Ubuntu
kdeutils package

kgpg generates signing only key

Bug #595055 reported by Rafal-maj-it
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
KDE Utilities
Fix Released
Medium
kdeutils (Ubuntu)
Fix Released
Medium
Unassigned
Lucid
Won't Fix
Medium
Unassigned

Bug Description

##SRU Info added by Jonathan Thomas##
Impact: When a user creates a DSA key, the corresponding ElGamal signing key is not created, leaving the user unable to encrypt files
Addressed by: KGpg has released a patch that fixes the arguments passed to GnuPG for key generation
Patch: http://websvn.kde.org/branches/KDE/4.4/kdeutils/kgpg/transactions/kgpggeneratekey.cpp?r1=1155016&r2=1155015&pathrev=1155016
Testcase:
1) Run KGpg
2) Ctrl+N
3) Follow key pair creation process. (DSA+ElGamal)
4) Dolphin
5) Select a file to encrypt
6) Choose a key you have created, you will not be able to sign it.
Regression potential: Very small, as it is just correcting the command line arguments passed to GnuPG
##################################

kgpg - generate keypair, creates a key that works only for signing, not for encryption.

ii kgpg 4:4.4.4-0ubuntu1~lucid1~ppa1

The createk key looks like this:

gpg --edit-key 9C2526CCDE53F875
pub 2048D/DE53F875 created: 2010-06-16 expires: 2012-06-15 usage: SCA
                     trust: ultimate validity: ultimate
[ultimate] (1). XXX XXX <email address hidden>

and it is not possible to use it to encrypt to it, the key seems to miss a sub-key.

So instead user needs to for example generate the key from CLI, like on https://help.ubuntu.com/community/GnuPrivacyGuardHowto
and then key seems to have the sub-key as needed:

pub 2048R/F108C3FB created: 2010-06-16 expires: 2012-06-15 usage: SC
                     trust: unknown validity: unknown
sub 2048R/7A152921 created: 2010-06-16 expires: 2012-06-15 usage: E
[ unknown] (1). XXXX <XXX@XXX>

See original description
Revision history for this message
Rafal-maj-it (rafal-maj-it) wrote :

Actually, the above keys where generate on [Lucid], on kgpg 4:4.4.2-0ubuntu1

and identical problem occures on version from Lucid-proposed kgpg 4:4.4.4-0ubuntu1~lucid1~ppa1

Revision history for this message
C de-Avillez (hggdh2) wrote :

Adjusted title, setting Importance to Medium; cannot verify, though (do not run KDE).

summary: - [lucid][lucid-proposed] kgpg generates invalid openpgp key - signing
- only key
+ kgpg generates signing only key
Changed in kdeutils (Ubuntu):
importance: Undecided → Medium
Bug Watch Updater (bug-watch-updater)
Changed in kdeutils:
status: Unknown → Fix Released
Revision history for this message
Jonathan Thomas (echidnaman) wrote :

Fixed in KDE 4.5 in maverick. Nominating for a lucid SRU.

Changed in kdeutils (Ubuntu):
status: New → Fix Released
Changed in kdeutils (Ubuntu Lucid):
status: New → Triaged
importance: Undecided → Medium
Jonathan Thomas (echidnaman)
description: updated
description: updated
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Accepted kdeutils into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in kdeutils (Ubuntu Lucid):
status: Triaged → Fix Committed
tags: added: verification-needed
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

Could anyone test the package in lmucid-proposed and report feedback here ?
Thanks in advance.

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

Verification for Lucid
I'm unable to generate a DSa+ElGamal Key with version 4:4.4.2-0ubuntu1.1 in lucid-proposed. The notification stay there forever and the key is not generated. RSA generation works fine. There is enough entropy and I'm able to generate a DSA/ElGamal key with gpg at the same time.

I'm able to generate a key (incomplete) with the version 4:4.4.2-0ubuntu1 in lucid.

Marking as verification-failed and regression-proposed

Changed in kdeutils (Ubuntu Lucid):
status: Fix Committed → In Progress
tags: added: verification-failed
removed: verification-needed
tags: added: regression-proposed
Bug Watch Updater (bug-watch-updater)
Changed in kdeutils:
importance: Unknown → Medium
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in kdeutils (Ubuntu Lucid):
status: In Progress → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.