importing secret key impossible after importing profile
Categories
(MailNews Core :: Security: OpenPGP, defect, P1)
Tracking
(Not tracked)
People
(Reporter: NicolasWeb, Unassigned)
References
(Depends on 1 open bug)
Details
Attachments
(2 files)
Import Key - TB key Mgr.jpeg
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:105.0) Gecko/20100101 Firefox/105.0
Steps to reproduce:
1. Open PGP Key manager
2. Menu : Save your secret key to a file
3. Start Thunderbird with a new profile from scratch
4. Try to add a personal Key
5. Close the account settings tab and reopen it to the e2ee panel
6. Keep or delete the personal key configured but not found
7. Try to import a secret key using the OpenPGP Key manager
Actual results:
No key is imported. Unable to import my secret/private from my account.
Step 4 lead to a never ending throbber (with no error message at all), before asking for the passphrase.
Step 5 the UI says the personal key is configured but not found. No key shown in the OpenPGP key manager.
Step 7 lead to an error message
[Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISecretDecoderRing‧decryptString]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://openpgp/content/modules/masterpass‧jsm :: _readPasswordFromFile :: line 229" data: no]
Expected results:
Importing a personal key though directly the Personal key button, or the OpenPGP Key Manager should work.
Tested on macOS 10.13
TB 104b3
|
Reporter | |
Comment 1•2 years ago
|
||
|
||
Comment 2•2 years ago
|
||
Are you saying there's a problem at step #4?
It seems to work for me, though I notice for the import-from-file case "None" is selected after configuration, and you then have to select the key to use.
|
|
Reporter | |
Comment 3•2 years ago
|
||
Yes, I have an issue at steps 4 and 7 (you can even do 1 -> 2 -> 3 -> 7).
I tried the same on Windows 11 Tb104b6, and have the exact same issue.
I made a screen capture to show you what happened. (I'll delete it as soon as you watched it ; maybe wait for 22 sec to get the mouse moving, maybe...)
https://nuage.liiib.re/s/DNLkeaBmDKjt5Ld
Let me know how I can help going forward, please.
(Thanks for triaging :) )
|
|
||
Comment 4•2 years ago
|
||
I'm testing on Daily, so perhaps there's a chance beta is missing some patch, though I don't recall anything.
Are you using a primary password?
Does the behavior change if you have the other instance of thunderbird closed when importing?
|
|
Reporter | |
Comment 5•2 years ago
|
||
I tried on Daily and have the exact same issue.
Yes, I'm using a primary password. If I disable it, I still have the same issue.
I just kept opened both instances of Thunderbird for the screen capture. The behavior is the same if they run side by side or one after each.
|
|
Reporter | |
Comment 6•2 years ago
|
||
Okay, I forgot a step in my STR : import profile from another Thunderbird installation.
If I don't import my profile, importing the key works fine on Daily.
The updated Steps to reproduce are:
- Open PGP Key manager
- Menu : Save your secret key to a file
3.1 Start Thunderbird with a new profile from scratch
3.2 Import your profile from another Thunderbird installation. - Try to add a personal Key
- Close the account settings tab and reopen it to the e2ee panel
- Keep or delete the personal key configured but not found
- Try to import a secret key using the OpenPGP Key manager
|
|
Reporter | |
Updated•2 years ago
|
|
||
Comment 8•2 years ago
|
||
If the Thunderbird profile import feature corrupts profiles, in a way that breaks usual management functionality, then I'd consider the profile import feature broken, and it should be either disabled, or changed to fully stay away from all NSS files and OpenPGP files.
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
||
Comment 9•2 years ago
|
||
So after using profile import, ANY private key import via the OpenPGP Key Manager is permanently broken?
@Thomas can you confirm?
|
|
||
Comment 10•2 years ago
|
||
Hi Andrei, I think it isn't necessary to get help from Thomas here. We know the feature is broken, we get multiple reports about it. I think it's now a developer task to analyze which scenarios break, which scenarios we need to disable, and how to repair it. I will start looking into it.
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
|
||
Comment 11•2 years ago
|
||
(In reply to Andrei Hajdukewycz [:sancus] from comment #9)
So after using profile import, ANY private key import via the OpenPGP Key Manager is permanently broken?
If the user runs into a problem, yes, the problem is permanent. And the breakage isn't limited to key import. The breakage includes OpenPGP key usage, also key generation. It even breaks checking email for an account that doesn't have a saved password yet. (Because we run through a code path that fails to execute, because of the corruption).
I can reproduce the bug in the following scenario:
- user already has an OpenPGP key imported
- user does NOT have any saved passwords (logins.json is absent)
In this scenario, file encrypted-openpgp-passphrase.txt is present in the target profile. Target profile file key4.db gets overwritten with file key4.db from the source profile, with the consequence that encrypted-openpgp-passphrase.txt in the target directory can no longer be decrypted.
I don't know if there is way for this this bug to happen for users who already have saved logins, too.
|
|
||
Comment 12•2 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #11)
I can reproduce the bug in the following scenario:
- user already has an OpenPGP key imported
I found it isn't limited to this scenario.
It happens to everyone who:
- starts thunderbird at least once
- has not saved a password yet
- quits and restarts thunderbird at least once
- then imports another profile
In this scenario, the user already has a file encrypted-openpgp-passphrase.txt with an automatic passphrase, which no longer matches key4.db
This is sufficient for the following failures with OpenPGP.
|
|
||
Comment 13•2 years ago
|
||
NicolasWeb (original reporter):
You said you were using Thunderbird 104 on the day (August 16) you reported the bug.
According to the release calendar, it looks like you were using the beta channel.
Do you still have the Thunderbird profile that you were using at the time you reported this bug?
If yes, could you please try the latest beta with that profile again?
Thunderbird should automatically repair your profile, and secret key import should work again.
|
|
||
Comment 14•2 years ago
|
||
I would like to mark this as a duplicate of bug 1790610, which should have fixed the issue.
Nicolas, please let us know if my assumption is incorrect. If it isn't, then we'd need to reopen this bug.
|
|
Reporter | |
Comment 15•2 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #13)
Do you still have the Thunderbird profile that you were using at the time you reported this bug?
If yes, could you please try the latest beta with that profile again?
Thunderbird should automatically repair your profile, and secret key import should work again.
Yes, I still have this profile, and yes, with it get fixed and I'm able to import successfully again my private secret key (using both GPG Key manager or 'add a personal key' button) :)))
I even checked, I still have my saved passwords ;)
Thanks !!
Description
•