6.0.0-git
2019-04-21

[#11380] GPG keys are not fetched from the configured keyserver
Summary GPG keys are not fetched from the configured keyserver
Queue Horde Framework Packages
Queue Version Git master
Type Bug
State Resolved
Priority 2. Medium
Owners slusarz (at) horde (dot) org
Requester o (at) immerda (dot) ch
Created 2012-08-27 (2428 days ago)
Due
Updated 2012-08-29 (2426 days ago)
Assigned
Resolved 2012-08-27 (2428 days ago)
Milestone
Patch No

History
2012-08-29 12:50:03 Git Commit Comment #5 Reply to this comment
Changes have been made in Git (master):

commit 425bcf0cf8e5686fe273ff9345be1e06bf5a487b
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Mon Aug 27 15:35:35 2012 -0600

     [mms] Improvements in obtaining GPG keys from a keyserver (Bug 
#11380) (o+horde@immerda.ch).

     Use keyserver parameters passed in original method call
     When using keyserver, only use gpg keys with a UID containing a 
matching email address

  framework/Crypt/lib/Horde/Crypt/Pgp.php |   27 ++++++++++++++++++++++++---
  framework/Crypt/package.xml             |    4 ++--
  2 files changed, 26 insertions(+), 5 deletions(-)

http://git.horde.org/horde-git/-/commit/425bcf0cf8e5686fe273ff9345be1e06bf5a487b
2012-08-27 21:44:17 Michael Slusarz Assigned to Michael Slusarz
State ⇒ Resolved
 
2012-08-27 21:44:10 Git Commit Comment #4 Reply to this comment
Changes have been made in Git (develop):

commit 425bcf0cf8e5686fe273ff9345be1e06bf5a487b
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Mon Aug 27 15:35:35 2012 -0600

     [mms] Improvements in obtaining GPG keys from a keyserver (Bug 
#11380) (o+horde@immerda.ch).

     Use keyserver parameters passed in original method call
     When using keyserver, only use gpg keys with a UID containing a 
matching email address

  framework/Crypt/lib/Horde/Crypt/Pgp.php |   27 ++++++++++++++++++++++++---
  framework/Crypt/package.xml             |    4 ++--
  2 files changed, 26 insertions(+), 5 deletions(-)

http://git.horde.org/horde-git/-/commit/425bcf0cf8e5686fe273ff9345be1e06bf5a487b
2012-08-27 21:42:47 Git Commit Comment #3 Reply to this comment
Changes have been made in Git (FRAMEWORK_4):

commit 948add61abd6fe549c1bd7b152e8b4b7a30814ce
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Mon Aug 27 15:35:35 2012 -0600

     [mms] Improvements in obtaining GPG keys from a keyserver (Bug 
#11380) (o+horde@immerda.ch).

     Use keyserver parameters passed in original method call
     When using keyserver, only use gpg keys with a UID containing a 
matching email address

  framework/Crypt/lib/Horde/Crypt/Pgp.php |   27 ++++++++++++++++++++++++---
  framework/Crypt/package.xml             |    4 ++--
  2 files changed, 26 insertions(+), 5 deletions(-)

http://git.horde.org/horde-git/-/commit/948add61abd6fe549c1bd7b152e8b4b7a30814ce
2012-08-27 13:18:38 o+horde (at) immerda (dot) ch Comment #2 Reply to this comment
Actually there was even more wrong in this case. See my updated pull 
request for a second patch which checks all fetched keyids if they 
actually have a correct uid:


(git log) Fix: horde picks mismatching gpg-keys.

We should only use gpg keys with an uid containing a matching email
address to encrypt mails.

How a keyserver responds to a text search is not standardized. See
https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#page-3

3.1.1.3. Text Searches

    How a keyserver handles a textual search is implementation defined.
    See also the definition of the "exact" variable for a method to
    give additional instructions to the server on how the search is to
    be executed.

We should therefore not rely to get the correct key, just because we
where searching for an email address. This patch removes all keys from
the candidates list, which do not contain the correct email address
between <> in the uid field.

uid lines from the keyserver are constructed as follows:

  uid:escaped uid string:creationdate:expirationdate:flags
  (s.openpgp-hkp rfc draft)

where all pgp compatible tools that i know of use the following uid
format:

  name (comment) <email>
2012-08-27 10:30:22 o (at) immerda (dot) ch Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ GPG keys are not fetched from the configured keyserver
Queue ⇒ Horde Framework Packages
Milestone ⇒
Patch ⇒ No
Reply to this comment

Saved Queries