Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/openpgp: handle "gnu-dummy" S2K #13605

Closed
benburkert opened this issue Dec 14, 2015 · 15 comments
Closed

x/crypto/openpgp: handle "gnu-dummy" S2K #13605

benburkert opened this issue Dec 14, 2015 · 15 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@benburkert
Copy link
Contributor

GPG added a "gnu-dummy" S2K type for keyrings that contain only subkey secret data (like in this guide). openpgp.ReadKeyRing returns an unsupported feature: S2K function error. Value 101 for a "gnu-dummy" S2K which x/crypto/openpgp/s2k.Parse doesn't recognize. Although RFC 4880 does not include this S2K, it does reserve 100 through 110 for extensions like this. These keys could be handled by adding Dummy bool field to encrypted keys and updating the S2K parser to recognize "gnu-dummy" type.

package main

import (
    "bytes"
    "encoding/base64"

    "golang.org/x/crypto/openpgp"
)

func main() {
    data, err := base64.StdEncoding.DecodeString(secring)
    if err != nil {
        panic(err)
    }

    if _, err = openpgp.ReadKeyRing(bytes.NewBuffer(data)); err != nil {
        panic(err)
    }
}

var secring = `lQCVBFZuSwwBBAC04VdUUq2REb7+IF/x21yOV3kIn798XRl7A7RiGcE9VpBjT5xMxtghWhH1mxyT+nrS36OJxdvtgJb3NB6hhh3qBQC6DmCGbWe61tT6TfyFbN6OvzZKMEa6RMunyd+2ErX4RLOcO+9X7a0weVASH5wRYjjqQtvPvt1/k25sloPnZQARAQAB/gNlAkdOVQG0EyA8dGVzdEBleGFtcGxlLmNvbT6IuAQTAQIAIgUCVm5LDAIbLwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQwaXYFkPfLEVROQP/RF4GXi/yGm6yQoDNXFkFiwNhJndayfZxf5Qa+JWz1ltLyal7Dm1c+U6/R/7D25gmEslI+5YrHpbExWXyfG8DbX/5Ef9Be04e9IvjoZboeRpxmyb8IflEw90tJGL8YAK2xWohvayigPnjjhycZQPMuMK9X35o89oJs+p1MxcC9EOwAgAAnQH9BFZuSwwBBADBDfq8oUK8Jr8IVkQEEEZzQ7AWh03oTVodROebMz4vAk34HkrebZuxT4U/8yFIP+kJ3Yie3T8V6F8jF3a3ZUHNj2ghgxMbPH+kRKwBphvX8Fb5GtoFVbJq1tNMDaLhVRIkDLBTqQp/20spcuU5+OMzQRUt+Z6GxMaUwt5zLHPUgwARAQAB/gMDAvozhXZdexxPYMKrp7yC2FNNpVAC61hD0VQKvFeeeXZIGOBx57F1wVBNjuPyglji0kaX0m9yYI+I1V546END4aV/hXlZve3r6qYVE9W+T1imwx1NXPSb0j/nMmdiFYFXuyz70yEO+cDwHONzmRLdBZlP1DKYBcjF7rwF0gWuIoWgDYdfECo/aANSRQtKw5Q6UowQLzpHTV+X6iL/CbjIL5f81KXPMO1AubxzAW+iatzI7jfL0MvA1FxRpMjpHc1uyT8oIfic17PklbjcnLe5GH782AEGhXwn4bY1H+ss0bxmkJV9HkcMokJUVMQxKw+a6+/IuLXdFtcA5z4CDeIbt9rv+b8s0bfq9aW4kDxG3PDcyoMTrTuJLBd6/XwJgdtrmLSCtlU4fLzZEoAd2FVyWbS6Nys3eXgIBkRRokzKANknne78LpvIiamzinb0iJk2X+AYnRKoy1pUsC+unqaXm9YHfdpxv/OXLe13zhSJAT0EGAECAAkFAlZuSwwCGy4AqAkQwaXYFkPfLEWdIAQZAQIABgUCVm5LDAAKCRBv1XiTGF5T/qsmA/9LOUNetM1QtsJ71OVdXE3dutUZULE/27DTrA/vvSfhzSFj3U3FnyI7AVsiiiwmnJnthf0zaa2HYBL844Bm7drtzGBNVvddgIJZKBE0x2vUlTVc661e2FBhtLh6xX2nhEy9owc+C7PR9OXvGiET8tTRnUDUO3PgPkyALkHfQMWMR11sA/0YQl4wf3knjk83DVVhFK5fT2lW4hmSO74tuCAA4V71C8B5rJzVq2vy1L2bGHAroe+LtX30LtZM5qWKzZzK7jjo1/eaXimOkJcnnpg6jmUP7TMkWpU7hlOQ3ZHjS2K5xJYJqBwP86TWPtDLxYD3mTlYtp2dDT8ogV/sEPPd44yWlrACAAA=`

The base64 encoded secring in the above contains a gnu-dummy S2K (notice the gnu-dummy S2K in the output):

$ gpg --list-packets secring.gpg
:secret key packet:
    version 4, algo 1, created 1450068748, expires 0
    skey[0]: [1024 bits]
    skey[1]: [17 bits]
    gnu-dummy S2K, algo: 3, SHA1 protection, hash: 2
    protect IV:
    keyid: C1A5D81643DF2C45
:user ID packet: " <test@example.com>"
:signature packet: algo 1, keyid C1A5D81643DF2C45
    version 4, created 1450068748, md5len 0, sigclass 0x13
    digest algo 2, begin of digest 51 39
    hashed subpkt 2 len 4 (sig created 2015-12-14)
    hashed subpkt 27 len 1 (key flags: 2F)
    hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
    hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
    hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
    hashed subpkt 30 len 1 (features: 01)
    hashed subpkt 23 len 1 (key server preferences: 80)
    subpkt 16 len 8 (issuer key ID C1A5D81643DF2C45)
    data: [1023 bits]
:trust packet: flag=00 sigcache=00
:secret sub key packet:
    version 4, algo 1, created 1450068748, expires 0
    skey[0]: [1024 bits]
    skey[1]: [17 bits]
    iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: fa3385765d7b1c4f
    protect count: 65536 (96)
    protect IV:  c2 ab a7 bc 82 d8 53 4d
    encrypted stuff follows
    keyid: 6FD57893185E53FE
:signature packet: algo 1, keyid C1A5D81643DF2C45
    version 4, created 1450068748, md5len 0, sigclass 0x18
    digest algo 2, begin of digest 5d 6c
    hashed subpkt 2 len 4 (sig created 2015-12-14)
    hashed subpkt 27 len 1 (key flags: 2E)
    subpkt 16 len 8 (issuer key ID C1A5D81643DF2C45)
    subpkt 32 len 156 (signature: v4, class 0x19, algo 1, digest algo 2)
    data: [1021 bits]
:trust packet: flag=00 sigcache=00
@benburkert benburkert mentioned this issue Dec 16, 2015
Closed
@rsc rsc added this to the Unreleased milestone Dec 28, 2015
@alevy alevy mentioned this issue Feb 7, 2016
Closed
@maxtaco
Copy link

maxtaco commented Feb 21, 2016

@rsc I've made some progress on this in my fork if you're curious. There are some cases we're not handling yet though, clearly...

This was referenced Mar 15, 2016
Closed
Open
@maticmeznar
Copy link

Is there an official answer on when this bug is going to be fixed?

@bradfitz
Copy link
Contributor

bradfitz commented Apr 5, 2016

Is there an official answer on when this bug is going to be fixed?

There is not.

This not a core part of Go. It's in an official golang.org subrepo and is subject to code review, but anybody can contribute fixes. Nobody works on the openpgp package full time.

@maxtaco
Copy link

maxtaco commented Apr 5, 2016

We've made some more progress on our fork. Our support for Gnu S2K dummy and also YubiKeys is improved over the last few weeks.

@maticmeznar
Copy link

@maxtaco Would it be possible for you to make a PR (or whatever needs to be done according to https://golang.org/doc/contribute.html) with the bugfix so someone (@bradfitz ?) can review and (hopefully) accept it?

@maxtaco
Copy link

maxtaco commented Apr 5, 2016

I previously tried that it and took a lot of effort to get ramped up on Gerrit in their PR workflow, but the PR was never reviewed, so I stopped. We've since made a lot of changes and we'd have to invest significant effort in fitting them into self-contained PRs.

Not to cast blame on the Go team, they're obviously extremely busy and doing great work. I also furthermore don't blame them that OpenPGP is low on their priority list, since with all of the upgrade churn from 2.0 to 2.1, and with smartcards / yubikeys, it's basically impossible to make a complete implementation.

@bradfitz
Copy link
Contributor

bradfitz commented Apr 5, 2016

I see one CL from you that hasn't been reviewed: https://go-review.googlesource.com/#/c/14794/

Is that the one?

Please ping that review. @agl is not a member of the Go team. He has a real job and just contributes (a ton) to Go when he has free time.

@maxtaco
Copy link

maxtaco commented Apr 6, 2016

Sorry to be a totally noob, but how do I "ping" a review? Sorry to ask a silly question

@alexbrainman
Copy link
Member

how do I "ping" a review?

There are multiple messages (2 at this moment) on the bottom of your code review screen (https://go-review.googlesource.com/#/c/14794/). These capture all messages sent to you and reviewers. You can reply to any of those messages by clicking "Reply to this message" button on the very right of expanded message. Just reply with "Ping" or any other message you want your reviewers to see (Brad set your reviewer to agl).

Alex

@maxtaco
Copy link

maxtaco commented Apr 6, 2016

Thanks @alexbrainman, I gave it a try.

@maxtaco
Copy link

maxtaco commented Apr 6, 2016

Thanks @bradfitz for the merge. Well, we have our work cut out for us for upstreaming the rest of the patches. I'll work on scheduling it into our backlog!

@gopherbot
Copy link

CL https://golang.org/cl/32797 mentions this issue.

@karalabe
Copy link
Contributor

karalabe commented Nov 7, 2016

I wrote up a patch to fix this issue. Perhaps this round we can do a review faster than 7 months? ;)

@NiklasMerz
Copy link

@karalabe @agl Not quite less than 7 months ;)

@a-feld a-feld mentioned this issue Jul 16, 2019
Open
syadav2015 pushed a commit to syadav2015/crypto that referenced this issue Aug 22, 2019
@karalabe @syadav2015
openpgp: support GNU dummy S2K for missing private keys
4e4f420 
GNU defines an extension to the S2K algorithms where the private
key of a PGP is missing and only subkeys are present. These
incomplete keys are useful in scenarios where a user distributes
various subkeys to individual places (e.g. various build servers)
while retaining the master key.

The extension is described at: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109

Fixes golang/go#13605

Change-Id: I901d7c902d255a6b73a787a6b2a9c6181c4de048
syadav2015 pushed a commit to syadav2015/crypto that referenced this issue Aug 22, 2019
@karalabe @syadav2015
openpgp: support GNU dummy S2K for missing private keys
7311d92 
GNU defines an extension to the S2K algorithms where the private
key of a PGP is missing and only subkeys are present. These
incomplete keys are useful in scenarios where a user distributes
various subkeys to individual places (e.g. various build servers)
while retaining the master key.

The extension is described at: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109

Fixes golang/go#13605

Change-Id: I901d7c902d255a6b73a787a6b2a9c6181c4de048
@erikgeiser erikgeiser mentioned this issue Jan 7, 2021
Closed
@djgilcrease djgilcrease mentioned this issue Jan 12, 2021
Closed
@FiloSottile
Copy link
Contributor

Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.

If this is a security issue, please email security@golang.org and we will assess it and provide a fix.

If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here.

If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one.

@IvanPizhenko IvanPizhenko mentioned this issue Jul 19, 2021
Merged
@golang golang locked and limited conversation to collaborators Mar 29, 2022
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

Successfully merging a pull request may close this issue.

openpgp: enable signing using a subkey that does not have the primary key private material