Closed Bug 1718627 Opened 3 years ago Closed 2 years ago

Identities in imported OpenPGP public keys disappear in Thunderbird key manager

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(thunderbird_esr91+ fixed, thunderbird100 fixed)

Status:
RESOLVED FIXED
Milestone:
101 Branch
Tracking Flags:
Tracking Status
thunderbird_esr91 + fixed
thunderbird100 --- fixed

People

(Reporter: bugzilla, Assigned: KaiE)

Details

Attachments

(4 files)

eelco.asc
6.24 KB, text/plain
Details
sanders.asc
12.29 KB, text/plain
Details
dkg.gpg
10.02 KB, application/pgp-encrypted
Details
Bug 1718627 - Key details don't show first user ID if it isn't the primary ID. r=mkmelin
48 bytes, text/x-phabricator-request
wsmwk
: approval-comm-beta+
wsmwk
: approval-comm-esr91+
Details | Review
Attached file eelco.asc

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36

Steps to reproduce:

Just to be sure i start with a clean Thunderbird profile.

  • Set up an account.

  • Go to [Menu]->Tools->OpenPGP Key Manager->Generate->New Key Pair
    Generation succeeds

  • Activate this OpenPGP key for the account in this Thunderbird profile through [Menu]->Account Settings->End-To-End Encryption->Select the newly generated OpenPGP key.

  • Go to [Menu]->Tools->OpenPGP Key Manager->File->Import Public Key(s) From File

  • Import the attached public key.

  • Check the imported identities for this public key, notice how 'eelco@bit.nl' is missing.

This is what GnuPG thinks of that public key:

gpg --list-keys eelco@bit.nl
pub rsa4096/5A69480E91C82382 2017-12-30 [SC]
4A4F09CF1E67A0554939E4985A69480E91C82382
uid [ unknown] Eelco P. Bel <eelco.bel@netforce-is.nl>
uid [ unknown] Eelco Bel <eelco@bit.nl>
uid [ unknown] Eelco Bel (Gmail) <eelco.bel@gmail.com>
uid [ unknown] Eelco Bel (Scoutlink) <netforce@scoutlink.net>
uid [ unknown] Eelco Bel (SJH) <eelco.bel@scoutingjanhilgers.nl>
sub rsa4096/806FF01DDF170C72 2017-12-30 [E]

Actual results:

For some reason, the specific identity for 'eelco@bit.nl' is not shown in the Thunderbird OpenPGP Key Manager.

Thunderbird refuses to send encrypted mail to that address.

There is also not even an option to tell/force Thunderbird to use the key.

Expected results:

The 'eelco@bit.nl' identity is shown and the imported public key considered a valid key for encrypted email to this email address.

OR there is a clear and consice message indicating why the identity was ignored and what should be done to make it work.

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core

JFYI: just checked from the RNP side - and everything seems good with uid validities/signatures.

Attached file sanders.asc

This public key shows the same behaviour, the @bit.nl alias/identity disappears on import.
Almost looks like it relates to the '@bit.nl' part.

Attached file dkg.gpg

I'm seeing similar behavior with the attached dkg.gpg public key, running thunderbird on debian, version 1:91.7.0-2.

This OpenPGP certificate contains three identities with the User ID "split out":

  • Daniel Kahn Gillmor (my human-friendly name)
  • <dkg@fifthhorseman.net> (one e-mail address i use)
  • <dkg@debian.org> (another e-mail address i also use)

These User IDs are split out to make certification easier -- maybe a certifier has verified my e-mail address, but not my human name, or vice versa -- i want them to be able to make the certification of the part that they've actually confirmed.

Thunderbird with enigmail used to work just fine with keys like this.

I've tested this with a new Thunderbrid profile. If I load this key from a file (manually) then in the "Your Acceptance" field, and indicate "Yes, I've verified in person this key has the correct fingerprint", thunderbird will still not permit me to encrypt messages to either of the e-mail addresses in question.

I've done some further debugging as well, all testing with new thunderbird profiles:

Both of the e-mail addresses in this certificate are associated with domains that publish keys via both WKD and OPENPGPKEY DNS records. If, in a new Thunderbird profile, i try to encrypt a message to one of these e-mail addresses (the fifthhorseman address) without first loading the attached OpenPGP certificate from a file, then Thunderbird prompts me for a missing key. If i click "Manage keys for selected recipient…" and then "discover new or updated key" it will fetch the key from the network, and if i then say "Yes, I've verified in person this key has the correct fingerprint", it will allow me to send the encrypted mail.

If i then try to send an encrypted message to the other e-mail address (the debian address) from the same profile, though, i get taken through the same workflow, and while i can mark the certificate as "verified" i can't send a message.

In particular, i think the verification/acceptance markers are only being applied to the first user ID somehow, but i'm not exactly sure how to keep track of that.

Looking at the openpgp.sqlite database in the thunderbird profile directory, i'm a little bit surprised to see that acceptance_decision just maps OpenPGP fingerprints to decision levels, but acceptance_email maps fingerprints to e-mail addresses. Shouldn't the acceptance decisions map to (fingerprint, e-mail address) tuples instead? I don't understand the data model.

btw, @KaiE or anyone else who is working on this, if you're testing, feel free to send me test encrypted mail using the e-mail addresses mentioned above. I would be happy to be a guinea pig for any testing.

Flags: needinfo?(kaie)

Apologies for the long delay.

I've looked into the issue reported by Sander (not yet into the issue from Daniel, which might be separate).

Apparently Sander's issue is purely a display issue. The code that renders the display for the key manager and the key properties dialog make a false assumption: They assume the first user ID is identical to the primary user ID. When displaying the additional IDs, they start with the second entry in the user ID array. As a consequence, the first entry is missing, and the primary ID is shown twice.

Assignee: nobody → kaie
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
status-thunderbird_esr91: --- → affected
Flags: needinfo?(kaie)

I've moved analysis on the separate issue that dkg reported to bug 1762896.

Keywords: checkin-needed-tb

Comment on attachment 9270693 [details]
Bug 1718627 - Key details don't show first user ID if it isn't the primary ID. r=mkmelin

The fix is pretty obvious, so I don't see a need to delay asking for uplift.

[Approval Request Comment]
Regression caused by (bug #): no
User impact if declined: wrong information shown
Testing completed (on c-c, etc.): manual local testing
Risk to taking this patch (and alternatives if risky): zero

Attachment #9270693 - Flags: approval-comm-esr91?
tracking-thunderbird_esr91: --- → +
Target Milestone: --- → 101 Branch

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/e772a225eb3c
Key details don't show first user ID if it isn't the primary ID. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Comment on attachment 9270693 [details]
Bug 1718627 - Key details don't show first user ID if it isn't the primary ID. r=mkmelin

[Triage Comment]
Approved for beta

Approved for ers91

Attachment #9270693 - Flags: approval-comm-esr91?
Attachment #9270693 - Flags: approval-comm-esr91+
Attachment #9270693 - Flags: approval-comm-beta+

Thanks to everyone involved in fixing this! Doesn't go unnoticed!

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: