
Automatic download of public keys option not functional / auto-key retrieve not working for signatures where only key ID (and not full fingerprint) is provided (e.g. FlowCrypt signed emails)
Reported by steve | April 29th, 2022 @ 01:14 AM
GPG Suite 3133n
macOS 12.3.1
For some signed emails, the public key is not auto-retrieved
from keys.openpgp.org despite the key being available.
The problem is not reproducible with all keys but was reproducible
for me with message from 0xD698267AEC3DDBCF we received on
2022-04-28.
2022-06-15: Tested the following:
Remove Luke's public key from GPG Keychain, with auto-retireve
enabled select signed email:
Security: Encrypted, Signed (0xE58271326F9F4937)
Public key is automatically reetrieved and upon deselecting and
re-selecting signed email, the signature is verified and user ID
shown instead of key ID.
Remove Luke's public key from GPG Keychain, with auto-retireve
disabled select signed email:
Security: Encrypted, Signed with unknown key
(0x608B00ABE1DAA3501C5FF91AE58271326F9F4937)
Note how the
full fingerprint is shown.
In cases where public key is not automatically retrieved, like in the second scenario, the full fingerprint is not shown but only the key ID, which is not sufficient information for vks hagrid to provide the public key.
Problematic email was created with:
Version: FlowCrypt Email Encryption 8.2.7
- another potential cause for signed mails which only provide key ID instead of fingerprint, can be emails sent with CanaryMail (which uses ObjectivePGP, which may create signature including only key ID not fingerprint) we received at least one example.
- or if the cause is not CanaryMail respectively ObjectivePGP, it could be the key which could have been generated with Mailvelope before 2022-01-31. And yet another cause
- and yet another problem could be MS Exchange, the gift that keeps on giving, it is always hard to tell what the outcome will be when Exchange is at play
Comments and changes to this ticket
-
steve July 28th, 2022 @ 09:29 AM
- Title changed from Automatic download of public keys option not functional / auto-key retrieve not working for signatures where only key ID (and not full fingerprint) is provided to Automatic download of public keys option not functional / auto-key retrieve not working for signatures where only key ID (and not full fingerprint) is provided (e.g. FlowCrypt signed emails)
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป