CMS certificate duplication blocks use of gpgme_get_key()
Closed, ResolvedPublic

Description

Related to T829 where encryption is blocked by a certificate which
is a double in the CMS keybox, such a double still blocks
gpgme_get_key() with gpgme 1.1.6, gpgsm 2.0.8
as GPGME: Ambiguous name is returned where one key should be.
This has bad consequences as some code using gpgme correctly
cannot compare the email addresses in the uid with the sender
email addresses as required and will issue false warnings.

I am attaching a pyme code that can be used to show the problem
and a keybox. I have created the keybox using kbxutil.
kbxutil pubring.kbx will list all records and their number.
kbxutil --cut --from 2 --to 2 >r2 will cut a specific record.
cat r1 r2 r2 >new-pubring.kbx creates the new keybox.

To reproduce put the pubring.kbx in a new directory, e.g. dot_gnug
and use the GNUPGHOME variable.
GNUPGHOME=~/testing/dot-gnupg/ gpgsm --list-keys

[..]

fingerprint: F1:D8:E8:2F:33:F9:2E:33:3D:51:35:7D:FE:E8:D1:0F:4B:69:63:8A

[..]

fingerprint: 78:92:D4:20:3B:D3:DC:84:66:FF:70:E8:E6:3B:9E:2D:88:CD:87:2F

[..]

fingerprint: 78:92:D4:20:3B:D3:DC:84:66:FF:70:E8:E6:3B:9E:2D:88:CD:87:2F

[..]

GNUPGHOME=~/testing/dot-gnupg/ python testCMSgetkey.py

F1:D8:E8:2F:33:F9:2E:33:3D:51:35:7D:FE:E8:D1:0F:4B:69:63:8A
gpgme version: 1.1.6
got key: F1D8E82F33F92E333D51357DFEE8D10F4B69638A
CN=Thomas Arendsen Hein,O=Intevation GmbH,L=Osnabrück,C=DE
<thomas@intevation.de>
GNUPGHOME=~/testing/dot-gnupg/ python testCMSgetkey.py
78:92:D4:20:3B:D3:DC:84:66:FF:70:E8:E6:3B:9E:2D:88:CD:87:2F
gpgme version: 1.1.6
Traceback (most recent call last):

File "testCMSgetkey.py", line 43, in ? 
  main() 
File "testCMSgetkey.py", line 39, in main 
  printgetkeyresults(sys.argv[1]) 
File "testCMSgetkey.py", line 26, in printgetkeyresults 
  key = c.get_key(keyfpr, False) 
File "/usr/lib/python2.4/site-packages/pyme/core.py", line 111, in get_key 
  errorcheck(gpgme.gpgme_get_key(self.wrapped, fpr, ptr, secret)) 
File "/usr/lib/python2.4/site-packages/pyme/errors.py", line 46, in

errorcheck

raise GPGMEError(retval, extradata)

pyme.errors.GPGMEError: GPGME: Ambiguous name (7,107)

Details

Version
2.0.8

Related Objects

bernhard set Version to 2.0.8.

Fixed. See the attached patch or use the current SVN.

Many thanks for the test script,

bernhard closed this task as Resolved.Apr 11 2008, 4:50 PM

Tested with gnupg2 2.0.9-1 from Debian sid and python-pyme 0.7.0-4.

GNUPGHOME=./dotgnupg/ gpgsm --list-keys
shows a
BUG: trying to release an already released cert
before listing the certificates listing the one in question only once.
Thus testCMSgetkey.py succeeds for the doubled key.
Resolving the issue.

(Werner, you could have assigned it to me if you wanted me to test it.)