Closed Bug 1763641 Opened 1 month ago Closed 18 days ago

Thunderbird 91.8 rejects OpenPGP keys with a binding signature based on SHA-1

Categories

(MailNews Core :: Security: OpenPGP, defect)

Thunderbird 91
defect

Tracking

(thunderbird_esr91+ fixed)

RESOLVED FIXED
101 Branch
Tracking Status
thunderbird_esr91 + fixed

People

(Reporter: clemens.hanel, Assigned: KaiE)

References

(Regression)

Details

(Keywords: regression, testcase, Whiteboard: [regression 91.7->91.8])

Attachments

(2 files, 1 obsolete file)

Attached file key_prolongation.pgp

Steps to reproduce:

We imported the attached PGP-key into Thunderbird 91.8

We tried importing via file and also via WKD-lookup.

Actual results:

The expiry date shows: 2021-04-02

Expected results:

The expiry date should show: 2031-03-22

This works as expected in Thunderbird 91.7

Just a wild guess: Maybe related to the fix of https://bugzilla.mozilla.org/show_bug.cgi?id=1754985

(When referencing bugs, please just write "bug" and the number, so that bugzilla autolinks correctly. Bug 1754985, bug 1753446.

Component: Security → Security: OpenPGP
Keywords: regression, testcase
Product: Thunderbird → MailNews Core
Whiteboard: [regression 91.7->91.8]

Nickolay, would be able to help us analyze why this key is reported by RNP v0.16.0 as expired? It's apparently a regression in comparison with v0.15.2

Flags: needinfo?(o.nickolay)

Hi, sure. The signature, which prolongs key expiration, uses SHA1 hash and has creation date Wed Mar 24 10:39:00 2021.
Since RNP v0.16.0 all SHA1 signatures, created after Jan, 15 2019 are marked as invalid, so new expiration is not picked up.

Flags: needinfo?(o.nickolay)

Nickolay, thanks a lot for your quick help!

Clemens, could you ask the key owner to extend the key using software that supports modern algorithms?

I think this bug should be marked wontfix, because we deliberately would like to reject signatures made using obsolete mechanisms.

Status: UNCONFIRMED → RESOLVED
Closed: 1 month ago
Resolution: --- → WONTFIX

Hello Kai,

We can confirm that re-extending the keys mitigates the problem. However, it is not possible to fix this within Thunderbird 91.8 itself, one needs to export the key to GPG, extend expiry there and reimport the key. Otherwise the new expiry date is ignored by Thunderbird.

Summary: Thunderbird 91.8 does not recognize expiry date of some prolonged PGP keys → Thunderbird 91.8 does not recognize expiry date of some prolonged PGP keys (key with SHA1 hash)
Summary: Thunderbird 91.8 does not recognize expiry date of some prolonged PGP keys (key with SHA1 hash) → Thunderbird 91.8 does not recognize expiry date of some prolonged PGP keys (key with SHA-1 hash)
Duplicate of this bug: 1764400

I would suggest that Thunderbird should offer some (more specific) information about the problem. I guess there aren't a lot of 'normal' users that search for responses in Bugzilla - or even know what SHA1 is and how using it may be a security risk.

Regressed by: 1750969
Duplicate of this bug: 1764381

Hello,iI ended up here after a tip in the German forum.
I also cannot import two keys with 91.8.0 (Windows).

Examples here are two keys from two German data protection authorities.

  1. https://datenschutz.hessen.de/service/verschl%C3%BCsselte-kommunikation-mit-dem-HBDI
    https://datenschutz.hessen.de/sites/datenschutz.hessen.de/files/HBDI_PGP.txt

  2. https://www.datenschutz.bremen.de/wir-ueber-uns/vertrauliche-kommunikation-7303
    https://www.datenschutz.bremen.de/sixcms/media.php/13/LfDI_Bremen.ASC

With Kleopatra I can import both keys, with Thunderbird I get error messages. The key for Bremen shows Thunderbird as expired, while Kleopatra recognises the key as valid. A screenshot (German) is here: https://www.thunderbird-mail.de/forum/thread/89386-frage-zum-pgp-import-von-%C3%B6ffentlichen-schl%C3%BCsseln/?postID=494861#post494861

I have spent the last few days troubleshooting.

Thanks

Duplicate of this bug: 1765740

Hi,

I extended the expiry date using GPG, and imported that - which seemed to fix the problem of Thunderbird not 'seeing' the correct expiration date (since it isn't accepting signatures that use SHA1).

However, now I seem to be unable to select this key as my personal key. I get a "OpenPGP keys imported successfully message!" message, but there is not an option available to select this key as my personal key.

Flags: needinfo?(o.nickolay)

(In reply to makechanges from comment #14)

I extended the expiry date using GPG, and imported that - which seemed to fix the problem of Thunderbird not 'seeing' the correct expiration date (since it isn't accepting signatures that use SHA1).

However, now I seem to be unable to select this key as my personal key. I get a "OpenPGP keys imported successfully message!" message, but there is not an option available to select this key as my personal key.

I'm sorry to hear that there are apparently additional problems.
Could you please create a full package dump of your secret key, and check if there's still any mention of MD5 of SHA1

Status: RESOLVED → REOPENED
Ever confirmed: true
Flags: needinfo?(makechanges)
Resolution: WONTFIX → ---

I suggest to partially undo the change, and continue to allow SHA-1 binding self-signatures and revocation signatures until we can offer a better way to handle affected keys.

Assignee: nobody → kaie
Attachment #9274640 - Flags: review?(o.nickolay)
Summary: Thunderbird 91.8 does not recognize expiry date of some prolonged PGP keys (key with SHA-1 hash) → Thunderbird 91.8 rejects OpenPGP keys with a binding signature based on SHA-1

Comment on attachment 9274640 [details]
Bug 1763641 - Continue to allow SHA-1 in OpenPGP binding signatures and revocation signatures. r=mkmelin

LGTM!

Flags: needinfo?(o.nickolay)
Attachment #9274640 - Flags: review?(o.nickolay) → review+
Target Milestone: --- → 101 Branch

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/ca8356ebfcb2
Continue to allow SHA-1 in OpenPGP binding signatures and revocation signatures. r=mkmelin

Status: REOPENED → RESOLVED
Closed: 1 month ago18 days ago
Resolution: --- → FIXED

Comment on attachment 9274640 [details]
Bug 1763641 - Continue to allow SHA-1 in OpenPGP binding signatures and revocation signatures. r=mkmelin

a=wsmwk from Matrix chat

Attachment #9274640 - Flags: approval-comm-esr91+
See Also: → 1767272
Duplicate of this bug: 1767284

The current candidate build can be downloaded from https://archive.mozilla.org/pub/thunderbird/candidates/91.9.0-candidates/build3/
Andif all goes well 91.9.0 should be available later today.

Duplicate of this bug: 1763959
Duplicate of this bug: 1763613

Thank you all for all of your support in figuring this out, and for making adjustments so that this doesn't adversely affect people who haven't been able to figure out what is going wrong yet.

Offhand, any idea when this might be available in the ubuntu updates? I've been trying to avoid creating a new pgp key, and nobody who is dependent on a current version of Thunderbird can send me encrypted mail and I can't send encrypted mail to anyone who also inadvertently has a SHA1 hash in their signatures.

Flags: needinfo?(makechanges)

Hi, I was hoping to hear an update about this? I'm uncertain if I need to use a candidate build, or if the reversion to allow SHA1 hash in signatures will become part of the release available through Ubuntu updates.

Flags: needinfo?(kaie)

I cannot answer questions about the update timeline of the Ubuntu distribution.

Flags: needinfo?(kaie)

Comment on attachment 9275958 [details]
Bug 1763641 - Add RNP source patch for bug 1763641. r=kaie

Revision D146013 was moved to bug 1767272. Setting attachment 9275958 [details] to obsolete.

Attachment #9275958 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.