#128 ✓wontfix
Askre

Import key error code = 0

Reported by Askre | February 3rd, 2012 @ 03:56 PM | in 1.2 (closed)

I'm not able to import keys in the GPG Keychain.
I'm using GPG Tools 2011.12.24 on Mac OS X 10.7.2
I would like to use a previous key I already own, but every time i import it (exported from the default keychain as a .p12 or.cer file) an error message is reported:
Key import failed. Import failed! Code = 0 I am still able to create new keys, export them as ASCII or binary and import again.
It's not possible to import public keys as .cer .pem .p7b formats.
When i open the key file with the service Import in OpenPGP i obtain the message:"No importable keys found"

Comments and changes to this ticket

  • Alex (via GPGTools)

    Alex (via GPGTools) February 4th, 2012 @ 11:12 AM

    • State changed from “new” to “open”
    • Assigned user set to “Mento”
  • Mento

    Mento February 9th, 2012 @ 02:03 PM

    • State changed from “open” to “waiting”

    Can you import the key using the Terminal?

    gpg2 --import "NameOfTheKeyFile.p7b"
  • Askre

    Askre February 15th, 2012 @ 10:17 AM

    Sorry for the delay, i did not find the ticket anymore..
    Ok, then:
    I am not able to open it via the terminal. This is perhaps be due to the fact i am not able to use it well.
    I have my key "publickey.cer" on the desktop, I typed
    cd desktop
    gpg2 --import "publickey.cer"
    But i end up with something that reads like: No valid PGP data found. Total number examined: 0
    Now i'll be reading the ticket again in less time.

  • Luke Le

    Luke Le February 15th, 2012 @ 10:39 AM

    Hi Askre,

    could you please attach the publickey.cer file so we can have a look at it?

  • Askre

    Askre February 15th, 2012 @ 11:56 AM

    Of course. Please note that i have the same problem with every key, saved in every format the Mac Os keychain allows me to use, unless that ones created in the GPG keychain, exported and imported again.
    So this is a public-only key, but i encounter problems even importing my own key.

    BTW, can you explain me how GPG keychain manages the certification authorities?
    In the Mac Os keychain they are stored in System Root, and the user can trust/revoke CA certificates.
    I don't see anything similar in GPG keychain

  • Askre

    Askre February 15th, 2012 @ 11:56 AM

    • no changes were found...
  • Askre

    Askre February 15th, 2012 @ 11:56 AM

    • no changes were found...
  • Luke Le

    Luke Le February 15th, 2012 @ 12:01 PM

    Hi Askre,

    the certificate you attached seems to be a SSL or S/MIME certificate.
    You can't really use that certificate together with GPG Keychain Access
    since GPG and SSL|S/MIME certificates are a different thing.

    Is that what you were trying to do?

    P.S.: Sei italiano?

  • Askre

    Askre February 16th, 2012 @ 03:47 PM

    OK, thank you for the clarification.
    Not-so-useful-to-know reason i was wrong:
    I thought that GPG might work with both of them. This was since i am relatively new to Mac Os X built-in Mail.app. I knew that it is possible to get it to work with S/Mime encryption but i could not find how to enable it.
    This is because the padlock button is hidden until you import a certificate (and i had to import it yet). I thought the way to enable it was to install the GPG mail plugin. (The user inferfaces are the same)

    Now i solved my problem, thanks again.
    Another thing: after i deleted a key i created in GPG keychain it was possible to undo the operation.
    This means that the key is not actually deleted from the disk: and this is dangerous, let's say, when i sell my PC.
    You should implement a safe key deletion by overwriting the data several times to avoid this,

    PS: yes, i'm italian, but let other people understand too :)

  • Luke Le

    Luke Le February 16th, 2012 @ 03:52 PM

    Hi Askre,

    yeah, we've had to completely rewrite GPGMail for Lion and in that process it was
    the best way from a user perspective to mimic the S/MIME UI. It's very unintrusive and we've added missing parts.

    As to the undoing of deleting keys. The keys are kept in cache, so once you quit the application you should no longer be able to undo the action.
    This way, if you don't sell your PC with GPG Keychain Access running you should be fine.

    There's a way to use S/MIME certificates with GPG but it exceeds the goal of our project,
    and seeing that we're a very small and team with very limited time I don't think we're gonna
    be able to add support for that any time soon.

    P.S.: me too :)

  • steve

    steve February 16th, 2012 @ 09:41 PM

    Is this solved? Please update the ticket status accordingly.

  • Luke Le

    Luke Le February 16th, 2012 @ 10:44 PM

    Not solved yet completely, not ticket status change.

  • Askre

    Askre February 16th, 2012 @ 11:47 PM

    Feel free to consider me to be paranoid, but things are not so simple.
    In fact, deletion of a file usually involves only the deletion from the file system. The actual data are still in the disk, and someone can just use a data recovery tool to get back MY private key and even represent me.
    Data remanence can be mitigated overwriting the disk sector many times. You can do this when you empty the trash in the secure way.
    The simplest way to obtain this is with the command line srm or shred.
    Another way (but i would bet not all users are aware of this) would be to use the disk utility to do exactly the same to all the empty space on the disk. But it's a long and tedious process.
    My two cents..

  • Luke Le

    Luke Le February 17th, 2012 @ 09:22 AM

    I completely understand your concerns regarding security here, what I wanted to point out though, is, that the file is not actually kept on disk for undoing but rather the key data kept in memory which is safer than an actual file even though surely not bulletproof.

    Before you sell your PC you should definitely overwrite your hard disk with zeros for > 15 times to rest assured files can't be recovered.
    But let's pretend the gpg keyfile (all private keys are stored in one file, all public keys in another) is indeed recovered, you would not be completely lost, due to the fact the keyfile itself is encrypted and can't only be decrypted using your passphrase.
    So considering you chose a safe enough passphrase, a cracker would still need a depending on the passphrase sizable amount of time to get access to your keys.

    Another point is also, since all keys are stored in the same file, the key file is not deleted but rather edited and this is all done by the gnupg binary itself.
    GPG Keychain Access is a mere UI for gnupg key management in that sense.

  • Mento

    Mento February 17th, 2012 @ 11:41 AM

    • State changed from “waiting” to “wontfix”
  • steve

    steve June 18th, 2015 @ 01:15 PM

    • Milestone set to 1.2
    • Importance cleared.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Shared Ticket Bins

People watching this ticket

Attachments

Pages