Page MenuHome GnuPG

CMS certificate duplication blocks use of gpgme_get_key()
Closed, ResolvedPublic


Related to T829 where encryption is blocked by a certificate which
is a double in the CMS keybox, such a double still blocks
gpgme_get_key() with gpgme 1.1.6, gpgsm 2.0.8
as GPGME: Ambiguous name is returned where one key should be.
This has bad consequences as some code using gpgme correctly
cannot compare the email addresses in the uid with the sender
email addresses as required and will issue false warnings.

I am attaching a pyme code that can be used to show the problem
and a keybox. I have created the keybox using kbxutil.
kbxutil pubring.kbx will list all records and their number.
kbxutil --cut --from 2 --to 2 >r2 will cut a specific record.
cat r1 r2 r2 >new-pubring.kbx creates the new keybox.

To reproduce put the pubring.kbx in a new directory, e.g. dot_gnug
and use the GNUPGHOME variable.
GNUPGHOME=~/testing/dot-gnupg/ gpgsm --list-keys


fingerprint: F1:D8:E8:2F:33:F9:2E:33:3D:51:35:7D:FE:E8:D1:0F:4B:69:63:8A


fingerprint: 78:92:D4:20:3B:D3:DC:84:66:FF:70:E8:E6:3B:9E:2D:88:CD:87:2F


fingerprint: 78:92:D4:20:3B:D3:DC:84:66:FF:70:E8:E6:3B:9E:2D:88:CD:87:2F


GNUPGHOME=~/testing/dot-gnupg/ python

gpgme version: 1.1.6
got key: F1D8E82F33F92E333D51357DFEE8D10F4B69638A
CN=Thomas Arendsen Hein,O=Intevation GmbH,L=Osnabrück,C=DE
GNUPGHOME=~/testing/dot-gnupg/ python
gpgme version: 1.1.6
Traceback (most recent call last):

File "", line 43, in ? 
File "", line 39, in main 
File "", line 26, in printgetkeyresults 
  key = c.get_key(keyfpr, False) 
File "/usr/lib/python2.4/site-packages/pyme/", line 111, in get_key 
  errorcheck(gpgme.gpgme_get_key(self.wrapped, fpr, ptr, secret)) 
File "/usr/lib/python2.4/site-packages/pyme/", line 46, in


raise GPGMEError(retval, extradata)

pyme.errors.GPGMEError: GPGME: Ambiguous name (7,107)



Related Objects

Event Timeline

Fixed. See the attached patch or use the current SVN.

Many thanks for the test script,

Tested with gnupg2 2.0.9-1 from Debian sid and python-pyme 0.7.0-4.

GNUPGHOME=./dotgnupg/ gpgsm --list-keys
shows a
BUG: trying to release an already released cert
before listing the certificates listing the one in question only once.
Thus succeeds for the doubled key.
Resolving the issue.

(Werner, you could have assigned it to me if you wanted me to test it.)