Open Bug 1997493 Opened 3 months ago Updated 1 month ago

Import of public PGP key with experimental packets (e.g. 60) fails without clear error message - should be gracefully ignored

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 115
Type:
defect

Tracking

(Not tracked)

People

(Reporter: bugzilla, Unassigned)

References

Details

(Whiteboard: [RNP])

Thunderbird 144.0.1 Windows.

Attempting to import a public PGP key results in the message "Importing the keys failed". Similar for importing from clipboard.
The error console reads "rnp_import_keys failed with rv: 301989888".

gpg imports the key without complaint.

In order to get Thunderbird to accept it I had to import it to gpg then export with gpg --export --armor "username" > key.asc after which Thunderbird accepted it.

I don't want to attach the key here but I can mail it to the relevant person; please let me know.

Tried the key

export RNP_LOG_CONSOLE=1
thunderbird -P test
[parse_material() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-sig.cpp:1420] Unknown pk algorithm : 100
[process_pgp_key_signatures() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-key.cpp:243] failed to parse signature at 1571
[process_pgp_key_auto() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-key.cpp:341] wrong key tag: 60 at pos 4499

``

It appears that some experimental/non-standard algorithm is used for the signature (which is non-exportable by default). You may also run gpg --list-packets key.asc to see the details on that problematic signature.

The key is from the Financial Ombudsman Service, a fairly major UK government-aligned service related to financial complaints.

They apparently use Symantec PGP Gateway to handle all secure communications.

According to Thunderbird the key It was issued in 2014

Oops, accidentally posted a partial reply and can't see any way to edit.

According to Thunderbird the key was issued in 2014, if this has any bearing on its format?

I sent the key to :mkmelin - I'm too uninformed to know if it contains any private information, but if it doesn't, please feel free to post it here or post the output of gpg --list-packets.

In any case, could Thunderbird either provide a more helpful error message or, if appropriate, convert the key to an acceptable format?

Flags: needinfo?(mkmelin+mozilla)

I've sent the info to Nickolay.

Flags: needinfo?(mkmelin+mozilla)
Whiteboard: [mailsec-needs-analysis]

Nickolay identified the cause. https://github.com/rnpgp/rnp/issues/2379

No longer blocks: tb-mailsec-needs-analysis
Status: UNCONFIRMED → NEW
Ever confirmed: true
See Also: → https://github.com/rnpgp/rnp/issues/2379
Whiteboard: [mailsec-needs-analysis] → [RNP]
Summary: Import of public PGP key fails without clear error message → Import of public PGP key with experimental packets (e.g. 60) fails without clear error message - should be gracefully ignored
You need to log in before you can comment on or make changes to this bug.