#768 new
steve

Automatic download of public keys option not functional / auto-key retrieve not working for signatures where only key ID (and not full fingerprint) is provided (e.g. FlowCrypt signed emails)

Reported by steve | April 29th, 2022 @ 01:14 AM

GPG Suite 3133n
macOS 12.3.1

For some signed emails, the public key is not auto-retrieved from keys.openpgp.org despite the key being available.
The problem is not reproducible with all keys but was reproducible for me with message from 0xD698267AEC3DDBCF we received on 2022-04-28.

2022-06-15: Tested the following:

Remove Luke's public key from GPG Keychain, with auto-retireve enabled select signed email:
Security: Encrypted, Signed (0xE58271326F9F4937) Public key is automatically reetrieved and upon deselecting and re-selecting signed email, the signature is verified and user ID shown instead of key ID.

Remove Luke's public key from GPG Keychain, with auto-retireve disabled select signed email:
Security: Encrypted, Signed with unknown key (0x608B00ABE1DAA3501C5FF91AE58271326F9F4937) Note how the full fingerprint is shown.

In cases where public key is not automatically retrieved, like in the second scenario, the full fingerprint is not shown but only the key ID, which is not sufficient information for vks hagrid to provide the public key.

Problematic email was created with:
Version: FlowCrypt Email Encryption 8.2.7

  • another potential cause for signed mails which only provide key ID instead of fingerprint, can be emails sent with CanaryMail (which uses ObjectivePGP, which may create signature including only key ID not fingerprint) we received at least one example.
  • or if the cause is not CanaryMail respectively ObjectivePGP, it could be the key which could have been generated with Mailvelope before 2022-01-31. And yet another cause
  • and yet another problem could be MS Exchange, the gift that keeps on giving, it is always hard to tell what the outcome will be when Exchange is at play

Comments and changes to this ticket

  • steve

    steve July 28th, 2022 @ 09:29 AM

    • Title changed from “Automatic download of public keys option not functional / auto-key retrieve not working for signatures where only key ID (and not full fingerprint) is provided” to “Automatic download of public keys option not functional / auto-key retrieve not working for signatures where only key ID (and not full fingerprint) is provided (e.g. FlowCrypt signed emails)”

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Shared Ticket Bins

People watching this ticket

Pages