-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Importing a key has no verbosity information, unhelpful error message #1974
Comments
Importing a key from a remote URL is a bad idea. Generally, one should only import keys that are the output of |
Can you do a |
Or use https://dump.sequoia-pgp.org/ for better readability. |
@DemiMarie totally agree that its reckless to be importing keys via URL, thankfully there's some (hopefully functioning properly) validation going on here that just needs to have it's output be better exposed to help end users understand why it deems their key invalid if you want to reproduce this bug on your own, the key is actually public, and for grafana's rpm repo, key is at: https://packages.grafana.com/gpg.key as for output:
|
@DaveWK please let Grafana know that they need to re-sign their key with a stronger hash algorithm. |
Thanks, but my issue is that |
As a general rule of thumb, I recommend always importing keys into GPG or Sequoia and exporting them from there by fingerprint. RPM’s OpenPGP implementation is extremely barebones, whereas GPG and Sequoia will give much better error messages. |
Thanks, I assume the key strength change is fairly new, and that a lot of people will be confused by the current state of the output and verbosity. Is it possible to add the validation parameters being used (including key strength) in the verbosity output so people know things like what the minimum strength requirement is? Ideally it would tell me the reason it rejected the key, but if the problem is the OpenPGP implementation is very barebones, and doesn't include a reason, it would be nice to know what criteria is being used by the caller the user can investigate if the reason is because the key is completely invalid, or just too weak. |
That is an interesting idea which I had not considered. |
- When importing a certificate, lint the certificate to show the user possible issues. Fail if the certificate is completely unusable. - Fixes rpm-software-management#1974.
I've created a proof of concept of how we might communicate that a certificate is invalid or has issues. This is based on the Sequoia port (#1978). The modifications to the Sequoia backend for rpm is here: https://gitlab.com/sequoia-pgp/rpm-sequoia/-/tree/neal/linter . To see how this looks, I've used a few certificates from the Sequoia test suite. Here the output, which I think is self explanatory. Nevertheless: the basic idea is: flag certificates and subkeys that are revoked, expired, or unusable (no binding signature, bad algorithm, etc).
I look forward to feedback. |
@nwalfield |
The proposed patch handles weak hash algorithms as well. In that case, the binding signature will be considered invalid and will be ignored and the error message will be something like:
|
@nwalfield Excellent! Thanks so much! I think this will help out a lot with people that run into the new changes in requirements. |
When importing an OpenPGP certificate, lint the certificate to show the user possible issues. Fail if the certificate is completely unusable. Using the Sequoia backend, this yields, for instance: $ ./rpmkeys --import tests/data/keys/alice-revoked-subkey.asc Certificate B3A771BFEB04E625: Subkey 1F71177215217EE0 was revoked: Key material has been compromised, it was the maid Certificate does not have any usable signing keys Fixes rpm-software-management#1974.
When importing an OpenPGP certificate, lint the certificate to show the user possible issues. Fail if the certificate is completely unusable. Using the Sequoia backend, this yields, for instance: $ ./rpmkeys --import tests/data/keys/alice-revoked-subkey.asc Certificate B3A771BFEB04E625: Subkey 1F71177215217EE0 was revoked: Key material has been compromised, it was the maid Certificate does not have any usable signing keys Fixes rpm-software-management#1974.
When importing an OpenPGP certificate, lint the certificate to show the user possible issues. Fail if the certificate is completely unusable. Using the Sequoia backend, this yields, for instance: $ ./rpmkeys --import tests/data/keys/alice-revoked-subkey.asc Certificate B3A771BFEB04E625: Subkey 1F71177215217EE0 was revoked: Key material has been compromised, it was the maid Certificate does not have any usable signing keys Fixes rpm-software-management#1974.
When importing an OpenPGP certificate, lint the certificate to show the user possible issues. Fail if the certificate is completely unusable. Using the Sequoia backend, this yields, for instance: $ ./rpmkeys --import tests/data/keys/alice-revoked-subkey.asc Certificate B3A771BFEB04E625: Subkey 1F71177215217EE0 was revoked: Key material has been compromised, it was the maid Certificate does not have any usable signing keys Fixes rpm-software-management#1974.
When importing an OpenPGP certificate, lint the certificate to show the user possible issues. Fail if the certificate is completely unusable. Using the Sequoia backend, this yields, for instance: $ ./rpmkeys --import tests/data/keys/alice-revoked-subkey.asc Certificate B3A771BFEB04E625: Subkey 1F71177215217EE0 was revoked: Key material has been compromised, it was the maid Certificate does not have any usable signing keys Fixes rpm-software-management#1974.
When importing an OpenPGP certificate, lint the certificate to show the user possible issues. Fail if the certificate is completely unusable. Using the Sequoia backend, this yields, for instance: $ ./rpmkeys --import tests/data/keys/alice-revoked-subkey.asc Certificate B3A771BFEB04E625: Subkey 1F71177215217EE0 was revoked: Key material has been compromised, it was the maid Certificate does not have any usable signing keys Fixes rpm-software-management#1974.
When importing an OpenPGP certificate, lint the certificate to show the user possible issues. Fail if the certificate is completely unusable. Using the Sequoia backend, this yields, for instance: $ ./rpmkeys --import tests/data/keys/alice-revoked-subkey.asc Certificate B3A771BFEB04E625: Subkey 1F71177215217EE0 was revoked: Key material has been compromised, it was the maid Certificate does not have any usable signing keys Fixes rpm-software-management#1974.
When importing an OpenPGP certificate, lint the certificate to show the user possible issues. Fail if the certificate is completely unusable. Using the Sequoia backend, this yields, for instance: $ ./rpmkeys --import tests/data/keys/alice-revoked-subkey.asc Certificate B3A771BFEB04E625: Subkey 1F71177215217EE0 was revoked: Key material has been compromised, it was the maid Certificate does not have any usable signing keys Fixes #1974.
When importing an OpenPGP certificate, lint the certificate to show the user possible issues. Fail if the certificate is completely unusable. Using the Sequoia backend, this yields, for instance: $ ./rpmkeys --import tests/data/keys/alice-revoked-subkey.asc Certificate B3A771BFEB04E625: Subkey 1F71177215217EE0 was revoked: Key material has been compromised, it was the maid Certificate does not have any usable signing keys Fixes rpm-software-management#1974. (cherry pick d703160)
When importing an OpenPGP certificate, lint the certificate to show the user possible issues. Fail if the certificate is completely unusable. Using the Sequoia backend, this yields, for instance: $ ./rpmkeys --import tests/data/keys/alice-revoked-subkey.asc Certificate B3A771BFEB04E625: Subkey 1F71177215217EE0 was revoked: Key material has been compromised, it was the maid Certificate does not have any usable signing keys Fixes #1974. (cherry pick d703160)
I am attempting to import a repo key:
Where gpg.key is a local key. This also happens with remote URLs. I would have expected that it actually gives me an indication what the problem with the key is, or at least give me a hint what process/helper to check to further debug..
I am not particularly interested in why this particular key is failing (I assume it's the subkey enforcement changes) but without any indication for a reason, it's a bad UX.
The text was updated successfully, but these errors were encountered: