Page MenuHome GnuPG
Create Task
Maniphest T4246

GnuPG master does not allow decryption with bad usage flags (regression)
Closed, ResolvedPublic
Actions

Description

A new check in get_session_key won't allow to decrypt data when the key has wrong usage flags set. We used to allow this except for anonymous keys. This needs to be re-implemented.

Revisions and Commits

rG GnuPG
rG31ae0718ba10 gpg: For decryption, support use of a key with no 'encrypt' usage.

Related Objects
Search...

Event Timeline

werner created this task.Nov 8 2018, 1:27 PM
gniibe added a parent task: T4417: Work needed for gnupg 2.3.Jul 9 2020, 6:55 AM
gniibe added a subscriber: gniibe.Jul 9 2020, 8:11 AM

Do you mean something like this?

diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 14cbdbb0f..fcfa162fe 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -91,9 +91,6 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
       if (err)
         break;
 
-      if (!(sk->pubkey_usage & PUBKEY_USAGE_ENC))
-        continue;
-
       /* Check compliance.  */
       if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
                                  sk->pubkey_algo, 0,
gniibe added a comment.Jul 9 2020, 8:20 AM

Or this (don't allow anon keys for different usage):

diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 14cbdbb0f..b8d4059cd 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -91,9 +91,6 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
       if (err)
         break;
 
-      if (!(sk->pubkey_usage & PUBKEY_USAGE_ENC))
-        continue;
-
       /* Check compliance.  */
       if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
                                  sk->pubkey_algo, 0,
@@ -138,6 +135,9 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
               if (opt.skip_hidden_recipients)
                 continue;
 
+              if (!(sk->pubkey_usage & PUBKEY_USAGE_ENC))
+                continue;
+
               if (!opt.quiet)
                 log_info (_("anonymous recipient; trying secret key %s ...\n"),
                           keystr (keyid));
gniibe claimed this task.Jul 9 2020, 8:20 AM
werner added a comment.Jul 9 2020, 10:41 AM

The first, I guess. The problem is that you are technical capable of _decryption_ but gpg does not allow this because for some reasons the key is arbitrary limited to signing. A warning message should be printed in thus a case but decryption should succeed.

A related example is CSR creation for X.509 were you are applying for an encryption key - nevertheless you need to sign your CSR using your soon-to-be encryption only key.

gniibe added a commit: rG31ae0718ba10: gpg: For decryption, support use of a key with no 'encrypt' usage..Jul 10 2020, 3:03 AM
gniibe changed the task status from Open to Testing.Jul 10 2020, 3:03 AM
gniibe added a project: Restricted Project.
gniibe added a comment.Jul 31 2020, 8:13 AM

I realized that it fails with GPG_ERR_INV_ID (with gpg master) when it's on smartcard.
It can't be decrypted if it's on smartcard, that's true, but more relevant error would be good for this case.

gniibe closed this task as Resolved.Jan 28 2021, 3:03 AM