GNU bug report logs -
#49279
26.1; mml-secure-secret-key-exists-p wrong assumption on subkeys with same fingerprint
Previous Next
Reported by: Joerg Jaspert <joerg <at> ganneff.de>
Date: Tue, 29 Jun 2021 21:12:02 UTC
Severity: normal
Tags: moreinfo
Found in version 26.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 49279 in the body.
You can then email your comments to 49279 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#49279; Package
emacs.
(Tue, 29 Jun 2021 21:12:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Joerg Jaspert <joerg <at> ganneff.de>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Tue, 29 Jun 2021 21:12:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi
Task: Send signed mail from within emacs (notmuch) using message mode
and mml-sign.
Problem: the function mml-secure-secret-key-exists-p breaks. It says it
found multiple secret keys with the same fingerprint, and refuses to
work.
I *guess* the way gpg outputs things changed / got adopted. Likely when
they did away with secret keyrings.
Now, setup:
I have the following entries in my ~/.gnupg/gpg.conf:
--8<---------------cut here---------------start------------->8---
primary-keyring ~/.gnupg/pubring.gpg
keyring /usr/share/keyrings/debian-keyring.gpg
--8<---------------cut here---------------end--------------->8---
I have *ONE* secret key (with that fingerprint) in my gpg store.
I have my public key in my pubring.gpg, and it *also* exists in the
debian-keyring.gpg.
Now trying to send mail, mml dies, debugger output pasted below.
I *suspect* it is from gpg changes to their output, but wherever it is
from, I also think the error call shouldn't be there inside mml.
As soon as I comment the second *public* keyring, sending signed mail
works fine.
Debugger entered--Lisp error: (error "Found 2 secret keys with same
fingerprint FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4")
signal(error ("Found 2 secret keys with same fingerprint
FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4"))
error("Found %d secret keys with same fingerprint %s" 2
"FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4")
mml-secure-secret-key-exists-p(#s(epg-context :protocol OpenPGP
:program "/bin/gpg2" :home-directory nil :armor nil :textmode nil
:include-certs nil :cipher-algorithm nil :digest-algorithm nil
:compress-algorithm nil :passphrase-callback
(epg-passphrase-callback-function) :progress-callback nil
:edit-callback nil :signers nil :sig-notations nil :process nil
:output-file nil :result nil :operation nil :pinentry-mode nil
:error-output "" :error-buffer nil) #s(epg-sub-key :validity ultimate
:capability (sign certify) :secret-p nil :algorithm 1 :length 4096 :id
"DB16CF5BB12525C4" :creation-time (18951 . 16192) :expiration-time nil
:fingerprint "FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4"))
mml-secure-check-sub-key(#s(epg-context :protocol OpenPGP :program
"/bin/gpg2" :home-directory nil :armor nil :textmode nil
:include-certs nil :cipher-algorithm nil :digest-algorithm nil
:compress-algorithm nil :passphrase-callback
(epg-passphrase-callback-function) :progress-callback nil
:edit-callback nil :signers nil :sig-notations nil :process nil
:output-file nil :result nil :operation nil :pinentry-mode nil
:error-output "" :error-buffer nil) #s(epg-key :owner-trust ultimate
:sub-key-list (#s(epg-sub-key :validity ultimate :capability (sign
certify) :secret-p nil :algorithm 1 :length 4096 :id
"DB16CF5BB12525C4" :creation-time (18951 . 16192) :expiration-time nil
:fingerprint "FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4")
#s(epg-sub-key :validity ultimate :capability (encrypt) :secret-p nil
:algorithm 1 :length 4096 :id "A258CB3FE075ECFF" :creation-time (18951
. 16333) :expiration-time nil :fingerprint
"684795DC5F511A7E647B0238A258CB3FE075ECFF") #s(epg-sub-key :validity
ultimate :capability (sign) :secret-p nil :algorithm 1 :length 4096
:id "C7B01D35AB0F24B9" :creation-time (20902 . 23882) :expiration-time
(26587 . 18565) :fingerprint
"9630CE701E2ADEC3200CE0EEC7B01D35AB0F24B9") #s(epg-sub-key :validity
ultimate :capability (encrypt) :secret-p nil :algorithm 1 :length 4096
:id "80816AE630EC8D38" :creation-time (20902 . 24081) :expiration-time
(26587 . 18565) :fingerprint
"56776C422F34E07911E9767980816AE630EC8D38") #s(epg-sub-key :validity
ultimate :capability (authentication) :secret-p nil :algorithm 1
:length 4096 :id "C58ADA645E749E7B" :creation-time (22845 . 13953)
:expiration-time (26587 . 18565) :fingerprint
"E052D610BA150904F4274EDEC58ADA645E749E7B") #s(epg-sub-key :validity
ultimate :capability (sign) :secret-p nil :algorithm 1 :length 4096
:id "F35578BF98805660" :creation-time (22845 . 13910) :expiration-time
(26587 . 18565) :fingerprint
"72DCBECE755A9FDD14838015F35578BF98805660") #s(epg-sub-key :validity
ultimate :capability (encrypt) :secret-p nil :algorithm 1 :length 4096
:id "12AFA0F1A51A254B" :creation-time (22845 . 13930) :expiration-time
(26587 . 18565) :fingerprint
"0FD59ABE3286179ED6103BBF12AFA0F1A51A254B") #s(epg-sub-key :validity
expired :capability (authentication) :secret-p nil :algorithm 1
:length 4096 :id "70E69D7B90479E6D" :creation-time (21978 . 52225)
:expiration-time (22723 . 43905) :fingerprint
"419DB01F85B3E1ED1207715270E69D7B90479E6D")) :user-id-list
(#s(epg-user-id :validity ultimate :string "Joerg Jaspert
<joerg <at> debian.org>" :signature-list nil) #s(epg-user-id :validity
ultimate :string "Joerg Jaspert <joerg <at> ganneff.de>" :signature-list
nil) #s(epg-user-id :validity ultimate :string "Joerg Jaspert
<joerg <at> spi-inc.org>" :signature-list nil) #s(epg-user-id :validity
ultimate :string "Joerg Jaspert <joerg <at> debconf.org>" :signature-list
nil))) sign nil)
mml-secure-find-usable-keys(#s(epg-context :protocol OpenPGP :program
"/bin/gpg2" :home-directory nil :armor nil :textmode nil
:include-certs nil :cipher-algorithm nil :digest-algorithm nil
:compress-algorithm nil :passphrase-callback
(epg-passphrase-callback-function) :progress-callback nil
:edit-callback nil :signers nil :sig-notations nil :process nil
:output-file nil :result nil :operation nil :pinentry-mode nil
:error-output "" :error-buffer nil) "<joerg <at> ganneff.de>" sign)
#f(compiled-function (name) #<bytecode
0x28237f5>)("<joerg <at> ganneff.de>")
mapcar(#f(compiled-function (name) #<bytecode 0x28237f5>)
("<joerg <at> ganneff.de>"))
mml-secure-select-preferred-keys(#s(epg-context :protocol OpenPGP
:program "/bin/gpg2" :home-directory nil :armor nil :textmode nil
:include-certs nil :cipher-algorithm nil :digest-algorithm nil
:compress-algorithm nil :passphrase-callback
(epg-passphrase-callback-function) :progress-callback nil
:edit-callback nil :signers nil :sig-notations nil :process nil
:output-file nil :result nil :operation nil :pinentry-mode nil
:error-output "" :error-buffer nil) ("<joerg <at> ganneff.de>") sign)
mml-secure-signers(#s(epg-context :protocol OpenPGP :program
"/bin/gpg2" :home-directory nil :armor nil :textmode nil
:include-certs nil :cipher-algorithm nil :digest-algorithm nil
:compress-algorithm nil :passphrase-callback
(epg-passphrase-callback-function) :progress-callback nil
:edit-callback nil :signers nil :sig-notations nil :process nil
:output-file nil :result nil :operation nil :pinentry-mode nil
:error-output "" :error-buffer nil) ("<joerg <at> ganneff.de>"))
mml-secure-epg-sign(OpenPGP t)
mml2015-epg-sign((part (sign . "pgpmime") (tag-location . 405)
(contents . #("test, sending signed mail\n-- \nbye, Joerg\n" 25 26
(hard t display "⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t
display "⏎\n")))))
mml2015-sign((part (sign . "pgpmime") (tag-location . 405) (contents .
#("test, sending signed mail\n-- \nbye, Joerg\n" 25 26 (hard t display
"⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t display "⏎\n")))))
mml-pgpmime-sign-buffer((part (sign . "pgpmime") (tag-location . 405)
(contents . #("test, sending signed mail\n-- \nbye, Joerg\n" 25 26
(hard t display "⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t
display "⏎\n")))))
mml-generate-mime-1((part (sign . "pgpmime") (tag-location . 405)
(contents . #("test, sending signed mail\n-- \nbye, Joerg\n" 25 26
(hard t display "⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t
display "⏎\n")))))
mml-generate-mime()
message-encode-message-body()
message-send-mail(nil)
message-send-via-mail(nil)
message-send(nil)
message-send-and-exit(nil)
notmuch-mua-send-common(nil t)
notmuch-mua-send-and-exit(nil)
funcall-interactively(notmuch-mua-send-and-exit nil)
call-interactively(notmuch-mua-send-and-exit nil nil)
command-execute(notmuch-mua-send-and-exit)
In GNU Emacs 26.1 (build 2, x86_64-pc-linux-gnu, GTK+ Version 3.24.5)
of 2021-01-31, modified by Debian built on x86-csail-01
Windowing system distributor 'The X.Org Foundation', version
11.0.12004000
System Description: Debian GNU/Linux 10 (buster)
--
bye, Joerg
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#49279; Package
emacs.
(Wed, 30 Jun 2021 12:35:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 49279 <at> debbugs.gnu.org (full text, mbox):
Joerg Jaspert <joerg <at> ganneff.de> writes:
> Problem: the function mml-secure-secret-key-exists-p breaks. It says it
> found multiple secret keys with the same fingerprint, and refuses to
> work.
I vaguely seem to remember there being some work done in this area over
the last year, but I'm not sure whether it was this problem exactly.
Would it be possible for you to build Emacs 28 to see whether the
problem still exists there?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#49279; Package
emacs.
(Wed, 30 Jun 2021 14:02:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 49279 <at> debbugs.gnu.org (full text, mbox):
Am 2021-06-30 14:34, schrieb Lars Ingebrigtsen:
> Joerg Jaspert <joerg <at> ganneff.de> writes:
>
>> Problem: the function mml-secure-secret-key-exists-p breaks. It says
>> it
>> found multiple secret keys with the same fingerprint, and refuses to
>> work.
>
> I vaguely seem to remember there being some work done in this area over
> the last year, but I'm not sure whether it was this problem exactly.
> Would it be possible for you to build Emacs 28 to see whether the
> problem still exists there?
I do think it does, the code is the same there. Line 678 and following
in mml-sec.el.
I'm going to test with a recent build either this evening or on weekend,
will send an update then.
Joerg
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#49279; Package
emacs.
(Sat, 16 Jul 2022 12:24:03 GMT)
Full text and
rfc822 format available.
Message #14 received at 49279 <at> debbugs.gnu.org (full text, mbox):
Joerg Jaspert <joerg <at> ganneff.de> writes:
> I do think it does, the code is the same there. Line 678 and following
> in mml-sec.el.
> I'm going to test with a recent build either this evening or on
> weekend, will send an update then.
This was a year ago -- did you make any progress here?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Added tag(s) moreinfo.
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Sat, 16 Jul 2022 12:24:04 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#49279; Package
emacs.
(Sat, 20 Aug 2022 09:26:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 49279 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
>> I do think it does, the code is the same there. Line 678 and following
>> in mml-sec.el.
>> I'm going to test with a recent build either this evening or on
>> weekend, will send an update then.
>
> This was a year ago -- did you make any progress here?
This was a month ago, but there was no response, so it seems unlikely
that there will be more progress in this bug report, and I'm therefore
closing it. If somebody has a test case to replicate the problem (if it
still exists in Emacs 29), please send a message to the bug tracker and
we'll reipen.
bug closed, send any further explanations to
49279 <at> debbugs.gnu.org and Joerg Jaspert <joerg <at> ganneff.de>
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Sat, 20 Aug 2022 09:26:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 17 Sep 2022 11:24:08 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 215 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.