keep plugging away at it and report back if I get anywhere. Update: It appears to be dependent on the key size. A valid signature is produced from a 1024 bit key but not a 4096 bit key (which I tend to use by default these days). Update 2: It's more complicated than that. It only works with some 1024 bit keys. I'm beginning to think that maybe this module isn't suitable for production environments after all. :-/	[reply]
Re^5: GPG signing Issue by pryrt (Abbot) on Jan 31, 2019 at 18:34 UTC
ooh, updates. :-) Glad I happened to come back to the thread. (I use Newest Nodes, which doesn't flag nodes that have been edited). Anyway, I was about to say "time to file a bug report", but it turns out that rt://126994 was filed months ago, and sounds like a similar issue. Add more data onto that ticket? Or give up? Your choice, really. :-) edit: given that Crypt-OpenPGP repo hasn't been updated since 2015, "giving up" may be the most efficient choice. Looks like there are Pull Requests ranging from 2011-2017 -- apparently, everyone on GitHub gave up 1.5 years ago. :-(	[reply]
Re^6: GPG signing Issue by hippo (Archbishop) on Feb 01, 2019 at 11:12 UTC
The updates didn't seem to warrant a new node - glad you saw them, though. rt://126994 may be related in general terms and underneath it may all be due to a lack of padding in Crypt::OpenPGP but the case and the resulting error message are quite different. I'll consider raising a new bug once enough evidence has been gathered but, as you've seen, neither the dist nor the repo appears to be actively maintained these days. It's the same for all of SROMANOV's modules. My use case ought to be simple: perform unattended signature creation. However, none of the available modules I've tried (Crypt::OpenPGP, Crypt::GPG, Crypt::GpgME) will do this reliably for me with a modern GnuPG installation. The requirement of an agent appears to scupper the last 2 so Crypt::OpenPGP was looking like the last best hope. Maybe I will crack it yet.	[reply]