trustdb error when lower 32-bits of ultimately trusted fingerprint are zero
Closed, WontfixPublic

Description

I generated a key using Scallion with a chosen 32-bit key ID of 0x00000000. GPG
breaks slightly, when trust for the key is set to 'ultimate':

$ export GNUPGHOME=$HOME/gpgkey0
$ mkdir $HOME/gpgkey0
$ gpg --import keys-00000000.asc
gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0'
gpg: keybox '/home/steven/gpgkey0/pubring.kbx' created
gpg: /home/steven/gpgkey0/trustdb.gpg: trustdb created
gpg: key 245A210A00000000: public key "key test <keytest@example.com>" imported
gpg: key 245A210A00000000: "key test <keytest@example.com>" not changed
gpg: key 245A210A00000000: secret key imported
gpg: Total number processed: 2
gpg:               imported: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

$ gpg --edit-key 245A210A00000000
gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0'
gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa4096/245A210A00000000
     created: 2016-09-18  expires: never       usage: SCEA
     trust: unknown       validity: unknown
[ unknown] (1). key test <keytest@example.com>

gpg> trust
sec  rsa4096/245A210A00000000
     created: 2016-09-18  expires: never       usage: SCEA
     trust: unknown       validity: unknown
[ unknown] (1). key test <keytest@example.com>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

sec  rsa4096/245A210A00000000
     created: 2016-09-18  expires: never       usage: SCEA
     trust: ultimate      validity: unknown
[ unknown] (1). key test <keytest@example.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> save
Key not changed so no update needed.


$ gpg --list-keys
gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0'
gpg: keydb_search failed: Invalid value
gpg: Oops: keyid_from_fingerprint: no pubkey
gpg: checking the trustdb
gpg: public key of ultimately trusted key 0000000000000000 not found
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/steven/gpgkey0/pubring.kbx
--------------------------------
pub   rsa4096 2016-09-18 [SCEA]
      2B14EC5AAD9A9ADBBBAA7478245A210A00000000
uid           [ unknown] key test <keytest@example.com>


$ gpg --debug-level guru --edit-key 2B14EC5AAD9A9ADBBBAA7478245A210A00000000
gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0'
gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat 
trust hashing cardio ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: FPR20: '2B14 EC5A AD9A 9ADB BBAA  7478 245A 210A 
0000 0000'
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Success
gpg: DBG: [not enabled in the source] keydb_search leave (found)
gpg: DBG: [not enabled in the source] keydb_get_keybock enter
gpg: DBG: parse_packet(iob=1): type=6 length=526 (parse.keydb.c.1173)
gpg: DBG: parse_packet(iob=1): type=13 length=30 (parse.keydb.c.1173)
gpg: DBG: parse_packet(iob=1): type=2 length=569 (parse.keydb.c.1173)
gpg: DBG: iobuf-1.0: underflow: buffer size: 1133; still buffered: 0 => space 
for 1133 bytes
gpg: DBG: [not enabled in the source] keydb_get_keyblock leave
gpg: DBG: finish_lookup: checking key 00000000 (all)(req_usage=0)
gpg: DBG:       using key 00000000
gpg: DBG: public key 245A210A00000000: timestamp: 2016-09-18 02:56:33 
(1474167393)
gpg: DBG: user id: key test <keytest@example.com>
[ snipped ]
Secret key is available.

gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: FPR16: '2B14EC5AAD9A9ADBBBAA7478245A210A'
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Invalid value
gpg: DBG: [not enabled in the source] keydb_search leave (not found)
gpg: keydb_search failed: Invalid value
gpg: Oops: keyid_from_fingerprint: no pubkey
gpg: DBG: get_keygrip for public key
gpg: DBG: keygrip= 7C 3F D1 21 A9 BF 67 3D B2 18 02 B5 B4 9B CF 96 5D D6 1E 18
gpg: DBG: chan_4 -> KEYINFO 7C3FD121A9BF673DB21802B5B49BCF965DD61E18
gpg: DBG: chan_4 <- S KEYINFO 7C3FD121A9BF673DB21802B5B49BCF965DD61E18 D - - - P 
- - -
gpg: DBG: chan_4 <- OK
sec  rsa4096/245A210A00000000
     created: 2016-09-18  expires: never       usage: SCEA
     trust: ultimate      validity: unknown
[ unknown] (1). key test <keytest@example.com>

Note that it tries to search with an FPR16 instead of FPR20. Doing this prevents
it from breaking:

$ git diff -U4
diff --git a/g10/trustdb.c b/g10/trustdb.c
index f5b4008..a79df3f 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -267,15 +267,19 @@ verify_own_keys(void)
             byte *fpr = rec.r.trust.fingerprint;
             int fprlen;
             u32 kid[2];
 
+#if 0
             /* Problem: We do only use fingerprints in the trustdb but
              * we need the keyID here to indetify the key; we can only
              * use that ugly hack to distinguish between 16 and 20
              * butes fpr - it does not work always so we better change
              * the whole validation code to only work with
              * fingerprints */
             fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20;
+#else
+            fprlen = 20;
+#endif
             keyid_from_fingerprint (fpr, fprlen, kid);
             if (!add_utk (kid))
              log_info(_("key %s occurs more than once in the trustdb\n"),
                       keystr(kid));

I'm not certain under what circumstances we would legitimately see a 16-byte
fingerprint in the trustdb.

I've attached the key in question: key 0x00000000, password for key is
"Testing0"

Details

Version
2.1.15
steven added a subscriber: steven.Sep 18 2016, 5:52 AM

steven set Version to 2.1.15.
marcus updated the task description. (Show Details)Jul 25 2017, 6:08 PM
marcus added a subscriber: marcus.Jul 25 2017, 6:20 PM

Well, the 16 byte fingerprint is used for MD5 (old v3 keys). Those aren't supported by default anymore, but the comment indicates that discerning existing entries is difficult.

werner closed this task as Wontfix.Mar 26 2018, 3:27 PM
werner claimed this task.
werner added a subscriber: werner.

We don't support v3 keys at all.