certificate duplication can occur, blocking encryption
Closed, ResolvedPublic

Description

It is possible by gpgsm (commandline or via gpgme)
that certificates are doubled. This duplication prevents
other encryption operation, thus rendering the crypto system
unable to send out encrypted email.

Could reproduce this with gpgsm 2.0.4 and 2.0.5.

Werner Koch wrote:

> I could not encrypt to a recipient because I had his certificate
> twice. How could this happen?

That may be cuased due to a race condition. Checking two signatures at
tghe same time. The keybox is not kept lock between checking for
existence of the certificate and storing it later.

> gpgsm: certificate not found: Mehrdeutiger Name

The best solution is to add an additional check on whether the
certificates are identical before issuing this error.

The actual problem will go away if we eventually add an index over the
fingerprint - this would then horw an error if an identical certificate
is added to the keybox.

The race condition seems to occur more often when several recipients are added.

Details

Version
2.0.5
bernhard set Version to 2.0.5.

We need to fix the symptom as there is always the possibilitiy of
duplicates and that should not inhibit the use of gpgsm.

Fixed at 3 places: certlist.c and export.c. delete.c already
featured a duplicate detection.
Tested by using kbxutil to cut off and duplicate records. With the
fix encryption is possible again.

Fix is in SVN -r 4568.

werner closed this task as Resolved.Aug 23 2007, 7:47 PM
werner removed a project: In Progress.
werner lowered the priority of this task from High to Normal.

Using the patch svn diff -r 4567:4568
my gpgsm can do encryption again.
Still the duplication stays in the keybox.

I could reproduce getting a duplication in the keybox
by using kleopatra to import
some parts of the certificate scheme and a
completeley
different user certificate.

bernhard reopened this task as Open.Aug 28 2007, 5:07 PM

Related to the certificate duplication is the new
issue876(CMS certificate duplication blocks use of gpgme_get_key() )
so all symptoms are not remedied in gpgme 1.1.6 and gnupg 2.0.8 yet.

(Back to done-cbb for this one.)

bernhard raised the priority of this task from Normal to High.Jan 24 2008, 4:30 PM
bernhard closed this task as Resolved.