Closed Bug 905538 Opened 12 years ago Closed 12 years ago

Secure mail encrypts for OpenPGP/GPG primary key instead of encryption subkey in violation of key usage flags

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Product:
bugzilla.mozilla.org
Component:
Extensions
Version:
Production
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 790487

People

(Reporter: hsivonen, Unassigned)

Details

Steps to reproduce: 1) For your bug mail identity, generate a primary RSA key pair, a signing RSA subkey and an encryption RSA subkey using GPG and then take the private key for the primary key pair offline according to https://wiki.debian.org/subkeys 2) For testing, generate the same kind of set of keys for another e-mail identity. (Not as a subidentity of the first one but as if these were separate users.) 3) Using gpg from the command line, generate and decrypt/verify encrypted and signed messages from the first identity to the second one and vice versa to see that command line gpg happily uses the subkeys even if the private keys for the primary key pairs have been taken offline. 4) Set up Enigmail in Thunderbird for both identities and send encrypted and signed e-mail in both directions to see that Enigmail and gpg together happily use the subkeys even if the private keys for the primary key pairs have been taken offline. 5) Export the public keys (the public key for the primary key as well as the public keys for the subkeys—the default export mode—for the e-mail identity that is also your bug mail identity. 6) Paste the ASCII-armored public key block into Bugzilla's secure e-mail preferences. 7) Try to read the test e-mail that Bugzilla sent to you in Thunderbird using Enigmail. Actual results: Enigmail complains that it cannot decrypt the Bugzilla-sent message, because the private key of the key ID for your primary key pair is not available. It looks like Bugzilla encrypted the message for your primary key even though the key usage flags for your primary key include "Sign" and "Certify" but don't include "Encrypt". Expected results: Expected Bugzilla to encrypt the message using the public subkey whose key usage flags include "Encrypt" and whose expiry time is the furthest in the future of the non-revoked subkeys whose usage flags include "Encrypt".
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Component: Extensions: SecureMail → Extensions
You need to log in before you can comment on or make changes to this bug.