Page MenuHome GnuPG
Create Task
Maniphest T876

CMS certificate duplication blocks use of gpgme_get_key()
Closed, ResolvedPublic
Actions

Description

Related to T829 where encryption is blocked by a certificate which
is a double in the CMS keybox, such a double still blocks
gpgme_get_key() with gpgme 1.1.6, gpgsm 2.0.8
as GPGME: Ambiguous name is returned where one key should be.
This has bad consequences as some code using gpgme correctly
cannot compare the email addresses in the uid with the sender
email addresses as required and will issue false warnings.




I am attaching a pyme code that can be used to show the problem          

and a keybox. I have created the keybox using kbxutil.         

kbxutil pubring.kbx will list all records and their number.         

kbxutil --cut --from 2 --to 2 >r2 will cut a specific record.         

cat r1 r2 r2 >new-pubring.kbx creates the new keybox.






To reproduce put the pubring.kbx in a new directory, e.g. dot_gnug     

and use the GNUPGHOME variable.      

GNUPGHOME=~/testing/dot-gnupg/ gpgsm --list-keys






[..]



fingerprint: F1:D8:E8:2F:33:F9:2E:33:3D:51:35:7D:FE:E8:D1:0F:4B:69:63:8A



[..]



fingerprint: 78:92:D4:20:3B:D3:DC:84:66:FF:70:E8:E6:3B:9E:2D:88:CD:87:2F



[..]



fingerprint: 78:92:D4:20:3B:D3:DC:84:66:FF:70:E8:E6:3B:9E:2D:88:CD:87:2F



[..]



GNUPGHOME=~/testing/dot-gnupg/ python testCMSgetkey.py



F1:D8:E8:2F:33:F9:2E:33:3D:51:35:7D:FE:E8:D1:0F:4B:69:63:8A 

gpgme version: 1.1.6 

got key:  F1D8E82F33F92E333D51357DFEE8D10F4B69638A 

CN=Thomas Arendsen Hein,O=Intevation GmbH,L=Osnabrück,C=DE 

<thomas@intevation.de> 

GNUPGHOME=~/testing/dot-gnupg/ python testCMSgetkey.py    

78:92:D4:20:3B:D3:DC:84:66:FF:70:E8:E6:3B:9E:2D:88:CD:87:2F 

gpgme version: 1.1.6 

Traceback (most recent call last):



File "testCMSgetkey.py", line 43, in ? 
  main() 
File "testCMSgetkey.py", line 39, in main 
  printgetkeyresults(sys.argv[1]) 
File "testCMSgetkey.py", line 26, in printgetkeyresults 
  key = c.get_key(keyfpr, False) 
File "/usr/lib/python2.4/site-packages/pyme/core.py", line 111, in get_key 
  errorcheck(gpgme.gpgme_get_key(self.wrapped, fpr, ptr, secret)) 
File "/usr/lib/python2.4/site-packages/pyme/errors.py", line 46, in



errorcheck



raise GPGMEError(retval, extradata)



pyme.errors.GPGMEError: GPGME: Ambiguous name (7,107)
Details
Version 
2.0.8 
Related Objects
Event Timeline
bernhard added subscribers: bernhard,  werner, Jan-Oliver_Wagner.Jan 24 2008, 4:28 PM
152_testCMSgetkey.py1 KBDownload
bernhard added projects: S/MIME, Bug Report.Jan 24 2008, 4:28 PM
bernhard set Version to 2.0.8.
153_pubring.kbx5 KBDownload
bernhard added a project: gpgme.Jan 24 2008, 4:29 PM
 werner added a comment.Jan 28 2008, 7:39 PM
Fixed. See the attached patch or use the current SVN.



Many thanks for the test script,
 werner added a project: Restricted Project.Jan 28 2008, 7:39 PM
D50: 154_gpgme-getkey-ambigious.diff
bernhard closed this task as Resolved.Apr 11 2008, 4:50 PM
Tested with gnupg2 2.0.9-1 from Debian sid and python-pyme 0.7.0-4.






GNUPGHOME=./dotgnupg/ gpgsm --list-keys     

shows a     

 BUG: trying to release an already released cert    

before listing the certificates listing the one in question only once.    

Thus testCMSgetkey.py succeeds for the doubled key.   

Resolving the issue.



(Werner, you could have assigned it to me if you wanted me to test it.)
bernhard removed a project: Restricted Project.Apr 11 2008, 4:50 PM