|
|
|
|
|
|
Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810306 is a reply to message #1810305] |
Wed, 07 August 2019 11:24 |
PT 400C Messages: 19 Registered: July 2019 |
Junior Member |
|
|
Hey,
now we're digging deeper into the problem's cause. Using JGIT eventually showed up this error:
2019-08-07 13:23:39 DEBUG BouncyCastleGpgKeyLocator:174 - Ignoring unreadable file 'C:\Users\Besitzer\.gnupg\private-keys-v1.d\7D03251E31F7DC0FF92C1739FBD14904EFEE22A8.key': unknown character encountered
java.io.IOException: unknown character encountered
at org.bouncycastle.gpg.SXprUtils.skipOpenParenthesis(Unknown Source)
at org.bouncycastle.gpg.SExprParser.processRSASecretKey(Unknown Source)
at org.bouncycastle.gpg.SExprParser.parseSecretKey(Unknown Source)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.attemptParseSecretKey(BouncyCastleGpgKeyLocator.java:170)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKeyForKeyBoxPublicKey(BouncyCastleGpgKeyLocator.java:306)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKey(BouncyCastleGpgKeyLocator.java:261)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.locateSigningKey(BouncyCastleGpgSigner.java:124)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:133)
at org.eclipse.jgit.api.CommitCommand.call(CommitCommand.java:271)
at org.eclipse.jgit.pgm.Commit.run(Commit.java:125)
at org.eclipse.jgit.pgm.TextBuiltin.execute(TextBuiltin.java:264)
at org.eclipse.jgit.pgm.Main.execute(Main.java:278)
at org.eclipse.jgit.pgm.Main.run(Main.java:166)
at org.eclipse.jgit.pgm.Main.main(Main.java:138)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51)
2019-08-07 13:23:39 DEBUG BouncyCastleGpgKeyLocator:174 - Ignoring unreadable file 'C:\Users\Besitzer\.gnupg\private-keys-v1.d\FA78FB5C8C6B1B0D4CC992B62BE89C8D07DF94C8.key': unknown character encountered
java.io.IOException: unknown character encountered
at org.bouncycastle.gpg.SXprUtils.skipOpenParenthesis(Unknown Source)
at org.bouncycastle.gpg.SExprParser.processRSASecretKey(Unknown Source)
at org.bouncycastle.gpg.SExprParser.parseSecretKey(Unknown Source)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.attemptParseSecretKey(BouncyCastleGpgKeyLocator.java:170)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKeyForKeyBoxPublicKey(BouncyCastleGpgKeyLocator.java:306)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKey(BouncyCastleGpgKeyLocator.java:261)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.locateSigningKey(BouncyCastleGpgSigner.java:124)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:133)
at org.eclipse.jgit.api.CommitCommand.call(CommitCommand.java:271)
at org.eclipse.jgit.pgm.Commit.run(Commit.java:125)
at org.eclipse.jgit.pgm.TextBuiltin.execute(TextBuiltin.java:264)
at org.eclipse.jgit.pgm.Main.execute(Main.java:278)
at org.eclipse.jgit.pgm.Main.run(Main.java:166)
at org.eclipse.jgit.pgm.Main.main(Main.java:138)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51)
fatal: unable to find associated secret key for public key: 306ed1c8e21cdd2b
org.eclipse.jgit.pgm.Die: unable to find associated secret key for public key: 306ed1c8e21cdd2b
at org.eclipse.jgit.pgm.TextBuiltin.die(TextBuiltin.java:428)
at org.eclipse.jgit.pgm.Commit.run(Commit.java:127)
at org.eclipse.jgit.pgm.TextBuiltin.execute(TextBuiltin.java:264)
at org.eclipse.jgit.pgm.Main.execute(Main.java:278)
at org.eclipse.jgit.pgm.Main.run(Main.java:166)
at org.eclipse.jgit.pgm.Main.main(Main.java:138)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51)
Caused by: org.eclipse.jgit.api.errors.JGitInternalException: unable to find associated secret key for public key: 306ed1c8e21cdd2b
at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:162)
at org.eclipse.jgit.api.CommitCommand.call(CommitCommand.java:271)
at org.eclipse.jgit.pgm.Commit.run(Commit.java:125)
... 12 more
Caused by: org.bouncycastle.openpgp.PGPException: unable to find associated secret key for public key: 306ed1c8e21cdd2b
at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKeyForKeyBoxPublicKey(BouncyCastleGpgKeyLocator.java:318)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKey(BouncyCastleGpgKeyLocator.java:261)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.locateSigningKey(BouncyCastleGpgSigner.java:124)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:133)
... 14 more
EDIT: I made sure that the key's not corrupted. It's a GPG issue. Also I'm from Germany, maybe keyboard layouts interfear with that?
[Updated on: Wed, 07 August 2019 17:59] Report message to a moderator
|
|
|
|
Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810339 is a reply to message #1810324] |
Thu, 08 August 2019 12:29 |
PT 400C Messages: 19 Registered: July 2019 |
Junior Member |
|
|
So basically my passphrase only consists of regular characters, not even special German stuff like Ö, Ä or Ü.
And using the keygrip shows to me that the files in the private-keys-v1.d folder are exactly the ones involved in the error:
sec rsa4096 2019-07-21 [SC]
8AA34CDE2C1FB3A0C87C1D61306ED1C8E21CDD2B
Keygrip = FA78FB5C8C6B1B0D4CC992B62BE89C8D07DF94C8
uid [ultimate] PT400C (GitLab Key) <pt400c@gmail.com>
ssb rsa4096 2019-07-21 [E]
Keygrip = 7D03251E31F7DC0FF92C1739FBD14904EFEE22A8
And there are no more files in that folder except for those two.
[Updated on: Mon, 04 January 2021 07:15] Report message to a moderator
|
|
|
|
|
|
Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810473 is a reply to message #1810470] |
Mon, 12 August 2019 14:15 |
PT 400C Messages: 19 Registered: July 2019 |
Junior Member |
|
|
Hmm, alright.
This is the version of GPG I use. $ gpg --version
gpg (GnuPG) 2.2.16-unknown
libgcrypt 1.8.4
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /c/Users/Besitzer/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
For me it's btw no Windows issue. I tried it with a native Debian 9 installation and Eclipse, same issue.
As we see that this seems to be a problem of the BouncyCastle Lib I might also ask them about it - in case you don't see a problem with my GPG version.
|
|
|
Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810509 is a reply to message #1810473] |
Mon, 12 August 2019 21:38 |
Thomas Wolf Messages: 576 Registered: August 2016 |
Senior Member |
|
|
I just tried this code on a key on my machine. (Mac OS X 10.14.4, gpg (GnuPG/MacGPG2) 2.2.10). First fixed the fingerprint output, should be
System.out.println("Found key " + Hex.toHexString(key.getPublicKey().getFingerprint());
First observation: the little program can load the key on my machine.
Second observation: the fingerprint written is nonsense.
The program cannot be used to verify fingerprints. There are two variants of parseSecretKey(), and the one used in this little LoadKey program will produce a public key part with a new timestamp and thus its fingerprint won't match what gpg shows. But that's unrelated to the problem, and JGit uses the other version of parseSecretKey(), so the fingerprints in JGit would be correct if it could read your key at all.
One possibility I see is that your key is encrypted with an algorithm that Bouncy Castle doesn't know. In fact, looking at the code of SExprParser and JcePBEProtectionRemoverFactory I see it implements only AES-CBC w/SHA1. However modern GPG supports a number of other encryption schemes; see the documentation in file keyformat.txt. You can find out easily if that's the problem: open the key file FA78FB5C8C6B1B0D4CC992B62BE89C8D07DF94C8.key in a hex editor (or use xxd on Unix) and look for the string "(9:protected". If it continues with "25:openpgp-s2k3-sha1-aes-cbc((4:sha1", then it's the algorithm Bouncy Castle knows. Any other string indicates an algorithm that Bouncy Castle doesn't know about. It would decrypt the key wrongly and then fail parsing what it has wrongly decrypted.
If that's the problem, the only way to fix it is to implement these algorithms in Bouncy Castle, i.e., open a bug report against BC.
Note: if the encryption of your key is "openpgp-s2k3-ocb-aes", then please note that OCB is a patented algorithm. It must not be used in Eclipse and is excluded from the Bouncy Castle JARs included in Eclipse. In that case the only solution is to re-encrypt your key using AES/CBC, and to configure your GPG not to use that non-free AES/OCB encryption.
(And all that still doesn't explain why it sometimes worked all the same.)
[Updated on: Tue, 13 August 2019 06:10] Report message to a moderator
|
|
|
|
|
|
|
|
|
|
|
|
|
Re: Latest EGit fails to sign commits with GPG [Windows] [message #1810659 is a reply to message #1810658] |
Thu, 15 August 2019 11:57 |
PT 400C Messages: 19 Registered: July 2019 |
Junior Member |
|
|
Hey,
LoadKey successfully loads the key every time I attempt it. Sadly I was really frustrated with my old test key which I had before. Eventually I removed it from my machine - not having a backup :/. I'll try reproducing it though.
When will the next EGit update be pushed so that I could test the lookup process you fixed?
Btw, I use Java 8 - Hotspot VM
EDIT:
fatal: Unable to find a public-key with key or user id: checkGPG@gpg.info
org.eclipse.jgit.pgm.Die: Unable to find a public-key with key or user id: checkGPG@gpg.info
at org.eclipse.jgit.pgm.TextBuiltin.die(TextBuiltin.java:428)
at org.eclipse.jgit.pgm.Commit.run(Commit.java:127)
at org.eclipse.jgit.pgm.TextBuiltin.execute(TextBuiltin.java:264)
at org.eclipse.jgit.pgm.Main.execute(Main.java:278)
at org.eclipse.jgit.pgm.Main.run(Main.java:166)
at org.eclipse.jgit.pgm.Main.main(Main.java:138)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51)
Caused by: org.eclipse.jgit.api.errors.JGitInternalException: Unable to find a public-key with key or user id: checkGPG@gpg.info
at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:162)
at org.eclipse.jgit.api.CommitCommand.call(CommitCommand.java:271)
at org.eclipse.jgit.pgm.Commit.run(Commit.java:125)
... 12 more
Caused by: org.bouncycastle.openpgp.PGPException: Unable to find a public-key with key or user id: checkGPG@gpg.info
at org.eclipse.jgit.lib.internal.BouncyCastleGpgKeyLocator.findSecretKey(BouncyCastleGpgKeyLocator.java:265)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.locateSigningKey(BouncyCastleGpgSigner.java:124)
at org.eclipse.jgit.lib.internal.BouncyCastleGpgSigner.sign(BouncyCastleGpgSigner.java:133)
... 14 more
[Updated on: Sat, 17 August 2019 07:20] Report message to a moderator
|
|
|
|
|