Closed
Bug 1764444
Opened 2 years ago
Closed 9 months ago
Current private PGP key got lost
Categories
(MailNews Core :: Security: OpenPGP, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1763641
People
(Reporter: fbrenk, Unassigned)
Details
(Keywords: regression, Whiteboard: [regression 91.7->91.8])
Attachments
(1 file)
|
25.92 KB,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Steps to reproduce:
Sending e-mails results in error message "no valid private pgp key available" since yesterday.
I am running TB on different computers with the same pgp keys (3x Windows 10 Home 21H2 or 21H1, 3x openSuSE Leap 15.3, 1x MacOS Monterey). My profile-folder does not reside in the usual "user"-folder (regarding Windows) but on drive d:.
openSuSE Linux doesn't seem to be affected so far.
I did not have the chance to check MacOS yet.
Actual results:
My current private PGP-key (valid until 2023) got lost within my Windows 10 setup! There is only an outdated key available in TB currently from 2020. This means that I can't sign my e-mails anymore, neither encrypt.
It's also not possible to import the key from an existing backup (no error message).
PGP key was originally created in 2007 and extended several times within recent years.
Expected results:
My setup has been working fine initially since the migration to built in pgp encryption (and even before for years with Enigmail add-on and Kleopatra).
|
||
Comment 1•2 years ago
|
||
Is the key using SHA-1? Bug 1763641
Component: Security → Security: OpenPGP
Keywords: regression
Product: Thunderbird → MailNews Core
Whiteboard: [regression 91.7->91.8]
|
||
Comment 3•2 years ago
|
||
Same problem here after update to version 91.8.0 (64-Bit) (using ubuntu 18.04 LTS as OS but not the distro version of thunderbird) with most of my round about 100 private keys. The keys just lost the information about the existing expiry extensions.
When I try to extend the expiration again I get the "openpgp-cannot-change-expiry" message ("This is a key with a complex structure, changing its expiry date isn’t supported.")
Seems that my key mostly use the following specs.
Algorithm: RSA
Key length: 4096
Would be great to get at least an explanation for this phenomenon.
|
||
Comment 4•2 years ago
|
||
Please check whether your keys use SHA-1 hash algorithm for self-signatures (especially the latest one). Not sure how to do that with Kleopatra, but with GnuPG you may use gpg --list-packets your-key.asc, and look for digest algo: 2 (or post listing here, removing all the privacy-sensitive information).
|
|
||
Comment 5•2 years ago
|
||
...explanation is available here: https://bugzilla.mozilla.org/show_bug.cgi?id=1763641#c5
|
|
||
Comment 6•2 years ago
|
||
Thanks for your help @Nickolay Olshevsky.
I had to search for 'algo: 9' instead of 'algo: 2'. But with that I found out, that this keys really are based on SHA1.
I used the following line in terminal:
gpg --list-packets your-key.asc | grep "algo: 9"
and got the following result
iter+salt S2K, algo: 9, SHA1 protection, hash: 8, salt: 1111111111111111
iter+salt S2K, algo: 9, SHA1 protection, hash: 8, salt: 2222222222222222
Good to know that the keys where still based on SHA1 and of course I will now change that.
But I would suggest that Thunderbird offers some more specific information about what is happening. I guess there aren't a lot of 'normal' users that search for responses in Bugzilla - or even know what SHA1 is and how using may be a security risk.
:public key packet:
version 4, algo 17, created 1193471421, expires 0
pkey[0]: [1024 bits]
pkey[1]: [160 bits]
pkey[2]: [1022 bits]
pkey[3]: [1024 bits]
keyid: BC6278A552423440
# off=421 ctb=b4 tag=13 hlen=2 plen=28
:user ID packet: "Felix Brenk <fbrenk@gmx.net>"
# off=451 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1408864233, md5len 0, sigclass 0x13
digest algo 2, begin of digest 38 bb
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 2 len 4 (sig created 2014-08-24)
hashed subpkt 9 len 4 (key expires after 10y68d3h9m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [160 bits]
# off=558 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1193527817, md5len 0, sigclass 0x13
digest algo 2, begin of digest 19 d8
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 9 len 4 (key expires after 5y0d0h0m)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2007-10-27)
hashed subpkt 25 len 1 (primary user ID)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [158 bits]
# off=665 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1274125413, md5len 0, sigclass 0x13
digest algo 2, begin of digest cc 92
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 2 len 4 (sig created 2010-05-17)
hashed subpkt 9 len 4 (key expires after 8y67d11h53m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [158 bits]
data: [160 bits]
# off=772 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1454392663, md5len 0, sigclass 0x13
digest algo 2, begin of digest aa 41
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 2 len 4 (sig created 2016-02-02)
hashed subpkt 9 len 4 (key expires after 10y99d22h7m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [158 bits]
data: [160 bits]
# off=879 ctb=88 tag=2 hlen=2 plen=128
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1578763389, md5len 0, sigclass 0x13
digest algo 2, begin of digest 8e 9a
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 33 len 21 (issuer fpr v4 39FC1BBFD3F83FDFBBA99BA0BC6278A552423440)
hashed subpkt 2 len 4 (sig created 2020-01-11)
hashed subpkt 9 len 4 (key expires after 15y79d9h32m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [160 bits]
# off=1009 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1499803299, md5len 0, sigclass 0x13
digest algo 2, begin of digest 6a df
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 2 len 4 (sig created 2017-07-11)
hashed subpkt 9 len 4 (key expires after 12y100d3h9m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [153 bits]
data: [159 bits]
# off=1116 ctb=b4 tag=13 hlen=2 plen=33
:user ID packet: "Felix Brenk <felix.brenk@gmx.net>"
# off=1151 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1408864252, md5len 0, sigclass 0x13
digest algo 2, begin of digest 74 41
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2014-08-24)
hashed subpkt 9 len 4 (key expires after 10y68d3h9m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [159 bits]
# off=1255 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1193527753, md5len 0, sigclass 0x13
digest algo 2, begin of digest 10 8e
hashed subpkt 2 len 4 (sig created 2007-10-27)
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 9 len 4 (key expires after 5y0d0h0m)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [160 bits]
# off=1359 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1274125413, md5len 0, sigclass 0x13
digest algo 2, begin of digest 4e 09
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2010-05-17)
hashed subpkt 9 len 4 (key expires after 8y67d11h53m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [157 bits]
data: [158 bits]
# off=1463 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1454392663, md5len 0, sigclass 0x13
digest algo 2, begin of digest 87 a5
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2016-02-02)
hashed subpkt 9 len 4 (key expires after 10y99d22h7m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [159 bits]
data: [158 bits]
# off=1567 ctb=88 tag=2 hlen=2 plen=125
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1578763389, md5len 0, sigclass 0x13
digest algo 2, begin of digest 41 32
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 33 len 21 (issuer fpr v4 39FC1BBFD3F83FDFBBA99BA0BC6278A552423440)
hashed subpkt 2 len 4 (sig created 2020-01-11)
hashed subpkt 9 len 4 (key expires after 15y79d9h32m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [159 bits]
# off=1694 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1499803311, md5len 0, sigclass 0x13
digest algo 2, begin of digest fb 8f
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2017-07-11)
hashed subpkt 9 len 4 (key expires after 12y100d3h9m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [160 bits]
# off=1798 ctb=d1 tag=17 hlen=3 plen=8079 new-ctb
:attribute packet: [jpeg image of size 8060]
# off=9880 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1454392663, md5len 0, sigclass 0x13
digest algo 2, begin of digest 62 17
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 6 (pref-sym-algos: 9 8 7 3 2 1)
hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2016-02-02)
hashed subpkt 9 len 4 (key expires after 10y99d22h7m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [154 bits]
data: [153 bits]
# off=9987 ctb=88 tag=2 hlen=2 plen=128
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1578763389, md5len 0, sigclass 0x13
digest algo 2, begin of digest a1 7e
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 6 (pref-sym-algos: 9 8 7 3 2 1)
hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 33 len 21 (issuer fpr v4 39FC1BBFD3F83FDFBBA99BA0BC6278A552423440)
hashed subpkt 2 len 4 (sig created 2020-01-11)
hashed subpkt 9 len 4 (key expires after 15y79d9h32m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [160 bits]
# off=10117 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1499803311, md5len 0, sigclass 0x13
digest algo 2, begin of digest 3e 5c
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 6 (pref-sym-algos: 9 8 7 3 2 1)
hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2017-07-11)
hashed subpkt 9 len 4 (key expires after 12y100d3h9m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [158 bits]
data: [156 bits]
# off=10224 ctb=b9 tag=14 hlen=3 plen=525
:public sub key packet:
version 4, algo 16, created 1193471421, expires 0
pkey[0]: [2048 bits]
pkey[1]: [4 bits]
pkey[2]: [2046 bits]
keyid: 8A13F983B12B96ED
# off=10752 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1578763390, md5len 0, sigclass 0x18
digest algo 2, begin of digest 9f 64
hashed subpkt 27 len 1 (key flags: 0C)
hashed subpkt 33 len 21 (issuer fpr v4 39FC1BBFD3F83FDFBBA99BA0BC6278A552423440)
hashed subpkt 2 len 4 (sig created 2020-01-11)
hashed subpkt 9 len 4 (key expires after 15y79d9h32m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [157 bits]
data: [160 bits]
# off=10856 ctb=95 tag=5 hlen=3 plen=489
:secret key packet:
version 4, algo 17, created 1193471421, expires 0
pkey[0]: [1024 bits]
pkey[1]: [160 bits]
pkey[2]: [1022 bits]
pkey[3]: [1024 bits]
iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: FFFD5A784840658C
protect count: 5505024 (197)
protect IV: a3 b6 8c 4b b0 48 31 69 31 8a 4d 0b 63 36 b8 62
skey[4]: [v4 protected]
keyid: BC6278A552423440
# off=11348 ctb=b4 tag=13 hlen=2 plen=28
:user ID packet: "Felix Brenk <fbrenk@gmx.net>"
# off=11378 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1408864233, md5len 0, sigclass 0x13
digest algo 2, begin of digest 38 bb
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 2 len 4 (sig created 2014-08-24)
hashed subpkt 9 len 4 (key expires after 10y68d3h9m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [160 bits]
# off=11485 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1193527817, md5len 0, sigclass 0x13
digest algo 2, begin of digest 19 d8
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 9 len 4 (key expires after 5y0d0h0m)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2007-10-27)
hashed subpkt 25 len 1 (primary user ID)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [158 bits]
# off=11592 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1274125413, md5len 0, sigclass 0x13
digest algo 2, begin of digest cc 92
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 2 len 4 (sig created 2010-05-17)
hashed subpkt 9 len 4 (key expires after 8y67d11h53m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [158 bits]
data: [160 bits]
# off=11699 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1454392663, md5len 0, sigclass 0x13
digest algo 2, begin of digest aa 41
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 2 len 4 (sig created 2016-02-02)
hashed subpkt 9 len 4 (key expires after 10y99d22h7m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [158 bits]
data: [160 bits]
# off=11806 ctb=88 tag=2 hlen=2 plen=128
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1578763389, md5len 0, sigclass 0x13
digest algo 2, begin of digest 8e 9a
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 33 len 21 (issuer fpr v4 39FC1BBFD3F83FDFBBA99BA0BC6278A552423440)
hashed subpkt 2 len 4 (sig created 2020-01-11)
hashed subpkt 9 len 4 (key expires after 15y79d9h32m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [160 bits]
# off=11936 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1499803299, md5len 0, sigclass 0x13
digest algo 2, begin of digest 6a df
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 2 len 4 (sig created 2017-07-11)
hashed subpkt 9 len 4 (key expires after 12y100d3h9m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [153 bits]
data: [159 bits]
# off=12043 ctb=b4 tag=13 hlen=2 plen=33
:user ID packet: "Felix Brenk <felix.brenk@gmx.net>"
# off=12078 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1408864252, md5len 0, sigclass 0x13
digest algo 2, begin of digest 74 41
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2014-08-24)
hashed subpkt 9 len 4 (key expires after 10y68d3h9m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [159 bits]
# off=12182 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1193527753, md5len 0, sigclass 0x13
digest algo 2, begin of digest 10 8e
hashed subpkt 2 len 4 (sig created 2007-10-27)
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 9 len 4 (key expires after 5y0d0h0m)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [160 bits]
# off=12286 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1274125413, md5len 0, sigclass 0x13
digest algo 2, begin of digest 4e 09
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2010-05-17)
hashed subpkt 9 len 4 (key expires after 8y67d11h53m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [157 bits]
data: [158 bits]
# off=12390 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1454392663, md5len 0, sigclass 0x13
digest algo 2, begin of digest 87 a5
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2016-02-02)
hashed subpkt 9 len 4 (key expires after 10y99d22h7m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [159 bits]
data: [158 bits]
# off=12494 ctb=88 tag=2 hlen=2 plen=125
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1578763389, md5len 0, sigclass 0x13
digest algo 2, begin of digest 41 32
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 33 len 21 (issuer fpr v4 39FC1BBFD3F83FDFBBA99BA0BC6278A552423440)
hashed subpkt 2 len 4 (sig created 2020-01-11)
hashed subpkt 9 len 4 (key expires after 15y79d9h32m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [159 bits]
# off=12621 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1499803311, md5len 0, sigclass 0x13
digest algo 2, begin of digest fb 8f
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2017-07-11)
hashed subpkt 9 len 4 (key expires after 12y100d3h9m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [160 bits]
# off=12725 ctb=d1 tag=17 hlen=3 plen=8079 new-ctb
:attribute packet: [jpeg image of size 8060]
# off=20807 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1454392663, md5len 0, sigclass 0x13
digest algo 2, begin of digest 62 17
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 6 (pref-sym-algos: 9 8 7 3 2 1)
hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2016-02-02)
hashed subpkt 9 len 4 (key expires after 10y99d22h7m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [154 bits]
data: [153 bits]
# off=20914 ctb=88 tag=2 hlen=2 plen=128
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1578763389, md5len 0, sigclass 0x13
digest algo 2, begin of digest a1 7e
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 6 (pref-sym-algos: 9 8 7 3 2 1)
hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 33 len 21 (issuer fpr v4 39FC1BBFD3F83FDFBBA99BA0BC6278A552423440)
hashed subpkt 2 len 4 (sig created 2020-01-11)
hashed subpkt 9 len 4 (key expires after 15y79d9h32m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [160 bits]
# off=21044 ctb=88 tag=2 hlen=2 plen=105
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1499803311, md5len 0, sigclass 0x13
digest algo 2, begin of digest 3e 5c
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 6 (pref-sym-algos: 9 8 7 3 2 1)
hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 2 len 4 (sig created 2017-07-11)
hashed subpkt 9 len 4 (key expires after 12y100d3h9m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [158 bits]
data: [156 bits]
# off=21151 ctb=9d tag=7 hlen=3 plen=619
:secret sub key packet:
version 4, algo 16, created 1193471421, expires 0
pkey[0]: [2048 bits]
pkey[1]: [4 bits]
pkey[2]: [2046 bits]
iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: CA32D094A4F5D312
protect count: 5505024 (197)
protect IV: cc 51 91 5b 0d 31 51 ad 49 ea 64 c0 c7 c6 af 86
skey[3]: [v4 protected]
keyid: 8A13F983B12B96ED
# off=21773 ctb=88 tag=2 hlen=2 plen=102
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1578763390, md5len 0, sigclass 0x18
digest algo 2, begin of digest 9f 64
hashed subpkt 27 len 1 (key flags: 0C)
hashed subpkt 33 len 21 (issuer fpr v4 39FC1BBFD3F83FDFBBA99BA0BC6278A552423440)
hashed subpkt 2 len 4 (sig created 2020-01-11)
hashed subpkt 9 len 4 (key expires after 15y79d9h32m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [157 bits]
data: [160 bits]
E:\Backups\Schlüssel\gnupg\Export>|
|
||
Comment 8•2 years ago
|
||
Thanks for the dump.
S2K text is a bit different - it tells which algo and hash is used to encrypt secret key/derive encrypting key from the password.
Offending signatures should be as following:
:signature packet: algo 17, keyid BC6278A552423440
version 4, created 1578763389, md5len 0, sigclass 0x13
digest algo 2, begin of digest 8e 9a
hashed subpkt 27 len 1 (key flags: 23)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 33 len 21 (issuer fpr v4 39FC1BBFD3F83FDFBBA99BA0BC6278A552423440)
hashed subpkt 2 len 4 (sig created 2020-01-11)
hashed subpkt 9 len 4 (key expires after 15y79d9h32m)
subpkt 16 len 8 (issuer key ID BC6278A552423440)
data: [160 bits]
data: [160 bits]
digest algo 2 means SHA1, and sig was created at 2020-01-11 (Current TB version allows SHA1 sigs created before the 2019-01-15).
Could you please also specify for which email key doesn't work, i.e. fbrenk at gmx, or felix.brenk at gmx, or both? At the current logic of RNP at least first one should work.
|
Reporter | |
Comment 10•2 years ago
|
||
Is there a guide available about how to convert my keys to SHA-2? Or is this not possible?
|
|
Reporter | |
Comment 11•2 years ago
|
||
|
|
Reporter | |
Comment 12•2 years ago
|
||
I just updated my keys according to this digest (with openSuSE Linux 15.3). In Kleopatra they seem to look fine. But in Thunderbird I can't import them (TB has its own key management when I am right?) - no specific error-message.
While Uploading to the keyserver I get this error-message:
"Die Ausgabe von /usr/bin/gpg2 lautet: gpg: WARNUNG: Unsichere Zugriffsrechte des Home-Verzeichnis `/home/fips/.gnupg' gpg: sende Schlüssel CEF760F286FAEF27 auf hkps://hkps.pool.sks-keyservers.net gpg: Senden an Schlüsselserver fehlgeschlagen: Server zeigt einen unbestimmten Fehler "
After a reboot I couldn't log in to openSuSE until I restored the .gnupg directory with the old settings.
WHAT DO YOU THINK ABOUT THAT?
|
|
Reporter | |
Comment 13•2 years ago
|
||
Key still seems to contain algo 2?
|
|
Reporter | |
Comment 14•2 years ago
|
||
Problem solved: there is no gpg.conf. in standard installation. So I edited gpg-agent.conf instead. With Windows 10 this resulted in an error-message while starting Kleopatra. With correct gpg.conf everything is fine now as described by Heise.de. At least with Windows. I will check Linux later on...
|
|
Reporter | |
Comment 15•2 years ago
|
||
Linux is OK, too.
|
|
Reporter | |
Comment 16•2 years ago
|
||
We have got a discussion in the TB-forum: is it really necessary to build a completely new key with no SHA-1? I would rather like to keep my key from 2007 in order to decrypt older mails?
|
|
||
Comment 17•2 years ago
|
||
(In reply to Felix B. from comment #9)
The key doesn't work for both addresses.
Thanks for replying. Re-checked - it is intended behaviour due to the SHA-1 deprecation.
We have got a discussion in the TB-forum: is it really necessary to build a completely new key with no SHA-1? I would rather like to keep my key from 2007 in order to decrypt older mails?
This is not neccessary due to SHA-1, since you may generate new self-signature with stronger hash algorithm, extending key expiration. However, you should generate newer key as your old key is a 1024-bit RSA key, which is not considered as strong enough nowadays.
|
|
Reporter | |
Comment 18•2 years ago
|
||
Thank you!
|
||
Comment 19•9 months ago
|
||
I assume the issue has been fixed for everyone in newer Thunderbird versions.
Status: UNCONFIRMED → RESOLVED
Closed: 9 months ago
Duplicate of bug: 1763641
Resolution: --- → DUPLICATE
|
|
Reporter | |
Comment 20•9 months ago
|
||
Issue has been fixed! TB is working fine currently on all platforms.
You need to log in
before you can comment on or make changes to this bug.
Description
•