Closed Bug 1751080 Opened 3 years ago Closed 3 years ago

TB 91.5: PGP key cannot be imported

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 95
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1752718

People

(Reporter: bernhard.esslinger, Unassigned)

Details

Attachments

(5 files)

Error-in TB-when-importing-a-pgp-public-key.png
4.30 KB, image/png
Details
Dialog which allows to import the attached asc file.
20.19 KB, image/png
Details
action to import attached key file
52.61 KB, image/jpeg
Details
import offering, click on "import"
37.23 KB, image/jpeg
Details
this is only offered once, after clicking cancel you can not get back here, only after restarting TB
41.11 KB, image/jpeg
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0

Steps to reproduce:

I am using TB 91.5 and I am a long-term user of OpenPGP.
During the last few weeks I got PGP keys from others which they had generated with TB. When importing these keys a dialog box without a title shows up stating in German "Fehler bei der Entschlüsselung" (which is "Error during decryption").

This does not make sense when importing some else's public key. Others had the same problem importing these keys with TB.

Remark: Kleopatra from Pgp4Win / GnuPG is able to import these keys.

Actual results:

When importing a PGP public key, an error showed up: "Fehler bei der Entschlüsselung" (which is "Error during decryption").

This bug prevents me from having a secure email connection with new users or with existing users who renew their key. So this is a very security-relevant bug.

Expected results:

Either a more precise message why the pgp key could ot be imported or a correct import.

Update:

Directly from the attachment in TB the publich pgp key cannot imported.
But the following way works: save the key as a file and import this file in TB.

Really strange. This means the key is correct and only the handling of the attachment for direct import has a flaw.

Component: Security → Security: OpenPGP
Product: Thunderbird → MailNews Core

Could you provide a screenshot when initializing the "direct import" (I guess you e.g. click on some import button?)

Sure.
I doubleclicked on the attached asc file. Then there appears the following dialog box, in which I click on "Importieren".

Ups -- how can I attach an image in this answer?

The dialog has no title and says:
"Bei dem zu öffnenden Anhang <filename.asc> scheint es sich um eine OpenPGP-Schlüsseldatei zu handlen.
Wählen Sie "Importieren" für den Import der enthaltenen Schlüssel oder "Anzeigen", um die Datei in einem Browser-Fenster zu öffnen".

This means: Choose "Import" if you want to import the keys contained in the attached file.

Below this text there are the two buttons "Importieren" and "Anzeigen" (Import and Show).

Requested screenshot.

I could not reproduce with only using TB 91.5.0:

  • Generated fresh key pair (private + public key, let the default, expiry 3 years, RSA, 3072 bit) for an identity that had no key before
  • Exported the public key to file
  • Then deleted the generated key in TB OpenPGP key manager
  • Sent a mail to myself with the exported public key file as attachment
  • Open the received mail, right click the attached key file and select "decrypt and open" -> Import worked as expected.

Bernhard could you say with what Thunderbird version and how exactly your partners did create their keys that you cannot import via the attachment key import function?
Maybe one of your partners could create a public key that does not reveal any private information and that you have this issue with, and attach that public key here to the ticket?

Stop, I suddenly get the failure too, with the steps mentioned in comment 5. The import worked on my first try to reproduce, but now on another try, import suddenly it fails (with the same error message of OP).

Now I can reproduce:
Do the steps from comment 5 but after right clicking the mail attached key file and clicking on "import", click "cancel" (you could import the key successfully, though)
Then, right click the mail attached key file again, click on "import", and I get the error message from OP.
After restarting TB, import would be possible again, but only on first try, after that error message.
See screenshots

Bernhard, when you keep the mail from your partner with the attached public key file in your inbox, then delete the possibly already imported (via your workaround) public key in the TB OpenPGP key manager, then restart TB, can you then on the first try import the mail attached public key from your partner via right click-> import ? Or is import not possible also on the first try?

Just wondering why in Bernhards screenshot in comment 4 the "import" button is on the left side and the "view" button is on the right side, while at my Linux TB 91.5.0 (binary from thunderbird.net) it's the other way round (see my screenshot in comment 8)

See also similar bug 1748722 ?

On the failing second import try(see comment 7), I get:
Error console message: Failed to obtain key list from key block in decrypted attachment. undefined decryption.jsm:596:19

enigdbug.txt (privacy redacted):

2022-01-27 06:25:14.222 [DEBUG] enigmailMsgHdrViewOverlay.js: this.enigCanDetachAttachments
2022-01-27 06:25:14.222 [DEBUG] enigmailMsgHdrViewOverlay.js: this.onShowAttachmentContextMenu
2022-01-27 06:25:14.223 [DEBUG] enigmailMsgHdrViewOverlay.js: this.onShowAttachmentContextMenu
2022-01-27 06:25:15.831 [DEBUG] enigmailMessengerOverlay.js: handleAttachmentSel: actionType=openAttachment
2022-01-27 06:25:15.831 [DEBUG] enigmailMessengerOverlay.js: handleAttachment: actionType=openAttachment, anAttachment(url)=mailbox:///home/redacted/.icedove/secredact.default/Mail/mailer.de/Inbox?number=063&part=1.2&filename=redacted-0x1D5390321BAF6E65%29-public.asc
2022-01-27 06:25:15.833 [DEBUG] enigmailMessengerOverlay.js: decryptAttachmentCallback:
2022-01-27 06:25:15.834 [DEBUG] decryption.jsm: decryptAttachment(parent=[object Window], outFileName=/tmp/redacted-(0x1D5390321BAF6E65)-public)
2022-01-27 06:25:17.387 [DEBUG] key.jsm: getKeyListFromKeyBlock

RNP_LOG_CONSOLE=1 does not print anything on the console

After every failing import try, there is a new empty file (with a counter in it's file name) in /tmp/ directory that does not get cleaned up on TB shutdown. So after five tries I got those files:

'/tmp/redacted@example-1.com(0x1D5390321BAF6E65)-public'
'/tmp/redacted@example-2.com-(0x1D5390321BAF6E65)-public'
'/tmp/redacted@example-3.com-(0x1D5390321BAF6E65)-public'
'/tmp/redacted@example-4.com-(0x1D5390321BAF6E65)-public'
'/tmp/redacted@example-5.com-(0x1D5390321BAF6E65)-public'
'/tmp/redacted@example.com-(0x1D5390321BAF6E65)-public'

Bug is fixed for me in TB 91.6.0. (aside the fact that there is still a /tmp/ file for every cancelled (or also successfull?) key import, think it would be better to remove those)

Yes, this bug should have been fixed in 91.6.0 by the fix in bug 1752718.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE

Bernhard, can you please test again with 91.6.0 and comment if it still doesn't work?

Sorry for the late answer. I just tested with FF 102.10.1 (64-Bit) is fixed.
Thanks, Bernhard

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: