How to get the keyID of the failed password when decrypting with rnp_decrypt?

[shemeshg]

retVal = rnp_decrypt(ffi, input, output);
if (retVal == RNP_ERROR_BAD_PASSWORD) {
**** How to get the failed keyid ***
}

s there a way to get the keyID of the failed password after calling rnp_decrypt?

Thanks
shemeshg

[ni4]

If you'd use rnp_ffi_set_pass_provider() then in the password provider callback you'll be able to check the keyid. I would be able to help more if I know your exact scenario.

[shemeshg]

I am using rnpgp library to decrypt multiple files in parallel using multithreading.

I am using rnp_ffi_set_pass_provider() to set "Last failed attempt keyId" global variable and asks for a password based on .that in case one of the threads happened to return rnp_ffi_set_pass_provider with RNP_ERROR_BAD_PASSWORD

However, since I am decrypting many files at once, the "Last failed attempt" keyId may not correspond to the invoked "rnp_ffi_set_pass_provider".

[ni4]

You may use rnp_op_verify_create() instead. Despite the name it would also decrypt the data, and you would be able to fetch recipients (keys to which message is encrypted) via the rnp_op_verify_get_recipient_count(), rnp_op_verify_get_used_recipient() and rnp_op_verify_get_recipient_at() calls.

[shemeshg]

Aren't we still have the same question: which one of the recipients in the rnp_op_verify_get_recipient_count() function has the incorrect password that causes the RNP_ERROR_BAD_PASSWORD error?

[ni4]

Currently RNP_ERROR_BAD_PASSWORD will be returned if invalid password was specified for all of the recipients. Another possible way is to first run (and fail) rnp_op_verify_execute() to obtain list of recipients, and then continuously ask for password, trying rnp_key_unlock() for the specific recipient.