Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Error in your post" response with blank fields when adding key via GPG + curl (Yubikey) #2098

Closed
pkirkovsky opened this issue Feb 24, 2016 · 22 comments

Comments

@pkirkovsky
Copy link

I'm trying to add my key using the GPG/curl method, but after submitting the curl request I get a GPG pinentry dialog (for the Yubikey PIN) followed by a blank error:

[...]
> sLHIaykfqLM4el+FglG7Jh+NN8Yg/TFy8+lKb7ajUBa8hRmzis7ftPADh1pQqgDD
> =4XiP
> -----END PGP PUBLIC KEY BLOCK-----
> " \
>   --data-urlencode is_primary="true" \
>   --data-urlencode sig_required="true" \
>   https://keybase.io/_/api/1.0/key/add.json
Error in your post
-------------------

Code:
Name:
Description:

I suspect this is related to currently unresolved issues #1598, #1822, and #1885. It would be helpful to provide a useful error message to "hardcore mode" users in the interim.

@maxtaco
Copy link
Contributor

maxtaco commented Feb 24, 2016

I will look into it but no guarantees I can get to it right away.

On Tuesday, February 23, 2016, Pavel Kirkovsky [email protected]
wrote:

I'm trying to add my key using the GPG/curl method, but after submitting
the curl request I get a GPG pinentry dialog (for the Yubikey PIN) followed
by a blank error:

[...]

sLHIaykfqLM4el+FglG7Jh+NN8Yg/TFy8+lKb7ajUBa8hRmzis7ftPADh1pQqgDD
=4XiP
-----END PGP PUBLIC KEY BLOCK-----
"
--data-urlencode is_primary="true"
--data-urlencode sig_required="true"
https://keybase.io/_/api/1.0/key/add.json

Error in your post

Code:
Name:
Description:

I suspect this is related to currently unresolved issues #1598
#1598, #1822
#1822, and #1885
#1885. It would be
helpful to provide a useful error message to "hardcore mode" users in t he
interim.


Reply to this email directly or view it on GitHub
#2098.

@maxtaco
Copy link
Contributor

maxtaco commented Feb 26, 2016

I think it's fixed, give it a whirl?

@pkirkovsky
Copy link
Author

Nope, same error.

@maxtaco
Copy link
Contributor

maxtaco commented Feb 28, 2016

The same error, meaning an empty error output? or does the error output show? If you could, can you send me the full post so I can repro the issue? You can use PGP or saltpack. It's all public with the exception of your session cookie, which the site operators know anyways. Thanks

@pkirkovsky
Copy link
Author

Yes, I got the same exact "Error in your post" with blank fields response as seen in my initial report. Another point of interest: I repeated the curl command about 5-6 times before before the website told me it timed out, and on one of the tries got a "Success!" message. All other attempts failed with that same blank error message.

Did you want me to post the entire command & output here or in an email?

@maxtaco
Copy link
Contributor

maxtaco commented Feb 28, 2016

An email is better, so you don't leak your session cookie. Thank you!

@maxtaco
Copy link
Contributor

maxtaco commented Feb 28, 2016

[email protected] ...

@pkirkovsky
Copy link
Author

Email sent.
I tried it a few more times and managed to get a "Success!" message again...

@maxtaco
Copy link
Contributor

maxtaco commented Feb 28, 2016

Gah, my bad. I forgot to push my code live. The corrected error-output code should be live now. The error, I'm guessing from the server logs, would say that there's a bad input, error 'Bad base64 string'. Meaning it could be the post was truncated and the base64 body of the key or sig wasn't 4-byte aligned.

@pkirkovsky
Copy link
Author

Great, it looks like errors are showing up now! I sent some intentionally malformed API requests and got these back:

Error in your post
-------------------

Code: 1002
Name: SIG_CANNOT_VERIFY
Description: bad signature: Wrong previous hash; wanted 'xxx' but got 'yyy'
Error in your post
-------------------

Code: 100
Name: INPUT_ERROR
Description: bad base 64 string

Thanks for looking into this, Max.

@maxtaco
Copy link
Contributor

maxtaco commented Feb 28, 2016

No worries, thanks for your bug report. We previously showed the first error type but weren't properly showing the error type in the second case, since it goes through a different code path (input parameter checking) that never even got to the key/add.json handler.

@scott-wilson
Copy link

I just tried to verify my private key, and I'm getting the same error as the OP. (Not sure if this'll help, but I'm on CentOS 7, 64 bit)

Error in your post
-------------------

Code: 100
Name: INPUT_ERROR
Description: bad base 64 string

@maxtaco
Copy link
Contributor

maxtaco commented Dec 29, 2017

try to debug it a bit, maybe by seeing what the intermediate values are

@scott-wilson
Copy link

scott-wilson commented Dec 29, 2017

If I manually resolve the input for curl --data-urlencode sig=, then I get the following error:

Error in your post
-------------------

Code: 100
Name: INPUT_ERROR
Description: missing or invalid input

But, if I change any other part of the message, the error is either the same as before, or I get session/csrf token errors (which I expect).

Thanks for the help so far! Also, should I move this to a new ticket, or send it through email since there may be session info?

@scott-wilson
Copy link

I have managed to make this work on my Ubuntu machine, so I'm going to consider this closed for me.

@john-n-smith
Copy link

Signing a public key using the generated command line script (command line with [bash + GPG + cURL] option on keybase) fails on OS X (Mojave 10.14.4) with the bad base 64 string error. The same generated script succeeds on Linux.

@heronhaye
Copy link

@john-n-smith Are you using bash? What is your gpg --version?

@john-n-smith
Copy link

Yes, I'm using bash. gpg --version reports gpg (GnuPG/MacGPG2) 2.2.10.

@heronhaye
Copy link

Do you see any errors from gpg? Could you run and post the echo '...' | gpg -u ... -a --sign part?

@john-n-smith
Copy link

john-n-smith commented Jun 6, 2019

That part of the command succeeds with:

-----BEGIN PGP MESSAGE-----

owGtU1toVEcY3o2RaDBqMFRBbPWISnEJM2fOnMsafGiEWhRvSQNeyjKXf3ZPstk9
2XM2uI3RB6MQU8FqHiQa70pLkSpesIWqtLQPGkFKHoRoIoZia19KxIf0QTsbKvjg
kzgvP/Pzfd983wdzqGZabEa8vWXV6ERw9kz87l88tmOyDroMnpclI9lltMHUgKyE
MEq1+dJIGggj7HGTUjCJSYECkYJ4NkOM2owohBiAZFjZnJkuxR7mzHakoFRiAhaS
DlIcMSNhKD+XhkJQ8HORlnWQkMT0wAIg1BOO1jMBFJeuQkJhyqgSFmJKEzP5sMzQ
5jgLod7P652+pKbsvQX/nn0Xp+RMYQnLxMpl2OaYCwfbHkWYcNeyCEWoDAyhkGPt
oNGt+UwubPejjNGdMIJ0kCoGkkVQLveda1DFbDaVYWGmTCMWd23TVsT1bCxcEFhI
RYiNOSDlOZRzYKbl6RDIxRhbypZYcc/xKDFNav/f0u2G99aTzhmVgnL2N+ImjE4o
hH4+ZySxBojIL7eDKfVc06EYJQzYGfgFSPllBHVsF+mjGytAp1YSklIHu5JYrlS2
rkooSvR0qEIMWcQjiDOs/YEUnrAwcG5Lphmcegpjod8PoSOXN5KudsfSWjL00zkW
FQtgdFf3xkllLD4jtuiDJZX1jZfysQHVuuvDkSevP8j0ivLviFXPnPt6Mzan6tUX
85r39338cPeIc2vvtYnnsq2yYtPK65sbj0Ntz6etu08OzJw1WJr9YsH60tLm/ktP
PonG7y1euuOPH2u3rr42/4dUsaelCW1fvGnf12u/HWd+9+DQg4sTtzqG6huuHqv4
/Cf3UbLH/73mMD2ycd3h4fHac9+37Cf9vGra3smFcuSC/6Bz+fmnR7dNvmqoLjmD
xRvylyu06sCW4ZfkMWy9+Fsw+Nl3C5qWHOw/verL7c3W852zejcm7i8/H9+z7c+n
pS11Xcsq1k6sH+g6seKbNWNzxr660xd9dGVh3d9D2dTIyd7s8Kl/XwbpuheXNyTz
o8+ebW4a/fmfvsZ9Nb/mupPXjcsX9nRkb/4H
=F5e9
-----END PGP MESSAGE-----

@heronhaye
Copy link

heronhaye commented Jun 6, 2019

What is your curl version? Should be at least 7.55.0.

@heronhaye
Copy link

A workaround (as long as your public key isn't very very large) is to replace the "@-" in the generated script with the public key block at the end. So something like

curl \
  --data-urlencode sig="$(\
   echo '...' | \
   gpg -u '....' -a --sign)" \
  --data-urlencode type="eldest" \
  --data-urlencode csrf_token="...." \
  --data-urlencode plain_out="1" \
  --data-urlencode session="...." \
  --data-urlencode signing_kid="..." \
  --data-urlencode public_key="---BEGIN PGP PUBLIC KEY ...." \
  --data-urlencode is_primary="true" \
  --data-urlencode sig_required="true" \
  https://keybase.io/_/api/1.0/key/add.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants