Acknowledgement sent
to Vincent Breitmoser <look@my.amazin.horse>:
New Bug report received and forwarded. Copy sent to Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>.
(Mon, 17 Jun 2019 23:15:05 GMT) (full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gpg won't import valid self-signatures if no user ids are present in
imported transferable public key
Date: Tue, 18 Jun 2019 00:48:38 +0200
Package: gpg
Version: 2.2.13-2
Severity: normal
Dear Maintainer,
in the current version of GnuPG, signatures will be imported from public key
blocks only if they are accompanied by a UserID packet plus valid signature.
However, self-signatures on the key itself and on subkeys can be
cryptographically verified, independently of user ids. This opens a use case of
transferring revocations and updates on subkeys, without revealing the key's
user ids.
For instance, consider a case where I have the following key in my keyring:
> -----BEGIN PGP PUBLIC KEY BLOCK-----
>
> mDMEXECaehYJKwYBBAHaRw8BAQdAAiJ1/GyBM4kgpY/nx+sXytMi8I+x8MW0/NBq
> 3jepKpG0E0RhbmllbCBLYWhuIEdpbGxtb3KImQQTFggAQQIbAQUJA8JnAAULCQgH
> AgYVCgkICwIEFgIDAQIeAQIXgBYhBHI+NDrAAzHwNHPmg3vloR+jfochBQJcQJsl
> AhkBAAoJEHvloR+jfoch7q0A/3AMFfxPJGJ5rljN8qMctaFWAzAGc5rElBFQ433t
> vuFYAQDagLYOFgcv9A5axQR4O0oYXJKfMBuImqaWyhDRg/MbAA==
> =dSe7
> -----END PGP PUBLIC KEY BLOCK-----
The following PGP block contains the same primary key, as well as a valid
revocation signature:
> -----BEGIN PGP PUBLIC KEY BLOCK-----
>
> mDMEXECaehYJKwYBBAHaRw8BAQdAAiJ1/GyBM4kgpY/nx+sXytMi8I+x8MW0/NBq
> 3jepKpGIeAQgFggAIBYhBHI+NDrAAzHwNHPmg3vloR+jfochBQJcQJp6Ah0AAAoJ
> EHvloR+jfochA+QA/jzjDXDZxwNd39ZfEkngWkR3Xebc96hCkTu9+jlbQnL/AP0b
> HrIUG62g5BGzePFhXB+XtSpRL1g4H1Ywsd+GdWymBQ==
> =KuHa
> -----END PGP PUBLIC KEY BLOCK-----
Importing this via `gpg --import` will yield an error:
> gpg: key 0x7BE5A11FA37E8721: no user ID
The key in my keyring will remain valid and unrevoked, even though a keyblock
that contained a cryptographically valid revocation signature was encountered by
GnuPG during an import operation.
User IDs typically contain data that is of a more personal nature than the
cryptographic information stored in other packets. It is arguably a quite
important use case to distribute updates to cryptographic data in an OpenPGP
certificate independently of personal information. This applies in particular to
revoked keys, where usually the only important thing to distribute is the
revocation itself. In countries where GDPR applies, it can also be interpreted
as a legal obligation to distribute User IDs only with consent of its owner.
A related effort is a new keyserver implementation [Hagrid], which went live
last week at https://keys.openpgp.org/ (disclaimer: I'm the maintainer of said
project). This keyserver publishes identity information only after verification
via e-mail, but distributes non-identity information freely. This was received
very well by the community so far. However, since GnuPG won't import keys
without identity information, a `gpg --refresh-keys` will not update any keys
which don't have at least one verified identity.
I contributed a patch series to GnuPG (see [patch mail] on gnupg-devel) that
implements the desired behavior, which is currently under review. Since GnuPG
already supports a similar (but different) mechanism via the import-option
"import-drop-uids" on its current master (see [related announcement]), the
required changes are relatively unintrusive.
Given the increasing reliability issues of the sks keyserver pool to distribute
OpenPGP certificate updates (in particular, key revocations), and the freshly
changing landscape of keyservers, I would welcome a speedy distribution and,
ideally, backport of this patch in the debian packaging of GnuPG.
Thanks
- V
[section 11.1]: https://tools.ietf.org/html/rfc4880#section-11.1
[Hagrid]: https://gitlab.com/hagrid-keyserver/hagrid/
[related announcement]: https://lists.gnupg.org/pipermail/gnupg-devel/2018-October/033969.html
[patch mail]: mid:20190613192743.12991-1-look@my.amazin.horse
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>: Bug#930665; Package gpg.
(Tue, 18 Jun 2019 11:57:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Extra info received and forwarded to list. Copy sent to Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>.
(Tue, 18 Jun 2019 11:57:07 GMT) (full text, mbox, link).
Control: forwarded 930665 https://dev.gnupg.org/T4393
Control: severity 930665 important
Control: tags 930665 + confirmed
Hi Vincent--
On Tue 2019-06-18 01:04:02 +0200, Vincent Breitmoser wrote:
> in the current version of GnuPG, signatures will be imported from public key
> blocks only if they are accompanied by a UserID packet plus valid signature.
> However, self-signatures on the key itself and on subkeys can be
> cryptographically verified, independently of user ids. This opens a use case of
> transferring revocations and updates on subkeys, without revealing the key's
> user ids.
thanks for this report. I think GnuPG's inability to receive these
kinds of cryptographic updates to OpenPGP certificates that it knows
about is at core a security risk (it makes it more likely that users
will use a revoked key; or will be unable to use any key at all, and
will send plaintext).
This risk is exacerbated by the ongoing failure of the traditional
keyserver network due to abuse, which is what newer keyservers like
keys.openpgp.org aim to withstand.
I've backported these changes to the 2.2.x branch, and am considering
applying them to the debian packaging for GnuPG so that debian users are
defended against these risks.
I'm hoping for more meaningful feedback from upstream on the associated
upstream bug report.
--dkg
Set Bug forwarded-to-address to 'https://dev.gnupg.org/T4393'.
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to 930665-submit@bugs.debian.org.
(Tue, 18 Jun 2019 11:57:07 GMT) (full text, mbox, link).
Severity set to 'important' from 'normal'
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to 930665-submit@bugs.debian.org.
(Tue, 18 Jun 2019 11:57:08 GMT) (full text, mbox, link).
Added tag(s) confirmed.
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to 930665-submit@bugs.debian.org.
(Tue, 18 Jun 2019 11:57:09 GMT) (full text, mbox, link).
Marked as found in versions gnupg2/2.2.12-1.
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to control@bugs.debian.org.
(Tue, 18 Jun 2019 17:03:08 GMT) (full text, mbox, link).
Marked as found in versions gnupg2/2.2.15-1.
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to control@bugs.debian.org.
(Tue, 18 Jun 2019 17:03:09 GMT) (full text, mbox, link).
Marked as found in versions 2.2.16-1.
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to control@bugs.debian.org.
(Tue, 18 Jun 2019 17:03:09 GMT) (full text, mbox, link).
Reply sent
to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
You have taken responsibility.
(Tue, 18 Jun 2019 19:09:07 GMT) (full text, mbox, link).
Notification sent
to Vincent Breitmoser <look@my.amazin.horse>:
Bug acknowledged by developer.
(Tue, 18 Jun 2019 19:09:08 GMT) (full text, mbox, link).
Source: gnupg2
Source-Version: 2.2.16-2
We believe that the bug you reported is fixed in the latest version of
gnupg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 930665@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kahn Gillmor <dkg@fifthhorseman.net> (supplier of updated gnupg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 18 Jun 2019 12:59:57 -0400
Source: gnupg2
Architecture: source
Version: 2.2.16-2
Distribution: experimental
Urgency: medium
Maintainer: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Changed-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Closes: 930042930665
Changes:
gnupg2 (2.2.16-2) experimental; urgency=medium
.
* fix HKPS redirections
* drop dh_missing --fail-missing (Closes: #930042)
* enable cert update without uids (Closes: #930665)
* fix upstream spelling of 'arbitrary'
Checksums-Sha1:
ae40f98b810f110ba3426230f9612503d6919e15 3164 gnupg2_2.2.16-2.dsc
e397b3fb247f42146bed419d9f06e41ddfbb1fca 61568 gnupg2_2.2.16-2.debian.tar.xz
90188709c3f461400076ec714964260a2272691e 19147 gnupg2_2.2.16-2_amd64.buildinfo
Checksums-Sha256:
0fd99806173b220b0d168253aadb16b7daedd9e973cd9fdf8d492c2d545cab76 3164 gnupg2_2.2.16-2.dsc
e245993acfc3ec0c54109ae3fe2d1d7f88822ec36432422cad715ad4b833ff3b 61568 gnupg2_2.2.16-2.debian.tar.xz
06915a08ef898216b2e2b6a2f410ee80a5e8cecd2189f2dec9af2da875e3e812 19147 gnupg2_2.2.16-2_amd64.buildinfo
Files:
41d9179da9daec96de416d2a450ec17e 3164 utils optional gnupg2_2.2.16-2.dsc
0a68aae83671d7b1d4cadec5aa64a3e4 61568 utils optional gnupg2_2.2.16-2.debian.tar.xz
fe1fd898089683f8e9f437546a3198fc 19147 utils optional gnupg2_2.2.16-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQTJDm02IAobkioVCed2GBllKa5f+AUCXQkeZQAKCRB2GBllKa5f
+ElTAQD6KIhzCHEqc26db8kXJ7f+jUnIIruFghRWQPPNS3IEhgD/cCjp/bvySwnZ
MFre16ZpYoMIUZj6Lv3wic1DwKdrYQw=
=+Xch
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 10 Aug 2019 07:29:50 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.