Closed Bug 1749600 Opened 3 years ago Closed 3 years ago

Cannot import public keys created by OpenPGP.php

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 91
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: vince, Unassigned)

Details

Attachments

(3 files)

UnsignedEncrypted.png
12.33 KB, image/png
Details
A public key created by OpenPGP.php
959 bytes, text/plain
Details
A public key created by OpenPGP.php then modified in GnuPG for sub key
1.66 KB, text/plain
Details
Attached image UnsignedEncrypted.png β€”

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0

Steps to reproduce:

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0

Was using 91.4.1 earlier, now on 91.5 still has same problem.
This could be related to https://bugzilla.mozilla.org/show_bug.cgi?id=1748722

I am using a WordPress plug-in 'WP PGP Encrypted Emails' which uses OpenPGP.php
see https://github.com/singpolyma/openpgp-php

The plug-in creates Public and Private keys for the web host running WordPress to send encrypted email. I tried to import the Public key into Thunderbird using file, clipboard and keyserver methods. I haven't tried URL or WKD.

Actual results:

The Public key created by OpenPGP.php cannot be imported into Thunderbird from file, from clipboard or from a keyserver.

An error message pop-up is displayed showing 'Importing the keys failed. Undefined'

When WordPress sends a signed or encrypted message to the client. Thunderbird shows the message as having an 'Uncertain Digital Signature'.

With incoming encrypted messages coming from WordPress, I noticed from the 'Show Message Security' button that the message did not contain a signature but was encrypted. See attached image.

I imported the WordPress keypair on another machine using GnuPG and I noticed that both keys did not have an RSA Encryption subkey. I added the RSA Encryption subkey to the keypair and re-exported to files in order to load back into WordPress.

When importing the modified Public key (with subkey E) into Thunderbird, the key is recognised at first but the import displays an error message: 'Import failed. The key you are trying to import might be corrupt or use unknown attributes. Would you like to attempt to import the parts that are correct? This might result in the import of incomplete and unusable keys.'

I clicked 'OK' and got another error message: 'No keys imported.'

I don't know if the problem domain is within the WordPress plug-in, OpenPGP.php or Thunderbird.

Expected results:

The Public key should have been imported and shown in the key list.

I can't find any error logs or see any faults shown in the Error Console.

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core

Hi,
Does this happen with every key, generated by OpenPGP.php or just particular one? If so, could you please share an example key (making sure it doesn't contain sensitive information)?

This public key was part of a OpenPGP.php generated keypair that was imported into a separate host with GnuPG. The original keypair only has Certify and Sign roles, the Encryption role was added as a sub key. It is recognised by Thunderbird but fails to import.

(In reply to Nickolay Olshevsky from comment #1)

Hi,
Does this happen with every key, generated by OpenPGP.php or just particular one? If so, could you please share an example key (making sure it doesn't contain sensitive information)?

The WordPress plug-in only generates one keypair for the host to use. It has a regenerate button that I have used many times this week and every public key it creates fails to import into Thunderbird.

Thanks for the files. It is clearly the problem on the OpenPGP.php side (I described details in the issue you created: https://github.com/singpolyma/openpgp-php/issues/120 )

GnuPG probably ignores check of that field (leftmost 2 bytes of the hash) and goes directly to the signature validation, while RNP is more strict in this.
Some more details:

  • in first case, without subkey, key doesn't have any valid signature so reported as completely invalid
  • in the second case, when you added subkey with GnuPG, key now has one valid signature (subkey's one), and reported as valid. However, it still doesn't have any valid userid.

Thank you for identifying the root cause of the problem. My challenge now is to try to fix it. Line 691 in openpgp.php looks like my starting point for finding out how this works.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: