Page MenuHome GnuPG
Create Task
Maniphest T6093

gpg: Continues export of secret key if first passphrase dialog was canceled
Closed, ResolvedPublic
Actions

Description

How to reproduce:

  • Start the secret key export of a key with at least one subkey.
  • Cancel the passphrase input that asks for the passphrase protecting the primary key.

Expected result: The secret key export is canceled.

Actual result: A passphrase input asking for the passphrase protecting the (first) subkey is shown.

Example:

$ gpg --status-fd 1 --export-secret-keys --armor -- 3A8536D46F57779C49F0CF542C0444CB59852D29
[GNUPG:] KEY_CONSIDERED 3A8536D46F57779C49F0CF542C0444CB59852D29 0
[GNUPG:] PINENTRY_LAUNCHED 6899 qt 1.2.1-beta1 /dev/pts/47 xterm-256color :0 20600/1000/5 1000/100 0
gpg: key 79BF2044FA53B3A492B361882353B5828F9B391C: error receiving key from agent: Operation cancelled - skipped
[GNUPG:] ERROR export_keys.secret 83886179
[GNUPG:] PINENTRY_LAUNCHED 6907 qt 1.2.1-beta1 /dev/pts/47 xterm-256color :0 20600/1000/5 1000/100 0
-----BEGIN PGP PRIVATE KEY BLOCK-----

nIsEX+Bq3xIKKwYBBAGXVQEFAQEHQDSKsmsDttOBBZ8Yk95cpMF3QNK9NpbCK2Mk
[...]
=6e8K
-----END PGP PRIVATE KEY BLOCK-----
[GNUPG:] EXPORT_RES 1 1 0

If the result of the export was usable, then it might make sense to continue the export. But the result is not usable (by gpg) because the private key block consists of a secret sub key packet with corresponding signature packet and nothing else. gpg --import cannot import the result of the export.

Also note that EXPORT_RES reports that 0 keys have been exported. So even the secret key export thinks the result should be empty.

Therefore, I think that gpg should abort/skip the export of the entire key and continue with the export of the next key (if there is another key to export).

Revisions and Commits

rG GnuPG
rG3dc39add6af1 gpg: Do not continue the export after a cancel for the primary key.
rG49d16f4f6edf gpg: Do not continue the export after a cancel for the primary key.

Related Objects
Search...

Event Timeline

ikloecker triaged this task as Normal priority.Jul 19 2022, 12:18 PM
ikloecker created this task.
ikloecker mentioned this in T6090: Kleopatra: "Cancel" in the password dialog of "backup secret keys" has no effect.Jul 19 2022, 12:29 PM
werner added a commit: rG49d16f4f6edf: gpg: Do not continue the export after a cancel for the primary key..Dec 16 2022, 3:36 PM
werner edited projects, added gnupg24, Bug Report; removed gnupg.Dec 16 2022, 3:40 PM
werner added a subscriber: werner.

Fixed. Shall we backport this to gnupg22 ?

werner changed the task status from Open to Testing.Dec 16 2022, 3:55 PM
werner moved this task from Backlog to QA on the gnupg24 board.
ebo added a comment.Mar 22 2023, 11:23 AM

I'd say yes.

ebo added a comment.Mar 22 2023, 3:27 PM

works in gnupg24.

werner added a project: gnupg22.Mar 27 2023, 9:15 AM
ebo changed the task status from Testing to Open.Mar 27 2023, 9:43 AM
ebo edited projects, added gnupg24 (gnupg-2.4.1); removed gnupg24.Apr 12 2023, 12:47 PM
werner mentioned this in T6454: Release GnuPG 2.4.1.Apr 28 2023, 2:45 PM
seh added a subscriber: seh.Jul 7 2023, 2:48 PM
werner added a commit: rG3dc39add6af1: gpg: Do not continue the export after a cancel for the primary key..Aug 25 2023, 3:38 PM
werner changed the task status from Open to Testing.Aug 25 2023, 3:38 PM
werner moved this task from Backlog to QA on the gnupg22 board.
ebo closed this task as Resolved.Sep 21 2023, 4:28 PM
ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

works in 22, too (tested with VS-Desktop-3.2.0.0-beta214)

ebo moved this task from QA to gnupg-2.2.42 on the gnupg22 board.Sep 21 2023, 4:29 PM
ebo edited projects, added gnupg22 (gnupg-2.2.42); removed gnupg22.