Woes

GPG4Win: Kleopatra won’t import certificate or does not show list of certificates during encryption

Posted on June 27, 2013. Filed under: bugs, Woes |

Windows 7. 32 bit. One fine day GPG4Win’s mistress Kleopatra stopped showing public keys of people. I could not encrypt files anymore because of missing public keys.

I gently nudged Ms.Kleo to import certificates. But at the end of the import, Ms.Kleo purrs with message “…. processed:0, imported:0”. Certificates are not imported. Gaah!

Time to fire up handy sysinternals tool “procmon”. I’ll not go into details of analysis. I noticed that gpg.conf used in this case is coming from “My Documents\PGP-Keyrings\gpg4win”. Opened “gpg.conf” and noticed that entries for primary-keyring and secret-keyring got corrupted. They are pointing to wrong location where public and secret key rings are located (not sure how this corruption happened).

Fix the location:

###+++—- GPG conf —+++###

primary-keyring “<path to pubring.pkr>”

secret-keyring “<path to secring.skr>”

 

Now Ms. Kleopatra behaves. Voila!

 

 

Read Full Post | Make a Comment ( 1 so far )

CAPICOM KeyUsage IsDecipherOnlyEnabled crap

Posted on December 9, 2009. Filed under: bugs, Woes | Tags: |

I was trying to parse a certificate (in VBScript) and found that CAPICOM is returning true for call

Certificate.KeyUsage.IsDecipherOnlyEnabled

But in my certificate the DER BITSTRING is set to B1 (10110001). This means Decipher Only bit is not set and should not be considered (actual DER coding is like this 030200b1 . For a NamedBitString unused/unset trailing bits are removed before encoding. )

So I wondered why CAPICOM is showing it as true when this bit is not set. I looked up into capicom.dll and found this:

CKeyUsage::get_IsDigitalSignatureEnabled and CKeyUsage::get_IsDecipherOnlyEnabled are both set to same address of the function implementation and it looks like code inside returns DigitalSignature flag bit.

Because in my certificate DigitalSignature bit is set, I’m getting back true even for “DecipherOnly” flag. GAAAH!!!

Read Full Post | Make a Comment ( None so far )

Clearcase MVFS corrupts file – Cannot delete file “Invalid DOS Function”

Posted on June 30, 2009. Filed under: Debugging, Woes |

I have clearcase 7.0.1.2 on Win2k OS.
When I built a project using Visual Studio .NET 2003, files are created in output “Release” directory which gets created under the vob. In this folder one particular file “vc70.idb” started creating problems. During further builds, VS is not able to delete this file to overwrite. My first reaction was to delete it from explorer only to find “Invalid DOS function” or such similar error message. Next step was to open CMD and try to delete this file. This too gave the same useless error message.  Due to urgency, I renamed the “Release” to “Release_somenumber”, changed output directory to my local drive and did further builds.

I got back to the problem later and there was no other way to delete this vc70.idb file. Name shows up in the explorer but just cannot get rid of these files. Our IT support guys were told about the problem and they came down, struggled for few hours and finally left saying they will escalate to IBM team. I did not wait for them because I know they will take few weeks to solve this.

So I decided to solve this myself with ever useful sysinternals tools. Solving this issue was trivial.

1. I fired up filemon.exe from sysinternals.
2. I opened explorer and tried deleting this “vc70.idb” file.
3. Stopped filemon capturing. Filemon shows the actual file location vc70.idb points to in the clearcase view. It leads to something like
“\\networkshare\csv_view.vws\.s0018\80000eabbglslvc70.idb”
4. Now it is trivial: open notepad and save the file with the same name shown by filemon in that location.
5. Go to explorer and simply delete the file!! voila!!

Read Full Post | Make a Comment ( 2 so far )

IGroupPolicyObject::New will fail if thread is impersonating or identity or delegation

Posted on November 18, 2008. Filed under: Debugging, Woes | Tags: , |

I had the chance to debug into CGroupPolicyObject::New method in GPEdit.dll since the call is failing.

My finding is that if a thread’s Security Impersonation Level is anything other than Anonymous, the call will fail.

SecurityAnonymous, SecurityIdentification,
  SecurityImpersonation,
  SecurityDelegation

The reason is that the code in this method is as follows ( this is my code guessed from disassembly):

HTOKEN hToken = NULL;

OpenThreadToken(GetCurrentThread(),TOKEN_DUPLICATE,TRUE,&hToken);

CGroupPolicyObject::EnableSecurityPriv();

SetThreadToken(0,hToken);

You see, they are opening the token without TOKEN_IMPERSONATE flag and SetThreadToken will throw error if this flas is not used in the access token. Reason why it works for anonymous level is OpenThreadToken fails and sets hToken to NULL. And the resulting call is SetThreadToken(0,NULL) which will succeed. See SetThreadToken() in MSDN.

Tool used: WinDbg

Read Full Post | Make a Comment ( 5 so far )

CCRC integration with VS 2008

Posted on July 9, 2008. Filed under: Fixes, Woes |

To integrate Clearcase remote client for Visual Studio 2008 you need to download a workaround zip file from IBM ftp server: CC-CQ-VS2008.zip

Caveats:

  • The instructions in the zip file are outdated and incomplete. Instead look up steps online at IBM
  • In ccvsiwanservice_VS2008.reg file, apart from CodeBase and Path key settings, you must also set InprocServer32 key to the correct location of mscoree.dll. Especially if your OS is on a different drive other than default C:
  • If you don’t set this mscoree.dll path correctly, you’ll end up with errors like “ccvsiwanservice package could not be loaded… skip loading…” when Visual Studio 2008 starts.
Read Full Post | Make a Comment ( 2 so far )

Vista Ultimate EFS bug in search pane

Posted on May 26, 2008. Filed under: bugs, Woes |

Found this bug under Vista Ultimate 32-bit US.

Assume you have EFS keys configured.

Do a search for files you know have been encrypted or for that matter any file. In the search results pane, right click on a file. You’ll see “Encrypt” in the context menu. Click on it. But encryption does not happen. So, why show “Encrypt” in context menu?

Read Full Post | Make a Comment ( None so far )

Vista Aero design philosophy or a bug?

Posted on February 21, 2008. Filed under: GUI, Woes |

As far as I know, from Windows 2000 onwards, calling MessageBox API with MB_OK, MB_OKCANCEL shows the message dialog with [X] (close, cross)button enabled, while, using MB_YESNO shows it with [X] button disabled. I thought Design Philosophy behind this would be, X button is more or less to dismiss the dialog (which is same as canceling it). While, NO would not exactly mean canceling the dialog and hence X button is disabled.

Here is the interesting (or buggy?) part: On Vista, same MessageBox API with MB_YESNO shows dialog with [X] button disabled in non-aero or classic look, while, turning on the AERO effect, we see this [X] button enabled. Nothing happens when we click on it.

Is this a bug or Aero design philosophy? only Microsoft can answer.

Read Full Post | Make a Comment ( None so far )

Vista Windows Update – proxy problem solved

Posted on February 21, 2008. Filed under: Fixes, Woes |

Proxy servers in our company are pretty old. Windows Update on Vista gives 0x80072eef and other related errors and it was just not working. My previous post explains how to solve this. Basically the lmCompatabilityLevel setting in Vista is higher than what old proxy server support (authentication schemes). Setting this value appropriately makes Windows Update work (you must restart). (Before doing update you must clean update directories: Stop Windows Update Service –delete WINDOWS\SoftwareDistribution folder and WindowsUpdate.log file — start Windows Update Service.)

Read Full Post | Make a Comment ( None so far )

Microsoft File Transfer Manager – timeout error

Posted on February 19, 2008. Filed under: Fixes, Woes |

After all planets aligned, downloading from MSDN Subscription (with Microsoft File Transfer Manager) started failing with time out error. My colleague Deepak Pandey found a way and informed me to uncheck “HTTPS” in the options dialog.

So, uncheck the HTTPS option and restart the download. It should work.

Read Full Post | Make a Comment ( 2 so far )

Liked it here?
Why not try sites on the blogroll...