ggp related changes (1.9 - 1.12)?

Kevin J. McCarthy kevin at 8t8.us
Fri Dec 27 15:42:00 UTC 2019


On Fri, Dec 27, 2019 at 12:12:32PM +0100, Claus Assmann wrote:
>on the system?).  However, I can no longer decrypt mails (using gpg 
>1.4.23)
>"Could not decrypt ..."

Try refreshing your pgp_* commands against the version in contrib/gpg.rc 
in the tarball.  1.10.1 added $pgp_check_gpg_decrypt_status_fd, to check 
the status file descriptor for GPG decryption codes, to protect against 
spoofing.  (1.6.0 also did this a bit less thoroughly, but required 
pro-active setting of $pgp_decryption_okay by users to enable it.).

Most likely, the '--status-fd=2' parts are missing from your 
$pgp_decode_command and $pgp_decrypt_command.  However, it would be good 
to just use all the values in the gpg.rc file, to protect against other 
issues too.  For example, there were some attacks protected against by 
the --no-verbose flag, which I've noticed some long-time users don't 
have enabled.

-- 
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-users/attachments/20191227/c19571c4/attachment.asc>


More information about the Mutt-users mailing list