Page MenuHome GnuPG
Create Task
Maniphest T6205

GnuPG: Unknown encryption keys should not result in non-compliant encryption on decryption
Closed, ResolvedPublic
Actions

Description

Condition: a file is encrypted with password, additionally signed and OpenPGP encrypted to self
and then send to a recipient who did not sign the senders key.

Result: Recipient gets the messages that the data can not be verified
and that decryption is not VS-NfD compliant.

Expected: Message that the decryption is VS-NfD compliant but the signature could not be verified.

Update (2022-09-16): Changed title since Kleopatra just shows what GnuPG (currently) reports.

Details

Version
3.1.23

Revisions and Commits

rG GnuPG
rG1b2ac21c4cf7 gpg: Don't consider unknown keys as non-compliant while decrypting.
rG05b7e4a405c8 gpg: Don't consider unknown keys as non-compliant while decrypting.

Related Objects

Event Timeline

ebo created this task.Sep 15 2022, 4:02 PM
aheinecke added a subscriber: aheinecke.Sep 15 2022, 4:07 PM

Could you please post the output of 'gpg --status-fd 1 --verbose --decrypt "Neues Textdokument.txt.gpg"' here? That would help us to pinpoint the issue.

aheinecke added a comment.Sep 15 2022, 4:09 PM

Just for your understanding, it this output would say "COMPLIANCE 23" anywhere in it, Ingo and me should look at this issue, if it does not that is something for Werner or Gniibe.

ebo added a comment.Sep 16 2022, 8:10 AM

gpg: Öffentlicher Schlüssel ist 2B2F1C74FE523D81
[GNUPG:] ENC_TO 2B2F1C74FE523D81 1 0
gpg: AES256.CFB verschlüsselter Sitzungsschlüssel
[GNUPG:] NEED_PASSPHRASE_SYM 9 3 8
gpg: Verschlüsselt mit einem Passwort
gpg: verschlüsselt mit RSA Schlüssel, ID 2B2F1C74FE523D81
[GNUPG:] NO_SECKEY 2B2F1C74FE523D81
[GNUPG:] BEGIN_DECRYPTION
gpg: AES256 verschlüsselte Daten
[GNUPG:] DECRYPTION_INFO 2 9 0
gpg: Ursprünglicher Dateiname=''
[GNUPG:] PLAINTEXT 62 1663253724
[GNUPG:] PLAINTEXT_LENGTH 4
test[GNUPG:] NEWSIG
gpg: Signatur vom 15.09.2022 16:55:24 Mitteleuropäische Sommerzeit
gpg: mittels RSA-Schlüssel 930A7B212C8EC8F1729DA3F5C464074875570823
[GNUPG:] ERRSIG C464074875570823 1 10 00 1663253724 9 930A7B212C8EC8F1729DA3F5C464074875570823
[GNUPG:] NO_PUBKEY C464074875570823
gpg: Signatur kann nicht geprüft werden: Kein öffentlicher Schlüssel
[GNUPG:] DECRYPTION_OKAY
[GNUPG:] GOODMDC
[GNUPG:] END_DECRYPTION

ebo added a comment.Sep 16 2022, 9:45 AM

The data from the above output was additionally OpenPGP encrypted to self.
The "not compliant" message only shows when the data is additionally encrypted to a public key.

ebo updated the task description. (Show Details)Sep 16 2022, 9:48 AM
ikloecker added a subscriber: ikloecker.Sep 16 2022, 9:59 AM

Does the recipient know the public key that was used for encryption?

ebo added a comment.Sep 16 2022, 10:09 AM
In T6205#163303, @ikloecker wrote:

Does the recipient know the public key that was used for encryption?

no

werner added a subscriber: werner.Sep 16 2022, 10:37 AM

Works as designed. Whether the design is a good choice is a different
question.

When checking the compliance we do this:

for all symmetric encryption packets
     If cipher algo is non-compliant
         return "Non Compliant".

for all public key encryption packets
    if public key is NOT in the local keyring
         return "Non Compliant".
    if public key algo is non-compliant
         return "Non Compliant".

If no key packet at all
    return "Non Compliant".

return "session key is compliant encrypted"

I don't think that this makes a a lot of sense. If for example a
rogue sender or recipients re-encrypts using a non-compliant
algorithm, he could as well leak the plaintext directly without
modifying an extisting message.

My proposal would thus to change the second loop above to

for all public key encryption packets
    if public key is in the local keyring
       and public key algo is non-compliant
         return "Non Compliant".
werner triaged this task as Normal priority.Sep 16 2022, 12:06 PM
werner edited projects, added Feature Request, gnupg (gpg22); removed kleopatra.
ikloecker renamed this task from Kleopatra: Message "not VS-NfD compliant" is shown incorrectly to GnuPG: Unknown encryption keys should not result in non-compliant encryption on decryption.Sep 16 2022, 1:53 PM
ikloecker updated the task description. (Show Details)
werner added a commit: rG05b7e4a405c8: gpg: Don't consider unknown keys as non-compliant while decrypting..Sep 22 2022, 10:27 AM
werner changed the task status from Open to Testing.Sep 22 2022, 10:31 AM
werner moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
werner added a commit: rG1b2ac21c4cf7: gpg: Don't consider unknown keys as non-compliant while decrypting..Sep 26 2022, 2:43 PM
canti59 added a commit: rG8046fcac63db: po: Update Czech translation..Oct 14 2022, 2:10 AM
gniibe removed a commit: rG8046fcac63db: po: Update Czech translation..Oct 14 2022, 2:50 AM
werner mentioned this in T6181: Release GnuPG 2.2.40.Oct 14 2022, 6:01 PM
werner mentioned this in T6106: Release GnuPG 2.3.8.
ebo closed this task as Resolved.Oct 24 2022, 3:27 PM
ebo claimed this task.

works as proposed by werner.

Non-compliant is now only returned if the message is additionally encrypted to a known key with a non-compliant algorithm, not in case of encryption to unknown keys.

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Apr 5 2023, 2:50 PM