Corrupted keybox if created by gpgsm
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	aheinecke
	Mar 3 2016, 6:20 PM

Description

To reproduce:

Start with an empty GNUPGHOME. Import a public pgp Key in Kleopatra.

That's it. You have now got a keybox that can be read by gnupg but not by gpgsm
or kbxutil.

gpgsm -k leads to error "Invalid argument"

The invalid argument comes from kbx/keybox-file.c

      /* Seek forward so that the caller may choose to ignore this
         record.  */
      if (fseek (fp, imagelen-5, SEEK_CUR))
        return gpg_error_from_syserror ();

Where imagelen is: 18446744071981567236

(Always the same number in three different tests)

Attached you find such a pubring.

I was unable to reproduce this without Kleopatra yet. Probably the keylisting
that kleopatra runs after an import is a problem (again). But I think it
shouldn't be and regardless of kleopatras involvement it's imo a bug that such a
keybox can be created.

Details

Version: 2.1.11

Related Objects

Mentioned Here: rG1aad5c6277ea: sm: Always create a keybox header when creating a new keybox.

Event Timeline

788_pubring.kbx627 BDownload

aheinecke added projects: gnupg (gpg21), gnupg, Bug Report.Mar 3 2016, 6:20 PM

aheinecke set Version to 2.1.11.

The debug output from gnupg for an import that caused a corruped keybox.

It's not for the attached pubring.kbx but I have the file that was generated If
you need it.

What I did in the log was to start kleopatra (The output of process is 2428 is
likely the debug output of the initial keylisting kleopatra did)

Then imported a test key and afterwards closed kleopatra.

789_gpg-import.log29 KBDownload

From the debug output it looks to me that gnupg is using keyring functions to
work with the keybox.

I can reproduce this now without Kleopatra and on GNU/Linux:

export GNUPGHOME=$(mktemp -d)
gpgsm -k

< imports /opt/gnupg/share/gnupg/com-certs.pem >
(this is not done on windows so maybe the errors differ because of that)

gpg2 --import ~/arbeit/gpg4win/zertifikate/testuserA-pub.asc

Result:

gpg: [don't know]: invalid packet (ctb=00)
gpg: keydb_get_keyblock failed: Value not found
gpg: [don't know]: invalid packet (ctb=00)
gpg: /tmp/tmp.f5ub2ZRYC0/pubring.kbx: copy to
'/tmp/tmp.f5ub2ZRYC0/pubring.kbx.tmp' failed: Invalid packet
gpg: error writing keyring '/tmp/tmp.f5ub2ZRYC0/pubring.kbx': Invalid packet
gpg: [don't know]: invalid packet (ctb=00)
gpg: keydb_search failed: Invalid packet
gpg: key 6CFBC912: public key "[User ID not found]" imported
gpg: [don't know]: invalid packet (ctb=00)
gpg: error reading
'/home/aheinecke/arbeit/gpg4win/zertifikate/testuserA-pub.asc': Invalid packet
gpg: import from '/home/aheinecke/arbeit/gpg4win/zertifikate/testuserA-pub.asc'
failed: Invalid packet
gpg: Total number processed: 0
gpg: imported: 1

gpg2 --version
gpg (GnuPG) 2.1.11
libgcrypt 1.7.0-beta307

I'll try now with git master.

aheinecke renamed this task from Corrupted keybox after key import with Kleopatra on Windows to Corrupted keybox if created by gpgsm.Mar 4 2016, 5:31 PM

aheinecke added a subscriber: neal.

If i remove the com-certs I get the exact same behavior as I'm seeing on windows.

aheinecke@esus ~/a/e/src> export GNUPGHOME=$(mktemp -d)
aheinecke@esus ~/a/e/src> gpgsm -k
gpgsm: keybox '/tmp/tmp.hyElMR6oUi/pubring.kbx' created
aheinecke@esus ~/a/e/src> gpg2 --import
~/arbeit/gpg4win/zertifikate/testuserA-pub.asc
gpg: /tmp/tmp.hyElMR6oUi/trustdb.gpg: trustdb created
gpg: key 6CFBC912: public key "Test UserA <testusera@example.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
aheinecke@esus ~/a/e/src> gpgsm -k
gpgsm: keydb_search failed: Invalid argument

• werner claimed this task.Mar 17 2016, 2:55 PM

• werner added a subscriber: • werner.

Fixed with commit 1aad5c6.
Thanks for the easy test case.

Fixed in 2.1.12

• werner closed this task as Resolved.May 6 2016, 8:16 PM

Corrupted keybox if created by gpgsmClosed, ResolvedPublicActions

Description

Details

Related Objects

Event Timeline

Corrupted keybox if created by gpgsm
Closed, ResolvedPublic
Actions