bug#49279: 26.1; mml-secure-secret-key-exists-p wrong assumption on subkeys with same fingerprint

bug#49279: 26.1; mml-secure-secret-key-exists-p wrong assumption on subkeys with same fingerprint

[Joerg Jaspert]

[-- Attachment #1: Type: text/plain, Size: 8727 bytes --]

Hi

Task: Send signed mail from within emacs (notmuch) using message mode 
and mml-sign.

Problem: the function mml-secure-secret-key-exists-p breaks. It says it 
found multiple secret keys with the same fingerprint, and refuses to 
work.

I *guess* the way gpg outputs things changed / got adopted. Likely when 
they did away with secret keyrings.

Now, setup:
I have the following entries in my ~/.gnupg/gpg.conf:
--8<---------------cut here---------------start------------->8---
primary-keyring ~/.gnupg/pubring.gpg                                                                                         
keyring /usr/share/keyrings/debian-keyring.gpg                                                                              
--8<---------------cut here---------------end--------------->8---

I have *ONE* secret key (with that fingerprint) in my gpg store.
I have my public key in my pubring.gpg, and it *also* exists in the 
debian-keyring.gpg.

Now trying to send mail, mml dies, debugger output pasted below.

I *suspect* it is from gpg changes to their output, but wherever it is 
from, I also think the error call shouldn't be there inside mml.
As soon as I comment the second *public* keyring, sending signed mail 
works fine.


Debugger entered--Lisp error: (error "Found 2 secret keys with same 
fingerprint FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4")
  signal(error ("Found 2 secret keys with same fingerprint 
  FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4"))
  error("Found %d secret keys with same fingerprint %s" 2 
  "FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4")
  mml-secure-secret-key-exists-p(#s(epg-context :protocol OpenPGP 
  :program "/bin/gpg2" :home-directory nil :armor nil :textmode nil 
  :include-certs nil :cipher-algorithm nil :digest-algorithm nil 
  :compress-algorithm nil :passphrase-callback 
  (epg-passphrase-callback-function) :progress-callback nil 
  :edit-callback nil :signers nil :sig-notations nil :process nil 
  :output-file nil :result nil :operation nil :pinentry-mode nil 
  :error-output "" :error-buffer nil) #s(epg-sub-key :validity ultimate 
  :capability (sign certify) :secret-p nil :algorithm 1 :length 4096 :id 
  "DB16CF5BB12525C4" :creation-time (18951 . 16192) :expiration-time nil 
  :fingerprint "FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4"))
  mml-secure-check-sub-key(#s(epg-context :protocol OpenPGP :program 
  "/bin/gpg2" :home-directory nil :armor nil :textmode nil 
  :include-certs nil :cipher-algorithm nil :digest-algorithm nil 
  :compress-algorithm nil :passphrase-callback 
  (epg-passphrase-callback-function) :progress-callback nil 
  :edit-callback nil :signers nil :sig-notations nil :process nil 
  :output-file nil :result nil :operation nil :pinentry-mode nil 
  :error-output "" :error-buffer nil) #s(epg-key :owner-trust ultimate 
  :sub-key-list (#s(epg-sub-key :validity ultimate :capability (sign 
  certify) :secret-p nil :algorithm 1 :length 4096 :id 
  "DB16CF5BB12525C4" :creation-time (18951 . 16192) :expiration-time nil 
  :fingerprint "FBFABDB541B5DC955BD9BA6EDB16CF5BB12525C4") 
  #s(epg-sub-key :validity ultimate :capability (encrypt) :secret-p nil 
  :algorithm 1 :length 4096 :id "A258CB3FE075ECFF" :creation-time (18951 
  . 16333) :expiration-time nil :fingerprint 
  "684795DC5F511A7E647B0238A258CB3FE075ECFF") #s(epg-sub-key :validity 
  ultimate :capability (sign) :secret-p nil :algorithm 1 :length 4096 
  :id "C7B01D35AB0F24B9" :creation-time (20902 . 23882) :expiration-time 
  (26587 . 18565) :fingerprint 
  "9630CE701E2ADEC3200CE0EEC7B01D35AB0F24B9") #s(epg-sub-key :validity 
  ultimate :capability (encrypt) :secret-p nil :algorithm 1 :length 4096 
  :id "80816AE630EC8D38" :creation-time (20902 . 24081) :expiration-time 
  (26587 . 18565) :fingerprint 
  "56776C422F34E07911E9767980816AE630EC8D38") #s(epg-sub-key :validity 
  ultimate :capability (authentication) :secret-p nil :algorithm 1 
  :length 4096 :id "C58ADA645E749E7B" :creation-time (22845 . 13953) 
  :expiration-time (26587 . 18565) :fingerprint 
  "E052D610BA150904F4274EDEC58ADA645E749E7B") #s(epg-sub-key :validity 
  ultimate :capability (sign) :secret-p nil :algorithm 1 :length 4096 
  :id "F35578BF98805660" :creation-time (22845 . 13910) :expiration-time 
  (26587 . 18565) :fingerprint 
  "72DCBECE755A9FDD14838015F35578BF98805660") #s(epg-sub-key :validity 
  ultimate :capability (encrypt) :secret-p nil :algorithm 1 :length 4096 
  :id "12AFA0F1A51A254B" :creation-time (22845 . 13930) :expiration-time 
  (26587 . 18565) :fingerprint 
  "0FD59ABE3286179ED6103BBF12AFA0F1A51A254B") #s(epg-sub-key :validity 
  expired :capability (authentication) :secret-p nil :algorithm 1 
  :length 4096 :id "70E69D7B90479E6D" :creation-time (21978 . 52225) 
  :expiration-time (22723 . 43905) :fingerprint 
  "419DB01F85B3E1ED1207715270E69D7B90479E6D")) :user-id-list 
  (#s(epg-user-id :validity ultimate :string "Joerg Jaspert 
  <joerg@debian.org>" :signature-list nil) #s(epg-user-id :validity 
  ultimate :string "Joerg Jaspert <joerg@ganneff.de>" :signature-list 
  nil) #s(epg-user-id :validity ultimate :string "Joerg Jaspert 
  <joerg@spi-inc.org>" :signature-list nil) #s(epg-user-id :validity 
  ultimate :string "Joerg Jaspert <joerg@debconf.org>" :signature-list 
  nil))) sign nil)
  mml-secure-find-usable-keys(#s(epg-context :protocol OpenPGP :program 
  "/bin/gpg2" :home-directory nil :armor nil :textmode nil 
  :include-certs nil :cipher-algorithm nil :digest-algorithm nil 
  :compress-algorithm nil :passphrase-callback 
  (epg-passphrase-callback-function) :progress-callback nil 
  :edit-callback nil :signers nil :sig-notations nil :process nil 
  :output-file nil :result nil :operation nil :pinentry-mode nil 
  :error-output "" :error-buffer nil) "<joerg@ganneff.de>" sign)
  #f(compiled-function (name) #<bytecode 
  0x28237f5>)("<joerg@ganneff.de>")
  mapcar(#f(compiled-function (name) #<bytecode 0x28237f5>) 
  ("<joerg@ganneff.de>"))
  mml-secure-select-preferred-keys(#s(epg-context :protocol OpenPGP 
  :program "/bin/gpg2" :home-directory nil :armor nil :textmode nil 
  :include-certs nil :cipher-algorithm nil :digest-algorithm nil 
  :compress-algorithm nil :passphrase-callback 
  (epg-passphrase-callback-function) :progress-callback nil 
  :edit-callback nil :signers nil :sig-notations nil :process nil 
  :output-file nil :result nil :operation nil :pinentry-mode nil 
  :error-output "" :error-buffer nil) ("<joerg@ganneff.de>") sign)
  mml-secure-signers(#s(epg-context :protocol OpenPGP :program 
  "/bin/gpg2" :home-directory nil :armor nil :textmode nil 
  :include-certs nil :cipher-algorithm nil :digest-algorithm nil 
  :compress-algorithm nil :passphrase-callback 
  (epg-passphrase-callback-function) :progress-callback nil 
  :edit-callback nil :signers nil :sig-notations nil :process nil 
  :output-file nil :result nil :operation nil :pinentry-mode nil 
  :error-output "" :error-buffer nil) ("<joerg@ganneff.de>"))
  mml-secure-epg-sign(OpenPGP t)
  mml2015-epg-sign((part (sign . "pgpmime") (tag-location . 405) 
  (contents . #("test, sending signed mail\n-- \nbye, Joerg\n" 25 26 
  (hard t display "⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t 
  display "⏎\n")))))
  mml2015-sign((part (sign . "pgpmime") (tag-location . 405) (contents . 
  #("test, sending signed mail\n-- \nbye, Joerg\n" 25 26 (hard t display 
  "⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t display "⏎\n")))))
  mml-pgpmime-sign-buffer((part (sign . "pgpmime") (tag-location . 405) 
  (contents . #("test, sending signed mail\n-- \nbye, Joerg\n" 25 26 
  (hard t display "⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t 
  display "⏎\n")))))
  mml-generate-mime-1((part (sign . "pgpmime") (tag-location . 405) 
  (contents . #("test, sending signed mail\n-- \nbye, Joerg\n" 25 26 
  (hard t display "⏎\n") 29 30 (hard t display "⏎\n") 40 41 (hard t 
  display "⏎\n")))))
  mml-generate-mime()
  message-encode-message-body()
  message-send-mail(nil)
  message-send-via-mail(nil)
  message-send(nil)
  message-send-and-exit(nil)
  notmuch-mua-send-common(nil t)
  notmuch-mua-send-and-exit(nil)
  funcall-interactively(notmuch-mua-send-and-exit nil)
  call-interactively(notmuch-mua-send-and-exit nil nil)
  command-execute(notmuch-mua-send-and-exit)


In GNU Emacs 26.1 (build 2, x86_64-pc-linux-gnu, GTK+ Version 3.24.5)
 of 2021-01-31, modified by Debian built on x86-csail-01
Windowing system distributor 'The X.Org Foundation', version 
11.0.12004000
System Description:	Debian GNU/Linux 10 (buster)


-- 
bye, Joerg

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

bug#49279: 26.1; mml-secure-secret-key-exists-p wrong assumption on subkeys with same fingerprint

[Lars Ingebrigtsen]

Joerg Jaspert <joerg@ganneff.de> writes:

> Problem: the function mml-secure-secret-key-exists-p breaks. It says it 
> found multiple secret keys with the same fingerprint, and refuses to 
> work.

I vaguely seem to remember there being some work done in this area over
the last year, but I'm not sure whether it was this problem exactly.
Would it be possible for you to build Emacs 28 to see whether the
problem still exists there?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#49279: 26.1; mml-secure-secret-key-exists-p wrong assumption on subkeys with same fingerprint

[Joerg Jaspert]

Am 2021-06-30 14:34, schrieb Lars Ingebrigtsen:
> Joerg Jaspert <joerg@ganneff.de> writes:
> 
>> Problem: the function mml-secure-secret-key-exists-p breaks. It says 
>> it
>> found multiple secret keys with the same fingerprint, and refuses to
>> work.
> 
> I vaguely seem to remember there being some work done in this area over
> the last year, but I'm not sure whether it was this problem exactly.
> Would it be possible for you to build Emacs 28 to see whether the
> problem still exists there?

I do think it does, the code is the same there. Line 678 and following 
in mml-sec.el.
I'm going to test with a recent build either this evening or on weekend, 
will send an update then.

Joerg

bug#49279: 26.1; mml-secure-secret-key-exists-p wrong assumption on subkeys with same fingerprint

[Lars Ingebrigtsen]

Joerg Jaspert <joerg@ganneff.de> writes:

> I do think it does, the code is the same there. Line 678 and following
> in mml-sec.el.
> I'm going to test with a recent build either this evening or on
> weekend, will send an update then.

This was a year ago -- did you make any progress here?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#49279: 26.1; mml-secure-secret-key-exists-p wrong assumption on subkeys with same fingerprint

[Lars Ingebrigtsen]

Lars Ingebrigtsen <larsi@gnus.org> writes:

>> I do think it does, the code is the same there. Line 678 and following
>> in mml-sec.el.
>> I'm going to test with a recent build either this evening or on
>> weekend, will send an update then.
>
> This was a year ago -- did you make any progress here?

This was a month ago, but there was no response, so it seems unlikely
that there will be more progress in this bug report, and I'm therefore
closing it.  If somebody has a test case to replicate the problem (if it
still exists in Emacs 29), please send a message to the bug tracker and
we'll reipen.