Re: [Mutt] #1565: Failure to pass correct subkey when encrypting (GPG)

Subject: Re: [Mutt] #1565: Failure to pass correct subkey when encrypting (GPG)
From: Mutt <fleas@xxxxxxxx>
Date: Mon, 02 Apr 2007 02:53:05 -0000
Cc: mutt-dev@xxxxxxxx
In-reply-to: <056.3fd606813d0d101d3c62fdc82e8af0b8@xxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?Subject="Unsubscribe Mutt Dev"?body=unsubscribe>
References: <056.3fd606813d0d101d3c62fdc82e8af0b8@xxxxxxxx>
Reply-to: fleas@xxxxxxxx
Sender: owner-mutt-dev@xxxxxxxx

#1565: Failure to pass correct subkey when encrypting (GPG)

Changes (by brendan):

  * component:  mutt => crypto

Old description:

> {{{
> Package: mutt
> Version: mutt-1.4-4
> Severity: normal
>
> -- Please type your report below this line
> When encrypting to a GPG key with multiple sub(encryption)keys mutt does
> not correctly pass the key ID of the selected key to the pgp_encrypt_*
> command, but only the master signing key's ID.
>
> I unset the pgp_ignore_subkeys variable so I am able to see the various
> subkeys on my keyring.
>
> I made a test key which has the following parts:
>
>   pub  1024D/1A863253 2003-05-11 Test Key <svwright@xxxxxxxxx>
>   sub  1024g/7CC03CCA 2003-05-11 [expires: 2003-05-25]
>   sub  1024D/9697A280 2003-05-11 [expires: 2003-05-25]
>   sub  1024g/0AC4E590 2003-05-11 [expires: 2003-05-25]
>   sub  1024D/FF54912C 2003-05-11 [expires: 2003-05-25]
>
> i.e. a master signing key (1A863253), two subkeys for signing (9697A280,
> FF54912C) and two subkeys for encryption (7CC03CCA, 0AC4E590).
>
> I then tried mailing myself two seperate messages and encrypting each to
> a different encryption key.  I saved the delievered messages and then
> tried decryping with GPG on the command line.  Both messages were
> encrypted to key 0AC4E590 -- which is the correct GPG behaviour for
> encrypting to a key where the subkey is not defined, i.e. encrypt to the
> most recent appropriate key -- but wrong for what I wanted to do.
>
> I then modified my gpg.rc (the default one for the 1.5.4 install) to put
> a
> "!" after the "%r" on the pgp_encrypt_* commands.  (This is how on the
> command line one specifies to GPG to use a particular subkey, rather than
> the default for a particular key.)
>
> The error I got when trying to send a message encrypted to one of my keys
> this time was
>   gpg: 0x1A863253!: skipped: unusable public key
>   gpg: /tmp/mutt-dylan-11140-3: encryption failed: unusable public key
>
> i.e. mutt doesn't actually pass the selected subkey ID along, but rather
> the master signing key ID (which is DSA, can't be used for encryption and
> hence causes the error!).
>
> So... mutt should pass the correct key ID to the pgp_encrypt_* commands.
> (AND include the "!" to force GPG to do the right thing.)
>

> Thanks for the excellent mailer though!
>
> -- System Information
> System Version: Linux dylan 2.4.18-27.8.0 #1 Fri Mar 14 07:36:43 EST 2003
> i686 athlon i386 GNU/Linux
> RPM Packager: Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
> RedHat Release: Red Hat Linux release 8.0 (Psyche)
>
> -- Build environment information
>
> (Note: This is the build environment installed on the system
> muttbug is run on.  Information may or may not match the environment
> used to build mutt.)
>
> - gcc version information
> gcc
> Reading specs from /usr/local/lib/gcc-lib/i686-pc-linux-gnu/3.2.1/specs
> Configured with: ./configure
> Thread model: posix
> gcc version 3.2.1
>
> - CFLAGS
> -Wall -pedantic -g -O2
>
> -- Mutt Version Information
>
> Mutt 1.5.4i (2003-03-19)
> Copyright (C) 1996-2002 Michael R. Elkins and others.
> Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
> Mutt is free software, and you are welcome to redistribute it
> under certain conditions; type `mutt -vv' for details.
>
> System: Linux 2.4.18-27.8.0 (i686) [using ncurses 5.2]
> Compile options:
> -DOMAIN
> -DEBUG
> -HOMESPOOL  -USE_SETGID  +USE_DOTLOCK  -DL_STANDALONE
> +USE_FCNTL  -USE_FLOCK
> -USE_POP  +USE_IMAP  -USE_GSS  -USE_SSL  -USE_SASL  -USE_SASL2
> +HAVE_REGCOMP  -USE_GNU_REGEX
> +HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET
> +HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM
> +CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME
> -CRYPT_BACKEND_GPGME  -BUFFY_SIZE -EXACT_ADDRESS  -SUN_ATTACHMENT
> +ENABLE_NLS  -LOCALES_HACK  +COMPRESSED  +HAVE_WC_FUNCS
> +HAVE_LANGINFO_CODESET  +HAVE_LANGINFO_YESEXPR
> +HAVE_ICONV  -ICONV_NONTRANS  -HAVE_LIBIDN  +HAVE_GETSID
> +HAVE_GETADDRINFO
> ISPELL="/usr/bin/ispell"
> SENDMAIL="/usr/lib/sendmail"
> MAILPATH="/var/mail"
> PKGDATADIR="/home/damtp/users/svwright/host/linux/share/mutt"
> SYSCONFDIR="/home/damtp/users/svwright/host/linux/etc"
> EXECSHELL="/bin/sh"
> -MIXMASTER
> To contact the developers, please mail to <mutt-dev@xxxxxxxx>.
> To report a bug, please use the flea(1) utility.
>
> patch-1.5.4.rr.compressed.1
>

> >How-To-Repeat:
>
> >Fix:
> }}}

New description:

 When encrypting to a GPG key with multiple sub(encryption)keys mutt does
 not correctly pass the key ID of the selected key to the pgp_encrypt_*
 command, but only the master signing key's ID.

 I unset the pgp_ignore_subkeys variable so I am able to see the various
 subkeys on my keyring.

 I made a test key which has the following parts:
 {{{
   pub  1024D/1A863253 2003-05-11 Test Key <svwright@xxxxxxxxx>
   sub  1024g/7CC03CCA 2003-05-11 [expires: 2003-05-25]
   sub  1024D/9697A280 2003-05-11 [expires: 2003-05-25]
   sub  1024g/0AC4E590 2003-05-11 [expires: 2003-05-25]
   sub  1024D/FF54912C 2003-05-11 [expires: 2003-05-25]
 }}}
 i.e. a master signing key (1A863253), two subkeys for signing (9697A280,
 FF54912C) and two subkeys for encryption (7CC03CCA, 0AC4E590).

 I then tried mailing myself two seperate messages and encrypting each to
 a different encryption key.  I saved the delievered messages and then
 tried decryping with GPG on the command line.  Both messages were
 encrypted to key 0AC4E590 -- which is the correct GPG behaviour for
 encrypting to a key where the subkey is not defined, i.e. encrypt to the
 most recent appropriate key -- but wrong for what I wanted to do.

 I then modified my gpg.rc (the default one for the 1.5.4 install) to put a
 "!" after the "%r" on the pgp_encrypt_* commands.  (This is how on the
 command line one specifies to GPG to use a particular subkey, rather than
 the default for a particular key.)

 The error I got when trying to send a message encrypted to one of my keys
 this time was
 {{{
   gpg: 0x1A863253!: skipped: unusable public key
   gpg: /tmp/mutt-dylan-11140-3: encryption failed: unusable public key
 }}}
 i.e. mutt doesn't actually pass the selected subkey ID along, but rather
 the master signing key ID (which is DSA, can't be used for encryption and
 hence causes the error!).

 So... mutt should pass the correct key ID to the pgp_encrypt_* commands.
 (AND include the "!" to force GPG to do the right thing.)


 Thanks for the excellent mailer though!

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/1565#comment:1>

Prev by Date: Re: [Mutt] #2087: "%>" in pager_format overshoots by 10 repetitions
Next by Date: Re: [Mutt] #937: Mutt closes POP connection and hangs
Previous by thread: Re: [Mutt] #2087: "%>" in pager_format overshoots by 10 repetitions
Next by thread: Re: [Mutt] #1535: attachments of type "application/xxx" cannot be
Index(es):
- Date
- Thread