Open Bug 1795564 Opened 3 years ago Updated 3 years ago

Thunderbird fails to send messages when 'digitally sign' is selected

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 107
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: AwesomeSheep48, Unassigned)

Details

Attachments

(1 file)

Error log
1.02 MB, image/png
Details
Attached image Error log

I tried to send an email that was digitally signed and encrypted with OpenPGP, but it fails unless I disable digitally signing my emails (encrypted and unencrypted by themselves work). This has been happening for about a week.

So this is for daily? Does it work on 102?
Your key didn't expire?

Component: Security → Security: OpenPGP
Product: Thunderbird → MailNews Core

Yes, this is on daily, and my key has not yet expired. I just tested and it does not work on 102 (102.3.3).

Do you have an advanced key? Anything with multiple subkeys, a subset of secret keys available, manually modified secring.gpg file in thunderbird profile directory, etc?

One of my keys has some notations in it for https://keyoxide.org/, but one for a different account is just a basic key (either generated with gpg or Thunderbird, can't remember), and the same thing happens.

Could you please provide output of the gpg --list-packets on your key, removing all the sensitive information? If your key's certification(s) has unsupported critical notation, then it could be the reason.

The key without notations (signing doesn't work on this one either)

# off=0 ctb=99 tag=6 hlen=3 plen=525
:public key packet:
	version 4, algo 1, created 1616475957, expires 0
	pkey[0]: [4096 bits]
	pkey[1]: [17 bits]
	keyid: 1FC50EA5FD809A83
# off=528 ctb=b4 tag=13 hlen=2 plen=38
:user ID packet: "William Davis <daviswill048@gmail.com>"
# off=568 ctb=89 tag=2 hlen=3 plen=591
:signature packet: algo 1, keyid 1FC50EA5FD809A83
	version 4, created 1616475957, md5len 0, sigclass 0x13
	digest algo 8, begin of digest a2 60
	hashed subpkt 33 len 21 (issuer fpr v4 0F1A4C5923A0D5C304644ED51FC50EA5FD809A83)
	hashed subpkt 2 len 4 (sig created 2021-03-23)
	hashed subpkt 9 len 4 (key expires after 3y0d0h0m)
	hashed subpkt 27 len 1 (key flags: 03)
	hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
	hashed subpkt 21 len 5 (pref-hash-algos: 8 9 10 11 2)
	hashed subpkt 22 len 4 (pref-zip-algos: 2 3 1 0)
	subpkt 16 len 8 (issuer key ID 1FC50EA5FD809A83)
	data: [4091 bits]
# off=1162 ctb=89 tag=2 hlen=3 plen=435
:signature packet: algo 1, keyid 20D4690C7C94B9A1
	version 4, created 1633956326, md5len 0, sigclass 0x10
	digest algo 8, begin of digest d2 27
	hashed subpkt 33 len 21 (issuer fpr v4 CD91F084B030DA1F7A2C240320D4690C7C94B9A1)
	hashed subpkt 2 len 4 (sig created 2021-10-11)
	subpkt 16 len 8 (issuer key ID 20D4690C7C94B9A1)
	data: [3070 bits]
# off=1600 ctb=b9 tag=14 hlen=3 plen=525
:public sub key packet:
	version 4, algo 1, created 1616475958, expires 0
	pkey[0]: [4096 bits]
	pkey[1]: [17 bits]
	keyid: 3E258CAEC61D9E60
# off=2128 ctb=89 tag=2 hlen=3 plen=572
:signature packet: algo 1, keyid 1FC50EA5FD809A83
	version 4, created 1616475959, md5len 0, sigclass 0x18
	digest algo 8, begin of digest 69 b0
	hashed subpkt 33 len 21 (issuer fpr v4 0F1A4C5923A0D5C304644ED51FC50EA5FD809A83)
	hashed subpkt 2 len 4 (sig created 2021-03-23)
	hashed subpkt 9 len 4 (key expires after 3y0d0h0m)
	hashed subpkt 27 len 1 (key flags: 0C)
	subpkt 16 len 8 (issuer key ID 1FC50EA5FD809A83)
	data: [4096 bits]

The key with notation

# off=0 ctb=c6 tag=6 hlen=3 plen=397 new-ctb
:public key packet:
	version 4, algo 1, created 1620415990, expires 0
	pkey[0]: [3072 bits]
	pkey[1]: [17 bits]
	keyid: 20D4690C7C94B9A1
# off=400 ctb=cd tag=13 hlen=2 plen=39 new-ctb
:user ID packet: "William Davis <daviswill048@icloud.com>"
# off=441 ctb=c2 tag=2 hlen=3 plen=468 new-ctb
:signature packet: algo 1, keyid 20D4690C7C94B9A1
	version 4, created 1620415990, md5len 0, sigclass 0x13
	digest algo 8, begin of digest c3 78
	hashed subpkt 33 len 21 (issuer fpr v4 CD91F084B030DA1F7A2C240320D4690C7C94B9A1)
	hashed subpkt 2 len 4 (sig created 2021-05-07)
	hashed subpkt 27 len 1 (key flags: 03)
	hashed subpkt 9 len 4 (key expires after 2y0d0h0m)
	hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
	hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
	hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
	hashed subpkt 30 len 1 (features: 01)
	hashed subpkt 23 len 1 (keyserver preferences: 80)
	subpkt 16 len 8 (issuer key ID 20D4690C7C94B9A1)
	data: [3072 bits]
# off=912 ctb=c2 tag=2 hlen=3 plen=1089 new-ctb
:signature packet: algo 1, keyid 20D4690C7C94B9A1
	version 4, created 1628741791, md5len 0, sigclass 0x13
	digest algo 8, begin of digest 3a ab
	hashed subpkt 27 len 1 (key flags: 03)
	hashed subpkt 9 len 4 (key expires after 2y0d0h0m)
	hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
	hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
	hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
	hashed subpkt 30 len 1 (features: 01)
	hashed subpkt 23 len 1 (keyserver preferences: 80)
	hashed subpkt 20 len 167 (notation: proof@metacode.biz=matrix:u/@awesomesheep48:matrix.org?org.keyoxide.r=!dBfQZxCoGVmSTujfiv:matrix.org&org.keyoxide.e=$a5ls6k0SjM6Gsopn1yPuwwQSN74aPrgKJRCcFk7zJYg)
	hashed subpkt 20 len 73 (notation: proof@metacode.biz=https://codeberg.org/<redacted>/)
	hashed subpkt 20 len 97 (notation: proof@metacode.biz=https://gist.github.com/<redacted>)
	hashed subpkt 20 len 71 (notation: proof@metacode.biz=https://news.ycombinator.com/user?id= <redacted>)
	hashed subpkt 20 len 63 (notation: proof@metacode.biz=https://fosstodon.org/@awesomesheep48)
	hashed subpkt 20 len 135 (notation: proof@metacode.biz=https://www.reddit.com/user/<redacted>/)
	hashed subpkt 33 len 21 (issuer fpr v4 CD91F084B030DA1F7A2C240320D4690C7C94B9A1)
	hashed subpkt 2 len 4 (sig created 2021-08-12)
	hashed subpkt 25 len 1 (primary user ID)
	subpkt 16 len 8 (issuer key ID 20D4690C7C94B9A1)
	data: [3071 bits]
# off=2004 ctb=cd tag=13 hlen=2 plen=48 new-ctb
:user ID packet: "<redacted>"
# off=2054 ctb=c2 tag=2 hlen=3 plen=546 new-ctb
:signature packet: algo 1, keyid 20D4690C7C94B9A1
	version 4, created 1628741733, md5len 0, sigclass 0x13
	digest algo 8, begin of digest 1f 76
	hashed subpkt 27 len 1 (key flags: 03)
	hashed subpkt 9 len 4 (key expires after 2y0d0h0m)
	hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
	hashed subpkt 34 len 2 (pref-aead-algos: 2 1)
	hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
	hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
	hashed subpkt 30 len 1 (features: 07)
	hashed subpkt 23 len 1 (keyserver preferences: 80)
	hashed subpkt 33 len 21 (issuer fpr v4 CD91F084B030DA1F7A2C240320D4690C7C94B9A1)
	hashed subpkt 2 len 4 (sig created 2021-08-12)
	hashed subpkt 20 len 72 (notation: proof@metacode.biz=<redacted>)
	subpkt 16 len 8 (issuer key ID 20D4690C7C94B9A1)
	data: [3071 bits]
# off=2603 ctb=ce tag=14 hlen=3 plen=397 new-ctb
:public sub key packet:
	version 4, algo 1, created 1620415990, expires 0
	pkey[0]: [3072 bits]
	pkey[1]: [17 bits]
	keyid: 4332A1C065BBA608
# off=3003 ctb=c2 tag=2 hlen=3 plen=444 new-ctb
:signature packet: algo 1, keyid 20D4690C7C94B9A1
	version 4, created 1620415990, md5len 0, sigclass 0x18
	digest algo 8, begin of digest 02 42
	hashed subpkt 33 len 21 (issuer fpr v4 CD91F084B030DA1F7A2C240320D4690C7C94B9A1)
	hashed subpkt 2 len 4 (sig created 2021-05-07)
	hashed subpkt 27 len 1 (key flags: 0C)
	hashed subpkt 9 len 4 (key expires after 2y0d0h0m)
	subpkt 16 len 8 (issuer key ID 20D4690C7C94B9A1)
	data: [3071 bits]
Flags: needinfo?(o.nickolay)

Sorry for a late reply, somehow lost track on this. From a first glance key looks pretty legit and should work fine. Probably enabling debug output from the RNP library could give some more information.

Flags: needinfo?(o.nickolay)

(In reply to Nickolay Olshevsky from comment #7)

Sorry for a late reply, somehow lost track on this. From a first glance key looks pretty legit and should work fine. Probably enabling debug output from the RNP library could give some more information.

How would I do that?

(In reply to WIlliam Davis (@awesomesheep48:matrix.org) from comment #8)

How would I do that?

As from here https://wiki.mozilla.org/Thunderbird:OpenPGP#Debugging_.2F_Tracing :

Advanced users may attempt to view internal error messages produced by the OpenPGP cryptographic engine that Thunderbird uses (the RNP library). To do so:

Set the environment variable called RNP_LOG_CONSOLE, e.g. in a Linux terminal you could do that using the command export RNP_LOG_CONSOLE=1.
Then you must start Thunderbird from within that terminal window, to ensure that it will see the environment variable that you have set.

Sorry for not responding sooner, for some reason my email was bouncing the email notifications from Bugzilla. This is what the log showed

UNSUPPORTED (log once): POSSIBLE ISSUE: unit 1 GLD_TEXTURE_INDEX_2D is unloadable and bound to sampler type (Float) - using zero texture because texture unloadable
[signature_validate() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/crypto/signatures.cpp:202] Signature and key do not agree on algorithm type: 1 vs 17
[signature_validate() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/crypto/signatures.cpp:202] Signature and key do not agree on algorithm type: 1 vs 17
[validate_sig() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/pgp-key.cpp:1935] issuer fingerprint doesn't match signer's one
[signature_validate() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/crypto/signatures.cpp:202] Signature and key do not agree on algorithm type: 1 vs 17
[validate_sig() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/pgp-key.cpp:1935] issuer fingerprint doesn't match signer's one
[validate_binding() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/pgp-key.cpp:1976] error! no primary key binding signature
[validate_binding() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/pgp-key.cpp:1976] error! no primary key binding signature
[signature_validate() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/crypto/signatures.cpp:202] Signature and key do not agree on algorithm type: 1 vs 17
[signature_validate() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/crypto/signatures.cpp:202] Signature and key do not agree on algorithm type: 1 vs 17
[pgp_revoke_t() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/pgp-key.cpp:714] Warning: no revocation reason in the revocation
[pgp_revoke_t() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/pgp-key.cpp:714] Warning: no revocation reason in the revocation
[pgp_revoke_t() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/lib/pgp-key.cpp:714] Warning: no revocation reason in the revocation
[signed_fill_signature() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-write.cpp:1132] wrong secret key password
[signed_detached_dst_finish() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-write.cpp:1192] failed to calculate detached signature
[process_stream_sequence() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-write.cpp:1764] failed to finish stream
[init_encrypted_src() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-parse.cpp:2159] failed to obtain decrypting key or password
[init_encrypted_src() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-parse.cpp:2159] failed to obtain decrypting key or password

After seeing this I tried deleting the key and replacing it with a backup I had (which has all the notations as well) and it worked.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: