Subject: pgp5 problem with 1.6F/i386
To: None <tech-pkg@netbsd.org>
From: Brian Stark <bpstark@pacbell.net>
List: tech-pkg
Date: 09/01/2002 00:02:32
Hi,

I've encountered a problem with the security/pgp5 package on a
NetBSD-curent 1.6F/i386 system and I'm wondering if others have
observed this (I'll submit a pr for this if no one seems to know about
this).

If I install the pre-compiled binary 'pgp5-5.0i.tgz' for i386/1.5 from
ftp.netbsd.org on a 1.6F/i386 system and generate a key, then delete the
the pgp5 package, and then re-install pgp5 by compiling from source, the
compiled version of pgp will reject my pass phrases for my existing key.

I'm really confused. Is it possible that a bug was introduced into the
patches for pgp5? Or worse, could gcc be generating bad code? (I believe
some changes have been made to the compiler for NetBSD-current...)

I was able to reproduce my problem today, and a log of what I did
is appended below. The steps are basically:

  * install pre-compiled pgp5
  * generate a key
  * sign a file
  * remove pgp5
  * compile pgp5
  * try to sign a file (this won't work now)

My /etc/mk.conf file normally contains 'COPTS+=-march=pentium -pipe'.
My log below shows one attempt to sign with a version of pgp5 compiled
with those options, and another attempt with a version that did not
have those options compiled in (both attempts failed).

If it helps, my pkgsrc is from August 30, 2002.

Has anyone else seen this?

TIA...

Brian Stark
bpstark at pacbell dot net

rainforest:bstark$ pkg_info | grep pgp5
rainforest:bstark$ pwd
/users/bstark
rainforest:bstark$ ls -l .pgp/
rainforest:bstark$ ls -l pgp5-5.0i.tgz
-rw-r--r--  1 bstark  wheel  966711 Mar 28 14:03 pgp5-5.0i.tgz
rainforest:bstark$ md5 pgp5-5.0i.tgz
MD5 (pgp5-5.0i.tgz) = 0a053c4bb5100a3bd19d8605328697fa
rainforest:bstark$ su
Password:
rainforest:{root}# pkg_add pgp5-5.0i.tgz

===========================================================================
$NetBSD: MESSAGE,v 1.2 2002/03/26 18:14:11 wennmach Exp $

There are a number of large changes from the 2.6.2 distribution.  Most
notable is that the command line has changed substantially.  See
the pgp5(1) man page for a discussion of how to use the new command
line.

Also, to allow easy interoperation with older versions on the same
system, a number of filename changes have been made:

~/.pgp/pubring.pgp is now ~/.pgp/pubring.pkr
~/.pgp/secring.pgp is now ~/.pgp/secring.skr
~/.pgp/config.txt is now ~/.pgp/pgp.cfg
~/.pgp/language.txt is now ~/.pgp/language50.txt

The application will NOT automatically migrate these files for you; if
you wish to retain your existing keyrings and configuration files, you
should copy them yourself.  Note that copying language.txt to
language50.txt is a decidedly bad idea.  Also note that language50.txt
is entirely optional; US English is the only language it contains at
this time.

===========================================================================

rainforest:{root}# exit
rainforest:bstark$ pgpk -g
No randseed file found.
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
Choose the type of your public key:
  1)  DSS/Diffie-Hellman - New algorithm for 5.0 (default)
  2)  RSA
Choose 1 or 2: 1

Pick your public/private keypair key size:
(Sizes are Diffie-Hellman/DSS; Read the user's guide for more information)
 1)   768/768  bits- Commercial grade, probably not currently breakable
 2)  1024/1024 bits- High commercial grade, secure for many years
 3)  2048/1024 bits- "Military" grade, secure for forseeable future(default)
 4)  3072/1024 bits- Archival grade, slow, highest security
Choose 1, 2, 3 or 4, or enter desired number of Diffie-Hellman bits
(768 - 4096): 1


You need a user ID for your public key.  The desired form for this
user ID is your FULL name, followed by your E-mail address enclosed in
<angle brackets>, if you have an E-mail address.  For example:
  Joe Smith <user@domain.com>
If you violate this standard, you will lose much of the benefits of
PGP 5.0's keyserver and email integration.

Enter a user ID for your public key: test@private.net

Enter the validity period of your key in days from 0 - 999
0 is forever (and the default): 0

You need a pass phrase to protect your private key(s).
Your pass phrase can be any sentence or phrase and may have many
words, spaces, punctuation, or any other printable characters.
Enter pass phrase:
Enter again, for confirmation:
Enter pass phrase:
Collecting randomness for key...

We need to generate 539 random bits.  This is done by reading
/dev/random.  Depending on your system, you may be able
to speed this process by typing on your keyboard and/or moving your mouse.
   0 * -Enough, thank you.
******* ..................................******* .
...........***asdf**'kmlm*p* qfm; v;asmfoifru45.ur.wefpm.sjf.u234u23.12.-4.wmsdfm.g9*qrjg**kg**o40*it*
Keypair created successfully.

If you wish to send this new key to a server, enter the URL of the server,
below.  If not, enter nothing.

rainforest:bstark$ pgpk -l
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
Type Bits KeyID      Created    Expires    Algorithm       Use
sec+  768 0x2E578BB1 2002-09-01 ---------- DSS             Sign & Encrypt
sub   768 0x2DFFA0DA 2002-09-01 ---------- Diffie-Hellman
uid  test@private.net

1 matching key found
rainforest:bstark$ pgps -u test@private.net /etc/hosts -o hosts.pgp
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
A private key is required to make a signature.
Need a pass phrase to decrypt private key:
   768 bits, Key ID 2E578BB1, Created 2002-09-01
   "test@private.net"
Enter pass phrase:
Pass phrase is good.
Creating output file hosts.pgp
rainforest:bstark$ su
Password:
rainforest:{root}# pkg_delete pgp5-5.0i
rainforest:{root}# cd /usr/pkgsrc/security/pgp5
rainforest:{root}# make all > pgp.output 2>&1
rainforest:{root}# make install > pgp.install.output 2>&1
rainforest:{root}# exit
rainforest:bstark$ cd
rainforest:bstark$ pgpk -l
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
Type Bits KeyID      Created    Expires    Algorithm       Use
sec+  768 0x2E578BB1 2002-09-01 ---------- DSS             Sign & Encrypt
sub   768 0x2DFFA0DA 2002-09-01 ---------- Diffie-Hellman
uid  test@private.net

1 matching key found
rainforest:bstark$
rainforest:bstark$ ls -l hosts.pgp
-rw-------  1 bstark  staff  1204 Aug 31 22:21 hosts.pgp
rainforest:bstark$ pgpv hosts.pgp
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
Opening file "hosts" type binary.
Good signature made 2002-09-01 05:21 GMT by key:
   768 bits, Key ID 2E578BB1, Created 2002-09-01
   "test@private.net"
rainforest:bstark$ pgps -u test@private.net /etc/hosts -o hosts2.pgp
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
A private key is required to make a signature.
Need a pass phrase to decrypt private key:
   768 bits, Key ID 2E578BB1, Created 2002-09-01
   "test@private.net"
Enter pass phrase:
Error: Bad pass phrase.

Enter pass phrase:
Stopped at user request.
rainforest:bstark$ cat /etc/mk.conf
#
# NetBSD operating system environment variables
#
# careful! 'DESTDIR' will affect package installations!
# DESTDIR=/altroot
# note, this should work, but....
#
COPTS+=-march=pentium -pipe
MKKERBEROS=no
OBJMACHINE=yes
MKOBJDIRS=yes
#
# NetBSD package system environment variables
#
DISTDIR=/usr/local/distfiles
WRKOBJDIR=/usr/pkgsrc.work/${MACHINE}
USA_RESIDENT=YES
NS_ENCRYPTION=us
ACCEPTABLE_LICENSES+=shareware
ACCEPTABLE_LICENSES+=adobe-acrobat-license
ACCEPTABLE_LICENSES+=fee-based-commercial-use
ACCEPTABLE_LICENSES+=pine-license
ACCEPTABLE_LICENSES+=jdk13-license
rainforest:bstark$ uname -a
NetBSD rainforest.private.net 1.6F NetBSD 1.6F (CALLISTO) #3: Sun Aug 11 22:47:21 PDT 2002     bstark@rainforest.private.net:/usr/src/sys/arch/i386/compile/CALLISTO i386
rainforest:bstark$ su
Password:
rainforest:{root}# cd /usr/pkgsrc/security/pgp5
rainforest:{root}# pkg_delete pgp5
rainforest:{root}# vi /etc/mk.conf
rainforest:{root}# cat /etc/mk.conf
#
# NetBSD operating system environment variables
#
# careful! 'DESTDIR' will affect package installations!
# DESTDIR=/altroot
# note, this should work, but....
#
# COPTS+=-march=pentium -pipe
MKKERBEROS=no
OBJMACHINE=yes
MKOBJDIRS=yes
#
# NetBSD package system environment variables
#
DISTDIR=/usr/local/distfiles
WRKOBJDIR=/usr/pkgsrc.work/${MACHINE}
USA_RESIDENT=YES
NS_ENCRYPTION=us
ACCEPTABLE_LICENSES+=shareware
ACCEPTABLE_LICENSES+=adobe-acrobat-license
ACCEPTABLE_LICENSES+=fee-based-commercial-use
ACCEPTABLE_LICENSES+=pine-license
ACCEPTABLE_LICENSES+=jdk13-license
rainforest:{root}#
rainforest:{root}# make clean
===> Cleaning for pgp5-5.0i
rainforest:{root}#
rainforest:{root}# make all > pgp.output2 2>&1
rainforest:{root}# make install > pgp.install.output2 2>&1
rainforest:{root}# exit
rainforest:bstark$ cd
rainforest:bstark$ pgpk -l
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
Type Bits KeyID      Created    Expires    Algorithm       Use
sec+  768 0x2E578BB1 2002-09-01 ---------- DSS             Sign & Encrypt
sub   768 0x2DFFA0DA 2002-09-01 ---------- Diffie-Hellman
uid  test@private.net

1 matching key found
rainforest:bstark$ pgps -u test@private.net /etc/hosts -o hosts3.pgp
Cannot open configuration file /users/bstark/.pgp/pgp.cfg
A private key is required to make a signature.
Need a pass phrase to decrypt private key:
   768 bits, Key ID 2E578BB1, Created 2002-09-01
   "test@private.net"
Enter pass phrase:
Error: Bad pass phrase.

Enter pass phrase:
Stopped at user request.
rainforest:bstark$