Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rnpkeys --import rejects an OpenPGP certificate with a signature with an unknown subpacket unless i use --permissive #2223

Open
dkg opened this issue Apr 26, 2024 · 3 comments

Comments

@dkg
Copy link
Contributor

dkg commented Apr 26, 2024

This OpenPGP certificate contains a "1st party approved 3rd party certifications" (1pa3pc) signature over its User ID:

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/Y
O+5Zi7HCiQQfFgoAMQWCZadnIAUJBdtHCwMLCQcDFQoIApsBAh4BFiEE1HcEDHDC
FWpcKYVJu36RAUlea/cACgkQu36RAUlea/edDQD+M2QjnoEyu/TjI+gRXBpXQ5jC
snnp9FdYhaSSUW/vZ8kBAJByWljA9aMfVaVrmvgcYw7jzJz+gmZspBRB++5LZ20N
zRA8ZGtnQGRlYmlhbi5vcmc+wsARBBMWCgB5AwsJB0cUAAAAAAAeACBzYWx0QG5v
dGF0aW9ucy5zZXF1b2lhLXBncC5vcmeJfmd4tfVMI8Nwn0zRQg40bKLnzKDzjO7z
PB6DhHZ/7wMVCggCmwECHgEWIQTUdwQMcMIValwphUm7fpEBSV5r9wUCZadfkAUJ
BdnwRQAKCRC7fpEBSV5r9+owAP93bFzEmTyUj+lmhrot7LSQg3q939MHqd6TlUd/
iPPgfAEA7nf3V5/WPTDhsc2L1cgPVcANe42j/KZFWKuTYsnt0wrCwQAEFhYKAXIF
gmXD0MIJELt+kQFJXmv3RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEt
cGdwLm9yZxSzeD6OCTQUteGo38Ue9DSic5eOjZ8oeSlQQ2UNjGDqFiEE1HcEDHDC
FWpcKYVJu36RAUlea/fAQaUW7nLWeB0XnOSQDsDyATT23t6kDcfNXwjXVYoSdrZD
HwvDA4IgZ+2YOx8h6t4UWxgdbptKy0MDoKpDj4N536WCc3kzvfuSzdirrt5eD6H0
hCoFh7MeVLvFeWodAXaTNJQMv3tUH8F4R8fbp92a1bm50FkJowd9c3boOuGbeGlz
UsDFLyMSw0H04PMlRHraE6voIIwPvcsv0AMADV+O+AkBsWCMYGFONn8+x13GeReN
2PUY7rpBJmljiO3Ol9e7PKLdvqQJhs68CgKgsW9tPSj/KCsCPcdLtXU7l4LpJw7i
zfAXUtL61Ce+LDs2qVtpxAbMIBdmM5DHJcjcFk0B4rwSAAAgmwEAuWxVaeAc1GmV
iBn26LX1pkbcVuMdsQW1Vjy4I6kBHl0BAJ5w+OaUAX9ubO8Wznwr7kEyizXTgnIu
e5ka9/f4TAMB
=56Jp
-----END PGP PUBLIC KEY BLOCK-----

When i try to import it with rnpkeys, i get a failure:

$ rnpkeys --import test.cert
[parse() ./src/librepgp/stream-sig.cpp:405] unknown subpacket : 37
[parse_v4() ./src/librepgp/stream-sig.cpp:1290] failed to parse hashed subpackets
[process_pgp_key_signatures() ./src/librepgp/stream-key.cpp:243] failed to parse signature at 422
failed to import key(s) from -, stopping.
Import finished: 0 keys processed, 0 new public keys, 0 new secret keys, 0 updated, 0 unchanged.
$ rnpkeys --version
rnp 0.17.0-3
Ribose Inc. <rnpgp@ribose.com>
Backend: Botan
Backend version: 2.19.4
Supported algorithms:
Public key:  RSA, ELGAMAL, DSA, ECDH, ECDSA, EDDSA, SM2
Encryption:  IDEA, TRIPLEDES, CAST5, BLOWFISH, AES128, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256, SM4
AEAD:  None, EAX, OCB
Key protection:  CFB
Hash:  MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224, SHA3-256, SHA3-512, SM3
Compression:  Uncompressed, ZIP, ZLIB, BZip2
Curves:  NIST P-256, NIST P-384, NIST P-521, Ed25519, Curve25519, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp256k1, SM2 P-256
Please report security issues at (https://www.rnpgp.org/feedback) and
general bugs at https://github.com/rnpgp/rnp/issues.
$ 

If i try to import it without the 1pa3pc selfsig, rnpkeys imports it just fine. Likewise, if i import it with rnpkeys --import --permissive test.cert it also

rnpkeys being brittle here presents a challenge to the whole ecosystem for deploying any new kind of signature or subpacket.

I think this is related to #2204 -- it is almost certainly a similar policy issue.

@ni4
Copy link
Contributor

ni4 commented Apr 27, 2024

Hi, thanks for letting us know. Yeah, here by default we reject unknown subpacket and signature which includes it, being stricter by default. However user may ignore this error via the CLI (or FFI for API user).

@kaie
Copy link
Contributor

kaie commented May 25, 2024

Why is the subpacket type 37 marked as critical?
If you want it to be ignored by implementations that don't understand it, shouldn't it be marked non-critical?

@dkg
Copy link
Contributor Author

dkg commented May 27, 2024

The subpacket is marked as critical because if you don't understand that kind of subpacket, you should not be accepting that kind of signature.

But, if you ignore this signature (or treat it as invalid), the remaining certificate is still just fine. Rejecting the whole certificate because one signature in it is invalid -- even though you would have accepted the entire certificate had that signature not been there -- this is what makes the implementation unnecessarily brittle. And that brittleness makes it harder to improve the ecosystem as a whole, because implementations (including RNP!) can't deploy newer parts of OpenPGP without worrying that old versions of RNP will choke when they see these things.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants