bug report: problems with import of secret keys with old prefs

Dirk Traulsen dirk.traulsen at lypso.de
Thu Jun 8 11:20:34 CEST 2006 

Hi,
I've found a bug during the import of secret keys.

Scenario:
gpg 1.4.3 on WinXP
File 'export-sec.asc' contains 4 secret keys: 
    2EDFB41E Dirk Traulsen (dtg-1) <Dirk.Traulsen at gmx.de>
    B853D346 Dirk Traulsen <Dirk.Traulsen at uni-konstanz.de>
    CDDB9911 Dirk Traulsen (dtl-2) <Dirk.Traulsen at lypso.de>
    5CCF925A Dirk Traulsen (dtl-1) <Dirk.Traulsen at lypso.de>
Key number 2 is an old key with very old preferences (S3 S2 S1). 

Upon import of 'export-sec.asc' gpg tries to update the preferences 
and comes into trouble!

As I tested, this is independant of 
1. the presence of the files secring.gpg and pubring.gpg,
2. the presence of other keys in the keyring,
3. the presence of the corresponding public keys,
4. the armoring or not armoring of the file to import or
5. the locale. (This time I checked this with Lang=de and en.)

After importing the first key, gpg finds the unpleasing preferences 
on the second key and asks for remedy. 
When I refuse to update the prefs, gpg prints "Key not changed so no 
update needed." and I get asked the same question again. 
(Bug#1 or peeving feature?)

For the rest it doesn't matter whether I change the prefs or not.
gpg doesn't succed in making secring.tmp the new secring.gpg (bug#2). 
secring.tmp stays in the directory and gpg breaks off the import, but 
not after generating and importing the public key of key number 3. 

Now I have the keys number 1+2 in both keyrings, key number 3 only in 
pubring.gpg and an additional file secring.tmp. 

When I start the import again, everything goes fine and secring.tmp 
gets deleted.

Hope this helps,
Dirk


===== Screencopy ==========================================

C:\Dokumente und Einstellungen\Dirk>gpg --import export-sec.asc
gpg: key 2EDFB41E: secret key imported
gpg: key 2EDFB41E: public key "Dirk Traulsen (dtg-1) 
<Dirk.Traulsen at gmx.de>" imported
gpg: key B853D346: secret key imported
gpg: key B853D346: public key "Dirk Traulsen <Dirk.Traulsen at uni-
konstanz.de>" imported
gpg: WARNING: key B853D346 contains preferences for unavailable
algorithms on these user IDs:
gpg:          "Dirk Traulsen <Dirk.Traulsen at uni-konstanz.de>": 
preference for cipher algorithm 1
gpg: it is strongly suggested that you update your preferences and
gpg: re-distribute this key to avoid potential algorithm mismatch 
problems

Set preference list to:
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA1, SHA256, RIPEMD160
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
Really update the preferences? (y/N) n

Key not changed so no update needed.
gpg: WARNING: key B853D346 contains preferences for unavailable
algorithms on these user IDs:
gpg:          "Dirk Traulsen <Dirk.Traulsen at uni-konstanz.de>": 
preference for cipher algorithm 1
gpg: it is strongly suggested that you update your preferences and
gpg: re-distribute this key to avoid potential algorithm mismatch 
problems

Set preference list to:
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA1, SHA256, RIPEMD160
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
Really update the preferences? (y/N) n

Key not changed so no update needed.
gpg: renaming `C:/Dokumente und Einstellungen/Dirk
/Anwendungsdaten/gnupg\secring.tmp' to `C:/Dokumente und 
Einstellungen/Dirk/Anwendungsdaten/gnupg\secring.gpg'
 failed: File exists
gpg: WARNING: 2 files with confidential information exists.
gpg: C:/Dokumente und Einstellungen/Dirk
/Anwendungsdaten/gnupg\secring.gpg is the unchanged one
gpg: C:/Dokumente und Einstellungen/Dirk
/Anwendungsdaten/gnupg\secring.tmp is the new one
gpg: Please fix this possible security flaw
gpg: error writing keyring `C:/Dokumente und 
Einstellungen/Dirk/Anwendungsdaten/
gnupg\secring.gpg': file rename error
gpg: key CDDB9911: secret key imported
gpg: key CDDB9911: public key "Dirk Traulsen (dtl-2) 
<Dirk.Traulsen at lypso.de>" imported
gpg: error reading `export-sec.asc': file rename error
gpg: import from `export-sec.asc' failed: file rename error
gpg: Total number processed: 2
gpg:               imported: 3
gpg:       secret keys read: 3
gpg:   secret keys imported: 3

C:\Dokumente und Einstellungen\Dirk>gpg -K
C:/Dokumente und Einstellungen/Dirk/Anwendungsdaten/gnupg\secring.gpg
---------------------------------------------------------------------
sec   1024D/2EDFB41E 1998-11-04
uid                  Dirk Traulsen (dtg-1) <Dirk.Traulsen at gmx.de>
ssb   4096g/0B9DCED2 1998-11-04
ssb   1024D/0A77A149 2005-10-21

sec   1024D/B853D346 1998-04-10
uid                  Dirk Traulsen <Dirk.Traulsen at uni-konstanz.de>
ssb   4096g/9C1C598E 1998-04-10


C:\Dokumente und Einstellungen\Dirk>gpg -k
C:/Dokumente und Einstellungen/Dirk/Anwendungsdaten/gnupg\pubring.gpg
---------------------------------------------------------------------
pub   1024D/2EDFB41E 1998-11-04
uid                  Dirk Traulsen (dtg-1) <Dirk.Traulsen at gmx.de>
sub   4096g/0B9DCED2 1998-11-04
sub   1024D/0A77A149 2005-10-21

pub   1024D/B853D346 1998-04-10
uid                  Dirk Traulsen <Dirk.Traulsen at uni-konstanz.de>
sub   4096g/9C1C598E 1998-04-10

pub   1024D/CDDB9911 2005-10-18
uid                  Dirk Traulsen (dtl-2) <Dirk.Traulsen at lypso.de>
uid                  Dirk Traulsen <Dirk.Traulsen at gmx.de>
sub   4096g/E192093D 2005-10-21
sub   1024D/770BEF07 2005-10-21


C:\Dokumente und Einstellungen\Dirk>gpg --import export-sec.asc
gpg: key 2EDFB41E: already in secret keyring
gpg: key B853D346: already in secret keyring
gpg: key CDDB9911: secret key imported
gpg: key CDDB9911: "Dirk Traulsen (dtl-2) <Dirk.Traulsen at lypso.de>" 
not changed
gpg: key 5CCF925A: secret key imported
gpg: key 5CCF925A: public key "Dirk Traulsen (dtl-1) 
<Dirk.Traulsen at lypso.de>" imported
gpg: Total number processed: 4
gpg:               imported: 1
gpg:              unchanged: 1
gpg:       secret keys read: 4
gpg:   secret keys imported: 2
gpg:  secret keys unchanged: 2

C:\Dokumente und Einstellungen\Dirk>gpg -K
C:/Dokumente und Einstellungen/Dirk/Anwendungsdaten/gnupg\secring.gpg
---------------------------------------------------------------------
sec   1024D/2EDFB41E 1998-11-04
uid                  Dirk Traulsen (dtg-1) <Dirk.Traulsen at gmx.de>
ssb   4096g/0B9DCED2 1998-11-04
ssb   1024D/0A77A149 2005-10-21

sec   1024D/B853D346 1998-04-10
uid                  Dirk Traulsen <Dirk.Traulsen at uni-konstanz.de>
ssb   4096g/9C1C598E 1998-04-10

sec   1024D/CDDB9911 2005-10-18
uid                  Dirk Traulsen (dtl-2) <Dirk.Traulsen at lypso.de>
uid                  Dirk Traulsen <Dirk.Traulsen at gmx.de>
ssb   4096g/E192093D 2005-10-21
ssb   1024D/770BEF07 2005-10-21

sec   1024D/5CCF925A 2004-12-14
uid                  Dirk Traulsen (dtl-1) <Dirk.Traulsen at lypso.de>
ssb   4096g/743DD3E2 2004-12-14


C:\Dokumente und Einstellungen\Dirk>gpg -k
C:/Dokumente und Einstellungen/Dirk/Anwendungsdaten/gnupg\pubring.gpg
---------------------------------------------------------------------
pub   1024D/2EDFB41E 1998-11-04
uid                  Dirk Traulsen (dtg-1) <Dirk.Traulsen at gmx.de>
sub   4096g/0B9DCED2 1998-11-04
sub   1024D/0A77A149 2005-10-21

pub   1024D/B853D346 1998-04-10
uid                  Dirk Traulsen <Dirk.Traulsen at uni-konstanz.de>
sub   4096g/9C1C598E 1998-04-10

pub   1024D/CDDB9911 2005-10-18
uid                  Dirk Traulsen (dtl-2) <Dirk.Traulsen at lypso.de>
uid                  Dirk Traulsen <Dirk.Traulsen at gmx.de>
sub   4096g/E192093D 2005-10-21
sub   1024D/770BEF07 2005-10-21

pub   1024D/5CCF925A 2004-12-14
uid                  Dirk Traulsen (dtl-1) <Dirk.Traulsen at lypso.de>
sub   4096g/743DD3E2 2004-12-14

More information about the Gnupg-devel mailing list