Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EGit / JGit » Latest EGit fails to sign commits with GPG [Windows]
Latest EGit fails to sign commits with GPG [Windows] [message #1809703] Sun, 21 July 2019 09:43 Go to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
index.php/fa/35976/0/index.php/fa/35976/0/Hey,

I noticed that EGit now is capable of signing commits with GPG keys. Eventhough this works when just using the Git commandline, EGit sadly fails at finding a proper key as it seems (screenshot attached).

Any idea what might go wrong when I try signing commits? Also I didn't find any log files, maybe you know where these could be located.

Thanks in advance

PT400C

index.php/fa/35976/0/
  • Attachment: sk.PNG
    (Size: 7.90KB, Downloaded 1464 times)

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810096 is a reply to message #1809703] Tue, 30 July 2019 21:07 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
Are there any errors logged? The log file would be in your Eclipse workspace, under directory .metadata.

EGit is looking for your keys in %APPDATA%\gnupg\, files pubring.kbx or secring.gpg. Do you have these files?

See also bug 549439 .

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810295 is a reply to message #1810096] Tue, 06 August 2019 18:23 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
Thomas Wolf wrote on Tue, 30 July 2019 21:07
Are there any errors logged? The log file would be in your Eclipse workspace, under directory .metadata.

EGit is looking for your keys in %APPDATA%\gnupg\, files pubring.kbx or secring.gpg. Do you have these files?

See also bug 549439 .


Thank you Thomas!

First, are you sure that it searches where you said it would? That's because it actually sometimes works. But just rarely. This is the path my gnupg stuff is located in: 
C:\Users\Besitzer (My username)\.gnupg
. Btw, I use GitBash to mess with GnuPG.

And then there's the error:

!ENTRY org.eclipse.egit.ui 4 0 2019-08-06 20:16:47.588
!MESSAGE An internal error occurred
!STACK 0
org.eclipse.jgit.api.errors.JGitInternalException: unable to find associated secret key for public key: 306ed1c8e21cdd2b
	at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:162)
	at org.eclipse.jgit.api.CommitCommand.call(CommitCommand.java:271)
	at org.eclipse.egit.core.op.CommitOperation.commit(CommitOperation.java:255)
	at org.eclipse.egit.core.op.CommitOperation.access$5(CommitOperation.java:245)
	at org.eclipse.egit.core.op.CommitOperation$1.run(CommitOperation.java:207)
	at org.eclipse.core.internal.resources.Workspace.run(Workspace.java:2295)
	at org.eclipse.core.internal.resources.Workspace.run(Workspace.java:2322)
	at org.eclipse.egit.core.op.CommitOperation.execute(CommitOperation.java:216)
	at org.eclipse.egit.ui.internal.commit.CommitJob.run(CommitJob.java:104)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: org.bouncycastle.openpgp.PGPException: unable to find associated secret key for public key: 306ed1c8e21cdd2b
	at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKeyForKeyBoxPublicKey(BouncyCastleGpgKeyLocator.java:318)
	at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKey(BouncyCastleGpgKeyLocator.java:261)
	at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.locateSigningKey(BouncyCastleGpgSigner.java:124)
	at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:133)
	... 9 more

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810296 is a reply to message #1810295] Tue, 06 August 2019 20:59 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
PT 400C wrote on Tue, 06 August 2019 18:23
First, are you sure that it searches where you said it would? That's because it actually sometimes works. But just rarely. This is the path my gnupg stuff is located in: 
C:\Users\Besitzer (My username)\.gnupg
. Btw, I use GitBash to mess with GnuPG.

Right, .gnupg in your user home directory is the fallback location.

PT 400C wrote on Tue, 06 August 2019 18:23
And then there's the error:

Caused by: org.bouncycastle.openpgp.PGPException: unable to find associated secret key for public key: 306ed1c8e21cdd2b
	at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKeyForKeyBoxPublicKey(BouncyCastleGpgKeyLocator.java:318)

EGit somehow found a public key to use in your pubring.kbx file, but then didn't find the corresponding secret key under private-keys-v1.d.

Don't know why. Is the key password-protected? If not, that might be the reason. See bug 548763. Otherwise: no idea. Especially not since you wrote it sometimes worked, but mostly not. Always with the same key? Or does it work for some keys but not for others?

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810298 is a reply to message #1810296] Wed, 07 August 2019 05:55 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
Thomas Wolf wrote on Tue, 06 August 2019 20:59
Is the key password-protected?


Yes, it's a proper RSA GPG key with a passphrase.

Thomas Wolf wrote on Tue, 06 August 2019 20:59
Especially not since you wrote it sometimes worked, but mostly not. Always with the same key? Or does it work for some keys but not for others?


That's the weird part. It's exactly the same key. I guessed that it's somehow dependant on the current workspace - it isn't. Sometimes it just finds the private key after entering the password, sometimes it fails with the prior error - that's why the discussion you linked is also not helping :/

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810305 is a reply to message #1810298] Wed, 07 August 2019 10:18 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
Maybe we can get a little more info if you try the commit via the JGit command-line running with debug logging switched on. See https://bugs.eclipse.org/bugs/show_bug.cgi?id=545920#c5 for how to do that. (Of course, download the latest JGit command-line executable, not the 5.3.0 one.) This debug logging would log some exceptions that don't get written to the Eclipse log.

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810306 is a reply to message #1810305] Wed, 07 August 2019 11:24 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
Hey,

now we're digging deeper into the problem's cause. Using JGIT eventually showed up this error: 

2019-08-07 13:23:39 DEBUG BouncyCastleGpgKeyLocator:174 - Ignoring unreadable file 'C:\Users\Besitzer\.gnupg\private-keys-v1.d\7D03251E31F7DC0FF92C1739FBD14904EFEE22A8.key': unknown character encountered
java.io.IOException: unknown character encountered
        at org.bouncycastle.gpg.SXprUtils.skipOpenParenthesis(Unknown Source)
        at org.bouncycastle.gpg.SExprParser.processRSASecretKey(Unknown Source)
        at org.bouncycastle.gpg.SExprParser.parseSecretKey(Unknown Source)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.attemptParseSecretKey(BouncyCastleGpgKeyLocator.java:170)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKeyForKeyBoxPublicKey(BouncyCastleGpgKeyLocator.java:306)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKey(BouncyCastleGpgKeyLocator.java:261)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.locateSigningKey(BouncyCastleGpgSigner.java:124)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:133)
        at org.eclipse.jgit.api.CommitCommand.call(CommitCommand.java:271)
        at org.eclipse.jgit.pgm.Commit.run(Commit.java:125)
        at org.eclipse.jgit.pgm.TextBuiltin.execute(TextBuiltin.java:264)
        at org.eclipse.jgit.pgm.Main.execute(Main.java:278)
        at org.eclipse.jgit.pgm.Main.run(Main.java:166)
        at org.eclipse.jgit.pgm.Main.main(Main.java:138)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
        at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51)
2019-08-07 13:23:39 DEBUG BouncyCastleGpgKeyLocator:174 - Ignoring unreadable file 'C:\Users\Besitzer\.gnupg\private-keys-v1.d\FA78FB5C8C6B1B0D4CC992B62BE89C8D07DF94C8.key': unknown character encountered
java.io.IOException: unknown character encountered
        at org.bouncycastle.gpg.SXprUtils.skipOpenParenthesis(Unknown Source)
        at org.bouncycastle.gpg.SExprParser.processRSASecretKey(Unknown Source)
        at org.bouncycastle.gpg.SExprParser.parseSecretKey(Unknown Source)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.attemptParseSecretKey(BouncyCastleGpgKeyLocator.java:170)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKeyForKeyBoxPublicKey(BouncyCastleGpgKeyLocator.java:306)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKey(BouncyCastleGpgKeyLocator.java:261)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.locateSigningKey(BouncyCastleGpgSigner.java:124)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:133)
        at org.eclipse.jgit.api.CommitCommand.call(CommitCommand.java:271)
        at org.eclipse.jgit.pgm.Commit.run(Commit.java:125)
        at org.eclipse.jgit.pgm.TextBuiltin.execute(TextBuiltin.java:264)
        at org.eclipse.jgit.pgm.Main.execute(Main.java:278)
        at org.eclipse.jgit.pgm.Main.run(Main.java:166)
        at org.eclipse.jgit.pgm.Main.main(Main.java:138)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
        at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51)
fatal: unable to find associated secret key for public key: 306ed1c8e21cdd2b
org.eclipse.jgit.pgm.Die: unable to find associated secret key for public key: 306ed1c8e21cdd2b
        at org.eclipse.jgit.pgm.TextBuiltin.die(TextBuiltin.java:428)
        at org.eclipse.jgit.pgm.Commit.run(Commit.java:127)
        at org.eclipse.jgit.pgm.TextBuiltin.execute(TextBuiltin.java:264)
        at org.eclipse.jgit.pgm.Main.execute(Main.java:278)
        at org.eclipse.jgit.pgm.Main.run(Main.java:166)
        at org.eclipse.jgit.pgm.Main.main(Main.java:138)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
        at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51)
Caused by: org.eclipse.jgit.api.errors.JGitInternalException: unable to find associated secret key for public key: 306ed1c8e21cdd2b
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:162)
        at org.eclipse.jgit.api.CommitCommand.call(CommitCommand.java:271)
        at org.eclipse.jgit.pgm.Commit.run(Commit.java:125)
        ... 12 more
Caused by: org.bouncycastle.openpgp.PGPException: unable to find associated secret key for public key: 306ed1c8e21cdd2b
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKeyForKeyBoxPublicKey(BouncyCastleGpgKeyLocator.java:318)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKey(BouncyCastleGpgKeyLocator.java:261)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.locateSigningKey(BouncyCastleGpgSigner.java:124)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:133)
        ... 14 more


EDIT: I made sure that the key's not corrupted. It's a GPG issue. Also I'm from Germany, maybe keyboard layouts interfear with that?

[Updated on: Wed, 07 August 2019 17:59]

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810324 is a reply to message #1810306] Wed, 07 August 2019 20:23 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
Keyboard layouts? Perhaps if your passphrase had special characters in it, and you managed to mis-type it (because of a wrong keyboard layout)? Otherwise I really don't see why it should work sometimes and sometimes not. A bug in either JGit or in BouncyCastle dealing with passphrases should make it always fail, not just sometimes.

Is one of the two failing key files (7D0325... or FA78FB5...) the one for key 306ed1c8e21cdd2b? I think you should be able to verify this via "gpg2 -K --with-keygrip" or some such. The hex digits in the file name are the "key grip".

Are there more files under private-keys-v1.d?

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810339 is a reply to message #1810324] Thu, 08 August 2019 12:29 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
So basically my passphrase only consists of regular characters, not even special German stuff like Ö, Ä or Ü.

And using the keygrip shows to me that the files in the private-keys-v1.d folder are exactly the ones involved in the error:

sec   rsa4096 2019-07-21 [SC]
      8AA34CDE2C1FB3A0C87C1D61306ED1C8E21CDD2B
      Keygrip = FA78FB5C8C6B1B0D4CC992B62BE89C8D07DF94C8
uid           [ultimate] PT400C (GitLab Key) <pt400c@gmail.com>
ssb   rsa4096 2019-07-21 [E]
      Keygrip = 7D03251E31F7DC0FF92C1739FBD14904EFEE22A8


And there are no more files in that folder except for those two.

[Updated on: Mon, 04 January 2021 07:15]

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810444 is a reply to message #1810339] Mon, 12 August 2019 06:58 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
Let's try to reduce this and see if we have a Bouncy Castle bug here. Try running the following little Java program (needs the Bouncy Castle JAR, of course):
import java.io.BufferedInputStream;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;

import org.bouncycastle.gpg.SExprParser;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.operator.PBEProtectionRemoverFactory;
import org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePBEProtectionRemoverFactory;

/** Load a key. */
public class LoadKey {

	/**
	 * Two arguments: file name to secret key and passphrase.
	 *
	 * @param args
	 *            from the command line
	 */
	public static void main(String[] args) {
		try {
			PGPDigestCalculatorProvider calculatorProvider = new JcaPGPDigestCalculatorProviderBuilder()
					.build();
			PBEProtectionRemoverFactory passphraseProvider = new JcePBEProtectionRemoverFactory(
					args[1].toCharArray());
			try (InputStream in = Files.newInputStream(Paths.get(args[0]))) {
				PGPSecretKey key = new SExprParser(calculatorProvider)
						.parseSecretKey(new BufferedInputStream(in),
								passphraseProvider,
								new JcaKeyFingerprintCalculator());
				System.out.println(
						"Found key " + key.getPublicKey().getFingerprint());
			}
		} catch (Exception e) {
			e.printStackTrace();
		}
	}

}

Call it with arguments C:\Users\Besitzer\.gnupg\private-keys-v1.d\FA78FB5C8C6B1B0D4CC992B62BE89C8D07DF94C8.key <your passphrase>. (Passphrase quoted if it contains blanks.)

If it fails, it'll print a stack trace. If it can read the key file, it'll print the public key's fingerprint (which I would expect to be 306ed1c8e21cdd2b).

If that fails, we know the problem is inside Bouncy Castle.

If it works, there's two possibilities:

  1. It prints a fingerprint starting with "306ed1c8e21cdd2b": there must be something wrong elsewhere; we need to keep digging through the JGit implementation.
  2. It prints a different fingerprint: the public key found in the pubring.kbx file is not the correct one. Your GPG setup is strange.

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810451 is a reply to message #1810444] Mon, 12 August 2019 11:08 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
I almost instantly got an exception when running the command.

Here is the output:

$ java -jar epi.jar "C:\Users\Besitzer\.gnupg\private-keys-v1.d\FA78FB5C8C6B1B0D4CC992B62BE89C8D07DF94C8.key" "password"
java.io.IOException: unknown character encountered: ▒
        at org.bouncycastle.gpg.SXprUtils.skipOpenParenthesis(Unknown Source)
        at org.bouncycastle.gpg.SExprParser.processRSASecretKey(Unknown Source)
        at org.bouncycastle.gpg.SExprParser.parseSecretKey(Unknown Source)
        at te.LoadKey.main(LoadKey.java:32)

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810470 is a reply to message #1810451] Mon, 12 August 2019 14:04 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
So Bouncy Castle cannot read this key. Jgit currently uses BC 1.61. Either this is not the way one reads these files (i.e., the code in LoadKey is incorrect), or there's a bug in Bouncy Castle, or the format of these *.key files changed between GPG versions, and yours is a format that Bouncy Castle cannot handle.

What GPG version are you using?

I don't have a clear idea how to go further from here...

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810473 is a reply to message #1810470] Mon, 12 August 2019 14:15 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
Hmm, alright.

This is the version of GPG I use. 
$ gpg --version
gpg (GnuPG) 2.2.16-unknown
libgcrypt 1.8.4
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /c/Users/Besitzer/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


For me it's btw no Windows issue. I tried it with a native Debian 9 installation and Eclipse, same issue.

As we see that this seems to be a problem of the BouncyCastle Lib I might also ask them about it - in case you don't see a problem with my GPG version.

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810509 is a reply to message #1810473] Mon, 12 August 2019 21:38 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
I just tried this code on a key on my machine. (Mac OS X 10.14.4, gpg (GnuPG/MacGPG2) 2.2.10). First fixed the fingerprint output, should be
System.out.println("Found key " + Hex.toHexString(key.getPublicKey().getFingerprint());

First observation: the little program can load the key on my machine.
Second observation: the fingerprint written is nonsense.

The program cannot be used to verify fingerprints. There are two variants of parseSecretKey(), and the one used in this little LoadKey program will produce a public key part with a new timestamp and thus its fingerprint won't match what gpg shows. But that's unrelated to the problem, and JGit uses the other version of parseSecretKey(), so the fingerprints in JGit would be correct if it could read your key at all.

One possibility I see is that your key is encrypted with an algorithm that Bouncy Castle doesn't know. In fact, looking at the code of SExprParser and JcePBEProtectionRemoverFactory I see it implements only AES-CBC w/SHA1. However modern GPG supports a number of other encryption schemes; see the documentation in file keyformat.txt. You can find out easily if that's the problem: open the key file FA78FB5C8C6B1B0D4CC992B62BE89C8D07DF94C8.key in a hex editor (or use xxd on Unix) and look for the string "(9:protected". If it continues with "25:openpgp-s2k3-sha1-aes-cbc((4:sha1", then it's the algorithm Bouncy Castle knows. Any other string indicates an algorithm that Bouncy Castle doesn't know about. It would decrypt the key wrongly and then fail parsing what it has wrongly decrypted.

If that's the problem, the only way to fix it is to implement these algorithms in Bouncy Castle, i.e., open a bug report against BC.

Note: if the encryption of your key is "openpgp-s2k3-ocb-aes", then please note that OCB is a patented algorithm. It must not be used in Eclipse and is excluded from the Bouncy Castle JARs included in Eclipse. In that case the only solution is to re-encrypt your key using AES/CBC, and to configure your GPG not to use that non-free AES/OCB encryption.

(And all that still doesn't explain why it sometimes worked all the same.)

[Updated on: Tue, 13 August 2019 06:10]

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810514 is a reply to message #1810509] Tue, 13 August 2019 06:02 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
Thanks!

There we finally tracked down the issue! This is what my key file starts with; "(21:protected-private-key(3:rsa(1:n513:"

So this isn't supported by BouncyCastle?

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810515 is a reply to message #1810514] Tue, 13 August 2019 06:11 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
No, that's the beginning of the key. Look further into the file. Find "(9:protected", then look what comes right after that.

[Updated on: Tue, 13 August 2019 06:12]

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810516 is a reply to message #1810515] Tue, 13 August 2019 06:21 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
Oh, I'm so sorry. Just remembered that somewhere there was a phrase like that and directly went for that.

Now I can see that the phrase equals the one you sent. 

(9:protected25:openpgp-s2k3-sha1-aes-cbc((4:sha18: ...

[Updated on: Tue, 13 August 2019 06:21]

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810517 is a reply to message #1810516] Tue, 13 August 2019 06:32 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
So it's not the encryption algorithm per se.

Just for completeness' sake let's check the iteration count, too. 8 bytes further there is a sequence of digits (in my key, it's "8:25810944)16:"). 25810944 is the iteration count for the key derivation function (or string-to-key function as they call it in OpenPGP; that's the encryption operation used to convert your passphrase into a decryption key for the AES/CBC encrypted private key part). What does it say in your key?

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810518 is a reply to message #1810517] Tue, 13 August 2019 06:35 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
It says "8:23796736"

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810520 is a reply to message #1810518] Tue, 13 August 2019 06:52 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
So no overflow or similar. Would have been unlikely anyway.

I'm out of ideas.

Only thing we could try is that you create a throw-away key and try to load it with the LoadKey program. If it fails for your throw-away key, send me the key pair via e-mail (exported public key, and the matching "*.key" file from private-keys-v1.d), and I try to debug this on my machine. (Don't use your real key for this; you wouldn't want to send me your real private key.)

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810522 is a reply to message #1810520] Tue, 13 August 2019 07:01 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
Of course not, eventhough this is honestly also a throw-away key. I'll document the whole process of creating it and reach back to you once I'm done. What's your E-Mail though?

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810524 is a reply to message #1810522] Tue, 13 August 2019 07:16 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
It's mentioned in each EGit/JGit commit I made... for instance in this commit.

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810645 is a reply to message #1810524] Thu, 15 August 2019 06:19 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
Hey,

sorry for the late response but I encountered several issues when trying to generate a new key.

$ gpg --full-gen-key
gpg (GnuPG) 2.2.16-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096


Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0


Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Test GPG
Email address: checkGPG@gpg.info
Comment: JGit Test
You selected this USER-ID:
    "Test GPG (JGit Test) <checkGPG@gpg.info>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O


Once this is done, I change my global git config to the email of that key and checked the java program you sent. Success. BUT here's the catch: 

$ ./org.eclipse.jgit.pgm-5.4.0.201906121030-r.sh commit -m weird
fatal: Unable to find a public-key with key or user id: checkGPG@gpg.info


As it seems now JGit doesn't even find the key I freshly generated.

I'll send you the private key via E-Mail.

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810658 is a reply to message #1810645] Thu, 15 August 2019 10:57 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
Does the key you sent make LoadKey throw an exception? I can load that key fine with the little LoadKeys program on my Mac.

After fixing the key lookup in JGit (see https://git.eclipse.org/r/#/c/147766/ ) I also can use this key to sign commits successfully in EGit.

Key lookup is one thing, but there's still the problem with that key that fails to load altogether. You wrote above that was effectively also a throw-away key. Maybe you could send me that one? I hope that one doesn't load for me, too.

Otherwise... what Java version are you using?

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810659 is a reply to message #1810658] Thu, 15 August 2019 11:57 Go to previous messageGo to next message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
Hey,

LoadKey successfully loads the key every time I attempt it. Sadly I was really frustrated with my old test key which I had before. Eventually I removed it from my machine - not having a backup :/. I'll try reproducing it though.

When will the next EGit update be pushed so that I could test the lookup process you fixed?

Btw, I use Java 8 - Hotspot VM

EDIT:

fatal: Unable to find a public-key with key or user id: checkGPG@gpg.info
org.eclipse.jgit.pgm.Die: Unable to find a public-key with key or user id: checkGPG@gpg.info
        at org.eclipse.jgit.pgm.TextBuiltin.die(TextBuiltin.java:428)
        at org.eclipse.jgit.pgm.Commit.run(Commit.java:127)
        at org.eclipse.jgit.pgm.TextBuiltin.execute(TextBuiltin.java:264)
        at org.eclipse.jgit.pgm.Main.execute(Main.java:278)
        at org.eclipse.jgit.pgm.Main.run(Main.java:166)
        at org.eclipse.jgit.pgm.Main.main(Main.java:138)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
        at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51)
Caused by: org.eclipse.jgit.api.errors.JGitInternalException: Unable to find a public-key with key or user id: checkGPG@gpg.info
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:162)
        at org.eclipse.jgit.api.CommitCommand.call(CommitCommand.java:271)
        at org.eclipse.jgit.pgm.Commit.run(Commit.java:125)
        ... 12 more
Caused by: org.bouncycastle.openpgp.PGPException: Unable to find a public-key with key or user id: checkGPG@gpg.info
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKey(BouncyCastleGpgKeyLocator.java:265)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.locateSigningKey(BouncyCastleGpgSigner.java:124)
        at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:133)
        ... 14 more

[Updated on: Sat, 17 August 2019 07:20]

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810721 is a reply to message #1810659] Sat, 17 August 2019 17:40 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
EGit nightly now should include the improved key lookup.

Report message to a moderator

Re: Latest EGit fails to sign commits with GPG [Windows] [message #1811030 is a reply to message #1810721] Sat, 24 August 2019 10:22 Go to previous message
PT 400C is currently offline PT 400CFriend
Messages: 19
Registered: July 2019
Junior Member
Hello,

Yesterday I updated Git Bash to the latest version, also updated the EGit plugin and eventually it seems to work just fine.

Thank you so much for your help, I learned a lot by this - sadly it was probably just a bug with the GPG which Git Bash ships.

PT400C

Report message to a moderator

Previous Topic:Can't get signing to work
Next Topic:Can't import Git Projects
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Jun 15 09:01:20 GMT 2021

Powered by FUDForum. Page generated in 0.02722 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly