GnuPG master does not allow decryption with bad usage flags (regression)
Testing, NormalPublic

Description

A new check in get_session_key won't allow to decrypt data when the key has wrong usage flags set. We used to allow this except for anonymous keys. This needs to be re-implemented.

werner created this task.Nov 8 2018, 1:27 PM
gniibe added a subscriber: gniibe.Jul 9 2020, 8:11 AM

Do you mean something like this?

diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 14cbdbb0f..fcfa162fe 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -91,9 +91,6 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
       if (err)
         break;
 
-      if (!(sk->pubkey_usage & PUBKEY_USAGE_ENC))
-        continue;
-
       /* Check compliance.  */
       if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
                                  sk->pubkey_algo, 0,
gniibe added a comment.Jul 9 2020, 8:20 AM

Or this (don't allow anon keys for different usage):

diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 14cbdbb0f..b8d4059cd 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -91,9 +91,6 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
       if (err)
         break;
 
-      if (!(sk->pubkey_usage & PUBKEY_USAGE_ENC))
-        continue;
-
       /* Check compliance.  */
       if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
                                  sk->pubkey_algo, 0,
@@ -138,6 +135,9 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
               if (opt.skip_hidden_recipients)
                 continue;
 
+              if (!(sk->pubkey_usage & PUBKEY_USAGE_ENC))
+                continue;
+
               if (!opt.quiet)
                 log_info (_("anonymous recipient; trying secret key %s ...\n"),
                           keystr (keyid));
gniibe claimed this task.Jul 9 2020, 8:20 AM

The first, I guess. The problem is that you are technical capable of _decryption_ but gpg does not allow this because for some reasons the key is arbitrary limited to signing. A warning message should be printed in thus a case but decryption should succeed.

A related example is CSR creation for X.509 were you are applying for an encryption key - nevertheless you need to sign your CSR using your soon-to-be encryption only key.

gniibe changed the task status from Open to Testing.Jul 10 2020, 3:03 AM
gniibe added a project: Testing.

I realized that it fails with GPG_ERR_INV_ID (with gpg master) when it's on smartcard.
It can't be decrypted if it's on smartcard, that's true, but more relevant error would be good for this case.