Passphrase problem in gpgsm 2.0.14

[Werner Koch]

Hi!

While preparing a new release of Gpg4win we found a regression in GnuPG
2.0.14.  The problem is due to this change:

 * New and changed passphrases are now created with an iteration count
   requiring about 100ms of CPU work.

I don't know how it slipped through my tests, but somehow it happend.
The bug occurs in all cases where gpg-agent creates a new protected key
or changes the protection.  For example:

 - You import a new private key with GPGSM from a PKCSC#12 file.

 - You change the passphrase of a X.509 key (gpgsm --passwd)

 - You create or import a new on-disk Secure Shell key.

It does not affect keys or passphrases related to GPG (OpenPGP keys).

The bug is that the new iteration count is not encoded in the file.
Instead the old constant value of 65536 (encoded as 96) is written to
the file.  If you now try to use the key and enter the passphrase,
gpg-agent uses the wrong iteration count from the file (65536) and thus
can't unprotect the key.

A patch against 2.0.14 is attached.

It is possible to fixup the wrong iteration counts but before I add such
a feature, I would like to know whether this is really needed.

 - If you imported a p12 file you may simply re-import that file after
   deleting the old file.  To find the respective file with the private
   key, you use this command

 gpgsm --dump-cert KEYID | grep keygrip:

   The hex-string you see is the basename of private key.  For example:

 $ gpgsm --dump-cert 0x036A1456 | grep keygrip:
 keygrip: 25268070E915E1E3DCCBD9EBEF18BCEF9B0AB289

 $ ls -l private-keys-v1.d/25268070E915E1E3DCCBD9EBEF18BCEF9B0AB289.key

   You better delete this file before importing the p12 file again:

 $ rm private-keys-v1.d/25268070E915E1E3DCCBD9EBEF18BCEF9B0AB289.key

 - If you changed the passphrase and you have a backup of the private
   key, it will be easier to use the backup.

 - If you did not changed the passphrase, you don't have any problem.

 - If there is no other way to restore it, please complain and I will
   write a tool to fixup the mess.


I am sorry for the possible trouble.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
#! /bin/sh
patch -p0 -f $*  $0
exit $?

agent/
2010-01-26  Werner Koch  w...@g10code.com

	* protect.c (do_encryption): Encode the s2kcount and do not use a
	static value of 96.

--- agent/protect.c	(revision 5231)
+++ agent/protect.c	(working copy)
@@ -360,19 +360,25 @@

  in canoncical format of course.  We use asprintf and %n modifier
  and dummy values as placeholders.  */
-  p = xtryasprintf
-((9:protected%d:%s((4:sha18:%n_8bytes_2:96)%d:%n%*s)%d:%n%*s),
- (int)strlen (modestr), modestr,
- saltpos, 
- blklen, ivpos, blklen, ,
- enclen, encpos, enclen, );
-  if (!p)
-{
-  gpg_error_t tmperr = out_of_core ();
-  xfree (iv);
-  xfree (outbuf);
-  return tmperr;
-}
+  {
+char countbuf[35];
+
+snprintf (countbuf, sizeof countbuf, %lu, get_standard_s2k_count ());
+p = xtryasprintf
+  ((9:protected%d:%s((4:sha18:%n_8bytes_%u:%s)%d:%n%*s)%d:%n%*s),
+   (int)strlen (modestr), modestr,
+   saltpos, 
+   (unsigned int)strlen (countbuf), countbuf,
+   blklen, ivpos, blklen, ,
+   enclen, encpos, enclen, );
+if (!p)
+  {
+gpg_error_t tmperr = out_of_core ();
+xfree (iv);
+xfree (outbuf);
+return tmperr;
+  }
+  }
   *resultlen = strlen (p);
   *result = (unsigned char*)p;
   memcpy (p+saltpos, iv+2*blklen, 8);



pgpgkzVtzfpxh.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

OpenPGP SmartCard v2.0 w/OmniKey 6121

[John Ruff]

Hi,

I've been researching the archives for the past week after receiving
my OpenPGP v2.0 smartcard from Kernelconcepts.  Problem seems to
revolve around signing, but between by two systems OpenSUSE 11.2
(gnupg 2.0.13) and Mac OS X 10.5.8 (MacGPG/gnupg 2.0.14) I have
slightly different results.

First I was only able to create the 3 2048-bit keys on the linux
laptop but would fail to create a 3072/2048/2048 set on the same
system.  On the Mac I couldn't create anything (tried all 1024 and
2048 keys).

With the card now having 2048 keys I could successfully change all my
card options (did this before key generation).  On the linux system I
could encrypt/decrypt but can not perform any signing/verify
operation.  On the Mac I can encrypt, but neither decrypt/sign/verify.
 Errors vary from general signing error to secret key not found
(when trying to decrypt. I was unclear how to actually setup my new
keys on the Mac so I performed an export and export/export-secret-keys
over to the Mac from the linux system.

Please let me know what types of debugs I can provide back for review
or any other test information one would like performed or provided.
Output of '--card-status' below.  Thanks in advance.

$ gpg --card-status
Application ID ...: D2760001240102050374
Version ..: 2.0
Manufacturer .: ZeitControl
Serial number : 0374
Name of cardholder: John Ruff
Language prefs ...: en
Sex ..: male
URL of public key : [not set]
Login data ...: techniq
Signature PIN : forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 18
Signature key : 6530 8DA8 805C 707F 3611  9851 D057 FC41 052A 4FAD
  created : 2010-01-24 02:10:16
Encryption key: 0A2B BBEE 4B0D C392 A4E6  3673 ECCF B9FB 1488 8977
  created : 2010-01-24 02:10:16
Authentication key: 735C 977A DFBA 72B2 CDF0  D5D9 F9E8 742E FC34 E962
  created : 2010-01-24 02:10:16
General key info..: pub  2048R/052A4FAD 2010-01-24 John C. Ruff
(Techniq) jcruff[at]gmail.com
sec  2048R/052A4FAD  created: 2010-01-24  expires: never
  card-no: 0005 0374
ssb  2048R/FC34E962  created: 2010-01-24  expires: never
  card-no: 0005 0374
ssb  2048R/14888977  created: 2010-01-24  expires: never
  card-no: 0005 0374

-- 
Chris Ruff
jcruff[at]gmail.com

No one can see past a choice they don't understand. --Oracle

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

re: Problem encrypting to a hushmail gpg key

[vedaal]

Sean Rima sean () srima wrote on Date:  2010-01-17 17:23:31 :

A friend on the pgpnet mailing list is using a hushmail.com gpg 
key but when I import it, I get

gpg: key C4E23A82: public key -...@hushmail.com 
jefal...@hushmail.com
imported
gpg: Total number processed: 1
gpg:   imported: 1  (RSA: 1)

...

:public sub key packet:
version 4, algo 2, created 1262830846, expires 0
unknown algorithm 2

-

the above listed public subkey packet is the encryption key

i imported it directly from hushmail

(https://www.hushtools.com/hushtools2/index.php

click on 'key management'
then enter the hushmail email address and retrieve the key )

and encrypted to it without any problem.


caveat:

it is not a great idea to use hushmail keys for open pgp encryption 
or authentication

(1) the keys are not updated, and can't be for the same email 
address,
so, for example, i've been with hushmail since it started, and my 
key is a 1024 bit key and signs with SHA-1
(to be fair, i imagine that whenever this becomes a 'real' threat, 
hushmail will allow for modifications/new keys)

(2) the hushmail user probably will not be able to decrypt a gnupg 
encrypted message in hushmail if the encryption algorithm chosen 
isn't currently being used by hushmail, which, depending on how old 
the key is, may not be the encryption algorithm listed on the key,

and if the hushmail user uses gnupg (preferable ;-) ), then he/she 
would be better off generating a new key in gnupg, and just leave 
the hushmail key for hushmail users

(i use my hushmail key only for hushmail/hushtools)


vedaal



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users