Page MenuHome GnuPG
Create Task
Maniphest T829

certificate duplication can occur, blocking encryption
Closed, ResolvedPublic
Actions

Description

It is possible by gpgsm (commandline or via gpgme)
that certificates are doubled. This duplication prevents
other encryption operation, thus rendering the crypto system
unable to send out encrypted email.




Could reproduce this with gpgsm 2.0.4 and 2.0.5.



Werner Koch wrote:



I could not encrypt to a recipient because I had his certificate  

twice. How could this happen?



That may be cuased due to a race condition.  Checking two signatures at  

tghe same time.  The keybox is not kept lock between checking for  

existence of the certificate and storing it later.



gpgsm: certificate not found: Mehrdeutiger Name



The best solution is to add an additional check on whether the  

certificates are identical before issuing this error.



The actual problem will go away if we eventually add an index over the  

fingerprint - this would then horw an error if an identical certificate  

is added to the keybox.






The race condition seems to occur more often when several recipients are added.
Details
Version 
2.0.5 
Event Timeline
bernhard added projects: S/MIME, gnupg, Bug Report.Aug 23 2007, 1:34 PM
bernhard set Version to 2.0.5.
bernhard added subscribers: bernhard,  werner, Jan-Oliver_Wagner.
 werner added a project: In Progress.Aug 23 2007, 4:22 PM
 werner added a comment.Aug 23 2007, 7:47 PM
We need to fix the symptom as there is always the possibilitiy of

duplicates and that should not inhibit the use of gpgsm.



Fixed at 3 places: certlist.c and export.c.  delete.c already

featured a duplicate detection. 

Tested by using kbxutil to cut off and duplicate records.  With the

fix encryption is possible again.



Fix is in SVN -r 4568.
 werner closed this task as Resolved.Aug 23 2007, 7:47 PM
 werner lowered the priority of this task from High to Normal.
 werner removed a project: In Progress.
bernhard added a comment.Aug 28 2007, 5:07 PM
Using the patch svn diff -r  4567:4568 

my gpgsm can do encryption again. 

Still the duplication stays in the keybox.



I could reproduce getting a duplication in the keybox 

by using kleopatra to import 

some parts of the certificate scheme and a  

completeley 

different user certificate.
bernhard reopened this task as Open.Aug 28 2007, 5:07 PM
bernhard added a comment.Jan 24 2008, 4:30 PM
Related to the certificate duplication is the new   

issue876(CMS certificate duplication blocks use of gpgme_get_key() )   

so all symptoms are not remedied in gpgme 1.1.6 and gnupg 2.0.8 yet.



(Back to done-cbb for this one.)
bernhard closed this task as Resolved.Jan 24 2008, 4:30 PM
bernhard raised the priority of this task from Normal to High.
 werner added a project: Too Old.Jul 1 2011, 11:25 AM