Open Bug 1703368 Opened 3 years ago Updated 2 years ago

Thunderbird Fails to use a Standard Group Key

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(Not tracked)

People

(Reporter: neal, Unassigned)

Details

(Whiteboard: [)

Attachments

(2 files)

group-mixed.pgp
800 bytes, application/pgp-keys
Details
group.pgp
1.27 KB, application/pgp-keys
Details
Attached file group-mixed.pgp

I'm trying to import the following key:

$ sq inspect group-mixed.pgp 
group-mixed.pgp: Transferable Secret Key.

    Fingerprint: 9B85E54B5880ABDB0B2CA440030E008716361058
Public-key algo: EdDSA Edwards-curve Digital Signature Algorithm
Public-key size: 256 bits
  Creation time: 2021-04-06 20:07:17 UTC
Expiration time: 2024-04-06 13:33:38 UTC (creation time + P1095DT62781S)
      Key flags: certification

         Subkey: 4C66B6B3DF3A43CD4F90FCCAE8862F6428F4CB9F
Public-key algo: ECDH public key algorithm
Public-key size: 256 bits
     Secret key: Unencrypted
  Creation time: 2021-04-06 20:07:17 UTC
Expiration time: 2024-04-06 13:33:38 UTC (creation time + P1095DT62781S)
      Key flags: transport encryption

         UserID: <group@example.org>

As you can see, the primary key does not have any secret key material, but the subkey does. This is an ideal shared key: people who have the key are able to decrypt messages encrypted to it, but they are not able to sign or certify messages using it.

Unfortunately, rnp does not support this key. When I try to import it from the OpenPGP Key Manager (File -> Import Secret Key From File), I get the following error message:

Import an existing personal OpenPGP key

/!\ Error! Failed to import file.

Select a previously backed up file.

....
Attached file group.pgp

I should note that RNP is intended to support such use case, however quick-check via CLI fails.
I filed an issue at https://github.com/rnpgp/rnp/issues/1469 , thanks for reporting.

Btw, are you aware how many implementations use such keys?

I am not sure what you mean by "how many implementations use such keys". I assume you mean how many implementations support such keys. I know from experience that Sequoia and GnuPG handle them correctly.

I am not sure what you mean by "how many implementations use such keys".

I meant that they have commands or API to export or produce such keys/have some semantics describing this keys (like GnuPG's 'offline master key')?

Everyone is fully aware that the tooling in the OpenPGP space is hard to use. To create such a key using GnuPG, you would use 'gpgsplit' on the TSK and on the TPK and then pick just the packets that you want. In this case, you'd take the primary key from the TPK and the subkey from the TSK.

Thanks for the clarification. So, as I understand, this sort of keys is not widely adopted and just may be used in case somebody found it useful?

I don't have any statistics (obviously people don't publish their TSKs and we can't tell from TPKs what has been stripped), but I know multiple organizations that use such keys.

See also: https://github.com/rnpgp/rnp/issues/1490

Just to note: RNP's issue 1490 is unrelated to this ticket, as describes another problem.

See Also: → https://github.com/rnpgp/rnp/issues/1469
Whiteboard: [RNP]
Severity: -- → S3
Status: UNCONFIRMED → NEW
Ever confirmed: true
See Also: https://github.com/rnpgp/rnp/issues/1469
Whiteboard: [RNP] → [
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: