GNU bug report logs - #49279
26.1; mml-secure-secret-key-exists-p wrong assumption on subkeys with same fingerprint

Previous Next

Package: emacs;

Reported by: Joerg Jaspert <joerg <at> ganneff.de>

Date: Tue, 29 Jun 2021 21:12:02 UTC

Severity: normal

Tags: moreinfo

Found in version 26.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Joerg Jaspert <joerg <at> ganneff.de>
To: 49279 <at> debbugs.gnu.org
Subject: bug#49279: 26.1; mml-secure-secret-key-exists-p wrong assumption on subkeys with same fingerprint
Date: Tue, 29 Jun 2021 22:29:41 +0200

[Message part 1 (text/plain, inline)]
Hi

Task: Send signed mail from within emacs (notmuch) using message mode 
and mml-sign.

Problem: the function mml-secure-secret-key-exists-p breaks. It says it 
found multiple secret keys with the same fingerprint, and refuses to 
work.

I *guess* the way gpg outputs things changed / got adopted. Likely when 
they did away with secret keyrings.

Now, setup:
I have the following entries in my ~/.gnupg/gpg.conf:
--8<---------------cut here---------------start------------->8---
primary-keyring ~/.gnupg/pubring.gpg                                                                                         
keyring /usr/share/keyrings/debian-keyring.gpg                                                                              
--8<---------------cut here---------------end--------------->8---

I have *ONE* secret key (with that fingerprint) in my gpg store.
I have my public key in my pubring.gpg, and it *also* exists in the 
debian-keyring.gpg.

Now trying to send mail, mml dies, debugger output pasted below.

I *suspect* it is from gpg changes to their output, but wherever it is 
from, I also think the error call shouldn't be there inside mml.
As soon as I comment the second *public* keyring, sending signed mail 
works fine.


Debugger entered--Lisp error: (error "Found 2 secret keys with same 
fingerprint FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4")
 signal(error ("Found 2 secret keys with same fingerprint 
 FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4"))
 error("Found %d secret keys with same fingerprint %s" 2 
 "FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4")
 mml-secure-secret-key-exists-p(#s(epg-context :protocol OpenPGP 
 :program "/bin/gpg2" :home-directory nil :armor nil :textmode nil 
 :include-certs nil :cipher-algorithm nil :digest-algorithm nil 
 :compress-algorithm nil :passphrase-callback 
 (epg-passphrase-callback-function) :progress-callback nil 
 :edit-callback nil :signers nil :sig-notations nil :process nil 
 :output-file nil :result nil :operation nil :pinentry-mode nil 
 :error-output "" :error-buffer nil) #s(epg-sub-key :validity ultimate 
 :capability (sign certify) :secret-p nil :algorithm 1 :length 4096 :id 
 "DB16CF5BB12525C4" :creation-time (18951 . 16192) :expiration-time nil 
 :fingerprint "FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4"))
 mml-secure-check-sub-key(#s(epg-context :protocol OpenPGP :program 
 "/bin/gpg2" :home-directory nil :armor nil :textmode nil 
 :include-certs nil :cipher-algorithm nil :digest-algorithm nil 
 :compress-algorithm nil :passphrase-callback 
 (epg-passphrase-callback-function) :progress-callback nil 
 :edit-callback nil :signers nil :sig-notations nil :process nil 
 :output-file nil :result nil :operation nil :pinentry-mode nil 
 :error-output "" :error-buffer nil) #s(epg-key :owner-trust ultimate 
 :sub-key-list (#s(epg-sub-key :validity ultimate :capability (sign 
 certify) :secret-p nil :algorithm 1 :length 4096 :id 
 "DB16CF5BB12525C4" :creation-time (18951 . 16192) :expiration-time nil 
 :fingerprint "FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4") 
 #s(epg-sub-key :validity ultimate :capability (encrypt) :secret-p nil 
 :algorithm 1 :length 4096 :id "A258CB3FE075ECFF" :creation-time (18951 
 . 16333) :expiration-time nil :fingerprint 
 "684795DC5F511A7E647B0238A258CB3FE075ECFF") #s(epg-sub-key :validity 
 ultimate :capability (sign) :secret-p nil :algorithm 1 :length 4096 
 :id "C7B01D35AB0F24B9" :creation-time (20902 . 23882) :expiration-time 
 (26587 . 18565) :fingerprint 
 "9630CE701E2ADEC3200CE0EEC7B01D35AB0F24B9") #s(epg-sub-key :validity 
 ultimate :capability (encrypt) :secret-p nil :algorithm 1 :length 4096 
 :id "80816AE630EC8D38" :creation-time (20902 . 24081) :expiration-time 
 (26587 . 18565) :fingerprint 
 "56776C422F34E07911E9767980816AE630EC8D38") #s(epg-sub-key :validity 
 ultimate :capability (authentication) :secret-p nil :algorithm 1 
 :length 4096 :id "C58ADA645E749E7B" :creation-time (22845 . 13953) 
 :expiration-time (26587 . 18565) :fingerprint 
 "E052D610BA150904F4274EDEC58ADA645E749E7B") #s(epg-sub-key :validity 
 ultimate :capability (sign) :secret-p nil :algorithm 1 :length 4096 
 :id "F35578BF98805660" :creation-time (22845 . 13910) :expiration-time 
 (26587 . 18565) :fingerprint 
 "72DCBECE755A9FDD14838015F35578BF98805660") #s(epg-sub-key :validity 
 ultimate :capability (encrypt) :secret-p nil :algorithm 1 :length 4096 
 :id "12AFA0F1A51A254B" :creation-time (22845 . 13930) :expiration-time 
 (26587 . 18565) :fingerprint 
 "0FD59ABE3286179ED6103BBF12AFA0F1A51A254B") #s(epg-sub-key :validity 
 expired :capability (authentication) :secret-p nil :algorithm 1 
 :length 4096 :id "70E69D7B90479E6D" :creation-time (21978 . 52225) 
 :expiration-time (22723 . 43905) :fingerprint 
 "419DB01F85B3E1ED1207715270E69D7B90479E6D")) :user-id-list 
 (#s(epg-user-id :validity ultimate :string "Joerg Jaspert 
 <joerg <at> debian.org>" :signature-list nil) #s(epg-user-id :validity 
 ultimate :string "Joerg Jaspert <joerg <at> ganneff.de>" :signature-list 
 nil) #s(epg-user-id :validity ultimate :string "Joerg Jaspert 
 <joerg <at> spi-inc.org>" :signature-list nil) #s(epg-user-id :validity 
 ultimate :string "Joerg Jaspert <joerg <at> debconf.org>" :signature-list 
 nil))) sign nil)
 mml-secure-find-usable-keys(#s(epg-context :protocol OpenPGP :program 
 "/bin/gpg2" :home-directory nil :armor nil :textmode nil 
 :include-certs nil :cipher-algorithm nil :digest-algorithm nil 
 :compress-algorithm nil :passphrase-callback 
 (epg-passphrase-callback-function) :progress-callback nil 
 :edit-callback nil :signers nil :sig-notations nil :process nil 
 :output-file nil :result nil :operation nil :pinentry-mode nil 
 :error-output "" :error-buffer nil) "<joerg <at> ganneff.de>" sign)
 #f(compiled-function (name) #<bytecode 
 0x28237f5>)("<joerg <at> ganneff.de>")
 mapcar(#f(compiled-function (name) #<bytecode 0x28237f5>) 
 ("<joerg <at> ganneff.de>"))
 mml-secure-select-preferred-keys(#s(epg-context :protocol OpenPGP 
 :program "/bin/gpg2" :home-directory nil :armor nil :textmode nil 
 :include-certs nil :cipher-algorithm nil :digest-algorithm nil 
 :compress-algorithm nil :passphrase-callback 
 (epg-passphrase-callback-function) :progress-callback nil 
 :edit-callback nil :signers nil :sig-notations nil :process nil 
 :output-file nil :result nil :operation nil :pinentry-mode nil 
 :error-output "" :error-buffer nil) ("<joerg <at> ganneff.de>") sign)
 mml-secure-signers(#s(epg-context :protocol OpenPGP :program 
 "/bin/gpg2" :home-directory nil :armor nil :textmode nil 
 :include-certs nil :cipher-algorithm nil :digest-algorithm nil 
 :compress-algorithm nil :passphrase-callback 
 (epg-passphrase-callback-function) :progress-callback nil 
 :edit-callback nil :signers nil :sig-notations nil :process nil 
 :output-file nil :result nil :operation nil :pinentry-mode nil 
 :error-output "" :error-buffer nil) ("<joerg <at> ganneff.de>"))
 mml-secure-epg-sign(OpenPGP t)
 mml2015-epg-sign((part (sign . "pgpmime") (tag-location . 405) 
 (contents . #("test, sending signed mail\n-- \nbye, Joerg\n" 25 26 
 (hard t display "⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t 
 display "⏎\n")))))
 mml2015-sign((part (sign . "pgpmime") (tag-location . 405) (contents . 
 #("test, sending signed mail\n-- \nbye, Joerg\n" 25 26 (hard t display 
 "⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t display "⏎\n")))))
 mml-pgpmime-sign-buffer((part (sign . "pgpmime") (tag-location . 405) 
 (contents . #("test, sending signed mail\n-- \nbye, Joerg\n" 25 26 
 (hard t display "⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t 
 display "⏎\n")))))
 mml-generate-mime-1((part (sign . "pgpmime") (tag-location . 405) 
 (contents . #("test, sending signed mail\n-- \nbye, Joerg\n" 25 26 
 (hard t display "⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t 
 display "⏎\n")))))
 mml-generate-mime()
 message-encode-message-body()
 message-send-mail(nil)
 message-send-via-mail(nil)
 message-send(nil)
 message-send-and-exit(nil)
 notmuch-mua-send-common(nil t)
 notmuch-mua-send-and-exit(nil)
 funcall-interactively(notmuch-mua-send-and-exit nil)
 call-interactively(notmuch-mua-send-and-exit nil nil)
 command-execute(notmuch-mua-send-and-exit)


In GNU Emacs 26.1 (build 2, x86_64-pc-linux-gnu, GTK+ Version 3.24.5)
of 2021-01-31, modified by Debian built on x86-csail-01
Windowing system distributor 'The X.Org Foundation', version 
11.0.12004000
System Description:	Debian GNU/Linux 10 (buster)


-- 
bye, Joerg

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 2 years and 276 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.