Kleopatra: Unexpected comma separated keygrip for kyber certs
Testing, NormalPublic
Actions

Assigned To

Authored By

	timegrid
	Mon, Oct 27, 1:55 PM

Description

Kleopatra doesn't expect comma separated values for the keygrip of kyber certs, which might cause further issues.
I experienced some quirks already, but nothing reproducible/attributable so far.

After the generation of a kyber key, on refresh the debugview contains:

4	0.093634	4608	kleopatra.exe	org.kde.pim.libkleo: Cannot open the private key file "C:/Users/g10/AppData/Roaming/gnupg/private-keys-v1.d/6AC66D47CB7BFF7FAAA405A434CBEE7368EAE8BE,8DB4C49CBAF0F64B57146DA05E27C54E086DA2A7.key" for reading

The files in private-keys-v1.d/ are:

6AC66D47CB7BFF7FAAA405A434CBEE7368EAE8BE.key
8DB4C49CBAF0F64B57146DA05E27C54E086DA2A7.key

Details

Version: gpg4win-5.0.0-beta395 @ win11

Revisions and Commits

rLIBKLEO Libkleo
	rLIBKLEO1a0479f2b68b Ignore subkeys using combined algorithms when looking for card keys
rGPGMEPP Gpgme plus plus
	rGPGMEPP71b7d24a2782 Add function to get keygrips of subkey using combined algorithms
	rGPGMEPPfa1e892b1414 Add internal utility function for splitting a string into string views
rGPGMEQT Gpgme for Qt
	rGPGMEQT50d1d9c03d6b Make AddExistingSubkeyJob reject subkeys with combined algorithms
rM GPGME
	rM2360b937cf8f doc: Clarify that keygrip lists multiple keygrips for combined algos

Related Objects

Mentioned In: T7885: Kleopatra: Unsupported backup of secret kyber key should be handled more gracefully

Event Timeline

timegrid created this task.Mon, Oct 27, 1:55 PM

timegrid created this object with edit policy "Contributor (Project)".

timegrid mentioned this in T7885: Kleopatra: Unsupported backup of secret kyber key should be handled more gracefully.Mon, Oct 27, 2:15 PM

• TobiasFella claimed this task.Tue, Oct 28, 11:14 AM

• TobiasFella triaged this task as Normal priority.

• TobiasFella removed • TobiasFella as the assignee of this task.Tue, Oct 28, 11:50 AM

• TobiasFella added a subscriber: • TobiasFella.

• ikloecker claimed this task.Tue, Oct 28, 1:22 PM

• ikloecker added a project: gpgme.

• ikloecker added a commit: rM2360b937cf8f: doc: Clarify that keygrip lists multiple keygrips for combined algos.Wed, Oct 29, 3:34 PM

• ikloecker added a commit: rLIBKLEO1a0479f2b68b: Ignore subkeys using combined algorithms when looking for card keys.Wed, Oct 29, 3:41 PM

The API documentation of gpgme has been improved. And Kleopatra no longer tries to read the private key files of subkeys using combined algorithms (like Kyber+some curve) because (as of now) such keys are not stored on any smart cards (that are supported by GnuPG).

Kleopatra still shows the comma-separated keygrips for such subkeys (if the Keygrip column is enabled). I think that's okay (and it may even be useful for debugging).

I didn't see any other potential problems caused by the keygrip(s) of subkeys with combined algorithms in the source code. The keygrip is only used in combination with smart cards and for this comma-separated keygrips are no issue (as explained above).

• ikloecker added a commit: rGPGMEQT50d1d9c03d6b: Make AddExistingSubkeyJob reject subkeys with combined algorithms.Wed, Oct 29, 5:43 PM

• ikloecker added a commit: rGPGMEPPfa1e892b1414: Add internal utility function for splitting a string into string views.Wed, Oct 29, 7:43 PM

• ikloecker added a commit: rGPGMEPP71b7d24a2782: Add function to get keygrips of subkey using combined algorithms.