Page MenuHome GnuPG

TOFU data are not updated when creating an encrypted message
Open, NormalPublic

Description

If I use a QGpgME::EncryptJob to create a encrypted message the tofu data (encryptions table) is not updated.

As a testcase:

  • delete the tofu.db
  • run the testTofuEncrypt function:
Using protocol "OpenPGP"
 encrypt for  023DFCA4424EA644B174AD14C6F20F3A31F563CF
  • check `tofu.db:
    • it is created and bindings table is filled
    • encryptions table is empty

Expected behaviour is that the 'encryptions` table has one entry!
Like it is when you it on the commandline:

echo "hey people\n" | gpg -r 023DFCA4424EA644B174AD14C6F20F3A31F563CF -e >/dev/null

Check tofu.db again and the encryptions table as one entry.

Sample code c++:

#include <qgpgme/keylistjob.h>
#include <qgpgme/protocol.h>
#include <qgpgme/encryptjob.h>

#include <gpgme++/key.h>
#include <gpgme++/keylistresult.h>
#include <gpgme++/encryptionresult.h>

#include <QDebug>
#include <memory>

static void testTofuEncrypt()
{
    const QGpgME::Protocol *proto = QGpgME::openpgp();
    Q_ASSERT(proto);

    qDebug() << "Using protocol" << proto->name();

    std::vector<GpgME::Key> keys;

    std::unique_ptr<QGpgME::KeyListJob> listJob(proto->keyListJob(false, false, true)); // use validating keylisting
    if (listJob.get()) {
        // ##### Adjust this to your own identity
        // With a empty string, we will use the first key in the keyring
        listJob->exec({QString()}, false /*secret*/, keys);
        Q_ASSERT(!keys.empty());
    } else {
        Q_ASSERT(0); // job failed
    }

    auto job = proto->encryptJob(true, true);

    QByteArray plainText = "Hey people\n";
    qDebug() << " encrypt for " << keys[0].primaryFingerprint();

    QByteArray ciphertext;
    const auto res = job->exec({keys[0]}, plainText, true, ciphertext);
    if (res.error().isCanceled()) {
        qDebug() << "encrypting was canceled by user";
        return;
    }
    if (res.error()) {
        qDebug() << "encrypting failed:" << res.error().asString();
        return;
    }
}

Event Timeline

hefee created this object in space S1 Public.
aheinecke added a subscriber: aheinecke.

Thanks for the report, since you are using it on the command line and it works I assume that trust-model is set to tofu+pgp? Because in the Test code there is no context flag for tofu+pgp trust model.

Just for prioritization, can you tell me where you need this behavior? While work on TOFU is great it is currently a bit stalled on our side and not a focus.

Thanks for the report, since you are using it on the command line and it works I assume that trust-model is set to tofu+pgp? Because in the Test code there is no context flag for tofu+pgp trust model.

Yes it is set to tofu+pgp. Is it now possible to change the trust-model on context based?

Just for prioritization, can you tell me where you need this behavior? While work on TOFU is great it is currently a bit stalled on our side and not a focus.

I started to implement TOFU support in KMail. But this issue makes it a bit useless, as the stats are not updated ;) Additionally to this there is also work needed in libkleo (keycache/keyresolver) to take TOFU statistics into account, when it comes to select the best key to use, but that is a different story.

Yes it is set to tofu+pgp. Is it now possible to change the trust-model on context based?

Yes. Since 4 years already. See https://www.gnupg.org/documentation/manuals/gpgme/Context-Flags.html. By now you can use the context flags without checking versions because we require a much newer version of gpgme and its bindings in libkleo.

FWIW: I am not anymore very convinced of our tofu code. it leaks too many information because it tracks and stored all signature verification. The model is further way too complicated and the SQL used will eventually lead to a resource problem. Maybe doing Tofu stuff in the frontend is a better idea and get rid of all the history processing which works only for fresh mails and not for data verification.