Discussion:
[Enigmail] Enigmail does not detect a failed secret key import
Daniel Kahn Gillmor
2018-10-05 15:34:32 UTC
Permalink
In some obscure cases (e.g. race conditions), gpg-agent dies and isn't
available when enigmail tries to ask gnupg to import a secret key.
Enigmail seems to believe that the secret key was successfully imported
in that case, even though gpg failed to import the secret parts of the
key.

I ran into this with some older versions of GnuPG (e.g. the
heavily-patched GnuPG 2.1.18 in debian stretch) during the enigmail test
suite (enigmail version 2.0.8), which does a lot of rapid creation and
tear-down of GnuPG homedirs.

To detect this properly, the GnuPG status output indicates the issue in
IMPORT_RES, by indicating a difference between sec_read and sec_imported
(see the documentation for IMPORT_RES in GnuPG's DETAILS file).
Enigmail doesn't appear to compare these values when it does an import.

here's an example of this failure from the test suite during such a race
condition, showing sec_read=1 and sec_imported=0 (apparently GnuPG also
returns a non-zero error code, but enigmail ignores it):

-------------
2018-10-04 20:44:21.826 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --no-verbose --status-fd 2 --no-auto-check-trustdb --import /home/user/src/enigmail/enigmail/package/tes\
ts/resources/dev-strike.sec
2018-10-04 20:44:21.856 [DEBUG] enigmail> DONE
2018-10-04 20:44:21.856 [DEBUG] execution.jsm: EnigmailExecution.execCmd: exitCode = 2
2018-10-04 20:44:21.856 [DEBUG] execution.jsm: EnigmailExecution.execCmd: errOutput = gpg: keybox '/home/user/src/enigmail/enigmail/tmp/.gnupgTest1/pubring.kbx' created
gpg: /home/user/src/enigmail/enigmail/tmp/.gnupgTest1/trustdb.gpg: trustdb created
[GNUPG:] KEY_CONSIDERED 65537E212DC19025AD38EDB2781617319CE311C4 0
gpg: key 781617319CE311C4: public key "anonymous strike <***@gmail.com>" imported
[GNUPG:] IMPORTED 781617319CE311C4 anonymous strike <***@gmail.com>
[GNUPG:] IMPORT_OK 1 65537E212DC19025AD38EDB2781617319CE311C4
[GNUPG:] KEY_CONSIDERED 65537E212DC19025AD38EDB2781617319CE311C4 0
gpg: key 781617319CE311C4/781617319CE311C4: error sending to agent: No such file or directory
gpg: error building skey array: No such file or directory
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
[GNUPG:] IMPORT_RES 1 0 1 0 0 0 0 0 0 1 0 0 0 0 0

2018-10-04 20:44:21.856 [DEBUG] errorHandling.jsm: parseErrorOutputWith: status message:
gpg: keybox '/home/user/src/enigmail/enigmail/tmp/.gnupgTest1/pubring.kbx' created
gpg: /home/user/src/enigmail/enigmail/tmp/.gnupgTest1/trustdb.gpg: trustdb created
[GNUPG:] KEY_CONSIDERED 65537E212DC19025AD38EDB2781617319CE311C4 0
gpg: key 781617319CE311C4: public key "anonymous strike <***@gmail.com>" imported
[GNUPG:] IMPORTED 781617319CE311C4 anonymous strike <***@gmail.com>
[GNUPG:] IMPORT_OK 1 65537E212DC19025AD38EDB2781617319CE311C4
[GNUPG:] KEY_CONSIDERED 65537E212DC19025AD38EDB2781617319CE311C4 0
gpg: key 781617319CE311C4/781617319CE311C4: error sending to agent: No such file or directory
gpg: error building skey array: No such file or directory
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
[GNUPG:] IMPORT_RES 1 0 1 0 0 0 0 0 0 1 0 0 0 0 0

2018-10-04 20:44:21.856 [DEBUG] errorHandling.jsm: importOk: key imported: 65537E212DC19025AD38EDB2781617319CE311C4
-------------

When enigmail attempts to actually import a key, it ought to notice if
the secret part of the subkey is not imported, and to raise that as an
error to the rest of the codebase, so that (a) the test suite can fail
earlier, and (b) the user is aware that something they might have been
expecting from the import didn't actually happen.

Sorry that i don't have a specific patch to propose here yet, but i'm
happy to review if you want to propose a patch.

--dkg
Werner Koch
2018-10-09 07:22:13 UTC
Permalink
Post by Daniel Kahn Gillmor
I ran into this with some older versions of GnuPG (e.g. the
heavily-patched GnuPG 2.1.18 in debian stretch) during the enigmail test
Do you happen to know whether this is also the case with current
upstream or with gpg-agent not being run in --supervised mode (ie. on
Windows or standard Unix)
Post by Daniel Kahn Gillmor
gpg: error building skey array: No such file or directory
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
[GNUPG:] IMPORT_RES 1 0 1 0 0 0 0 0 0 1 0 0 0 0 0
Current versions should emit a

[GNUPG:] FAILURE ....

line which would be worth to check for and display as advanced info.


Shalom-Salam,

Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Daniel Kahn Gillmor
2018-10-09 14:40:52 UTC
Permalink
Post by Werner Koch
Post by Daniel Kahn Gillmor
I ran into this with some older versions of GnuPG (e.g. the
heavily-patched GnuPG 2.1.18 in debian stretch) during the enigmail test
Do you happen to know whether this is also the case with current
upstream or with gpg-agent not being run in --supervised mode (ie. on
Windows or standard Unix)
I encountered the issue while running the test suite in the stretch
version of GnuPG -- but it does not happen on systems with GnuPG 2.2.10.
I did not try very hard to reproduce it with 2.2.10 either, though.

in the test suite, gpg is being run with a custom home directory -- so
the gpg-agent in question is not using --supervised at all, even though
there are systemd user-services that run with --supervised on the same
system.
Post by Werner Koch
Post by Daniel Kahn Gillmor
gpg: error building skey array: No such file or directory
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
[GNUPG:] IMPORT_RES 1 0 1 0 0 0 0 0 0 1 0 0 0 0 0
Current versions should emit a
[GNUPG:] FAILURE ....
line which would be worth to check for and display as advanced info.
Since i haven't seen the error with recent versions of GnuPG, i can't
confirm this. But it sounds like a good thing :)

--dkg
Patrick Brunschwig
2018-10-14 14:20:39 UTC
Permalink
Post by Daniel Kahn Gillmor
In some obscure cases (e.g. race conditions), gpg-agent dies and isn't
available when enigmail tries to ask gnupg to import a secret key.
Enigmail seems to believe that the secret key was successfully imported
in that case, even though gpg failed to import the secret parts of the
key.
I ran into this with some older versions of GnuPG (e.g. the
heavily-patched GnuPG 2.1.18 in debian stretch) during the enigmail test
suite (enigmail version 2.0.8), which does a lot of rapid creation and
tear-down of GnuPG homedirs.
To detect this properly, the GnuPG status output indicates the issue in
IMPORT_RES, by indicating a difference between sec_read and sec_imported
(see the documentation for IMPORT_RES in GnuPG's DETAILS file).
Enigmail doesn't appear to compare these values when it does an import.
here's an example of this failure from the test suite during such a race
condition, showing sec_read=1 and sec_imported=0 (apparently GnuPG also
[...]
Post by Daniel Kahn Gillmor
gpg: error building skey array: No such file or directory
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
[GNUPG:] IMPORT_RES 1 0 1 0 0 0 0 0 0 1 0 0 0 0 0
2018-10-04 20:44:21.856 [DEBUG] errorHandling.jsm: importOk: key imported: 65537E212DC19025AD38EDB2781617319CE311C4
-------------
When enigmail attempts to actually import a key, it ought to notice if
the secret part of the subkey is not imported, and to raise that as an
error to the rest of the codebase, so that (a) the test suite can fail
earlier, and (b) the user is aware that something they might have been
expecting from the import didn't actually happen.
Sorry that i don't have a specific patch to propose here yet, but i'm
happy to review if you want to propose a patch.
I fixed this on the 2.0 and master branches.

-Patrick

Loading...