Closed drzraf closed 4 years ago
tomholub
commented
4 years ago Hello,
how was the key created, in which software?
Please run the key through FlowCrypt Settings -> Additional Settings -> Experimental -> OpenPGP Compatibility Test, and share the output.
drzraf
commented
4 years ago Public key:
(1) Primary keys found: 1
(2) ----- Testing key 0 -----
(3) PK 0 > Is Private? [-] false
[...]
(7) PK 0 > Subkeys: [-] 1
(8) PK 0 > Primary key algo: [-] rsa_encrypt_sign
(9) PK 0 > Primary key verify: [-] valid
(10) PK 0 > Primary key creation? [-] 1529585307 or 2018-06-21T12:48:27.000Z
(11) PK 0 > Primary key expiration? [-] 1628130936 or 2021-08-05T02:35:36.000Z
(12) PK 0 > Encrypt/Decrypt test: Encryption with key was successful
(13) PK 0 > Encrypt/Decrypt test: Got error performing encryption/decryption test: Error: Cannot check encryption status of secret keys in a Public Key
[...]
(16) PK 0 > SK 0 > Algo: [-] rsa_encrypt_sign
(17) PK 0 > SK 0 > Verify: [TypeError: type is undefined]
(18) PK 0 > SK 0 > Subkey tag: [-] 14
(19) PK 0 > SK 0 > Subkey getBitSize: [-] 4096
(20) PK 0 > SK 0 > Subkey decrypted: [-] null
(21) PK 0 > SK 0 > Binding signature length: [-] 1
(22) PK 0 > SK 0 > SIG 0 > Key flags: [-] 12
(23) PK 0 > SK 0 > SIG 0 > Tag: [-] 2
(24) PK 0 > SK 0 > SIG 0 > Version: [-] 4
(25) PK 0 > SK 0 > SIG 0 > Public key algorithm: [-] 1
(26) PK 0 > SK 0 > SIG 0 > Sig creation time: [-] 1565058970 or 2019-08-06T02:36:10.000Z
(27) PK 0 > SK 0 > SIG 0 > Sig expiration time: [-] 1529585307 + 98545663 seconds, which is: 1628130970 or 2021-08-05T02:36:10.000Z
(28) PK 0 > SK 0 > SIG 0 > Verified: [-] true Private key:
(1) Primary keys found: 1
(2) ----- Testing key 0 -----
(3) PK 0 > Is Private? [-] true
[...]
(7) PK 0 > Subkeys: [-] 1
(8) PK 0 > Primary key algo: [-] rsa_encrypt_sign
(9) PK 0 > key decrypt: [-] true
(10) PK 0 > isFullyDecrypted: [-] true
(11) PK 0 > isFullyEncrypted: [-] false
(12) PK 0 > Primary key verify: [-] valid
(13) PK 0 > Primary key creation? [-] 1529585307 or 2018-06-21T12:48:27.000Z
(14) PK 0 > Primary key expiration? [-] 1628130936 or 2021-08-05T02:35:36.000Z
(15) PK 0 > Encrypt/Decrypt test: Encryption with key was successful
(16) PK 0 > Encrypt/Decrypt test: Decryption with key succeeded
(17) PK 0 > Sign/Verify test: [-] Exception: Error: Missing private key parameters
[...]
(20) PK 0 > SK 0 > Algo: [-] rsa_encrypt_sign
(21) PK 0 > SK 0 > Verify: [TypeError: type is undefined]
(22) PK 0 > SK 0 > Subkey tag: [-] 7
(23) PK 0 > SK 0 > Subkey getBitSize: [-] 4096
(24) PK 0 > SK 0 > Subkey decrypted: [-] true
(25) PK 0 > SK 0 > Binding signature length: [-] 1
(26) PK 0 > SK 0 > SIG 0 > Key flags: [-] 12
(27) PK 0 > SK 0 > SIG 0 > Tag: [-] 2
(28) PK 0 > SK 0 > SIG 0 > Version: [-] 4
(29) PK 0 > SK 0 > SIG 0 > Public key algorithm: [-] 1
(30) PK 0 > SK 0 > SIG 0 > Sig creation time: [-] 1565058970 or 2019-08-06T02:36:10.000Z
(31) PK 0 > SK 0 > SIG 0 > Sig expiration time: [-] 1529585307 + 98545663 seconds, which is: 1628130970 or 2021-08-05T02:36:10.000Z
(32) PK 0 > SK 0 > SIG 0 > Verified: [-] true pgpdump of the private key:
New: Secret Key Packet(tag 5)(533 bytes)
Ver 4 - new
Public key creation time - Thu Jun 21 09:48:27 -03 2018
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(4096 bits) - ...
RSA e(17 bits) - ...
Sym alg - Plaintext or unencrypted data(sym 0)
GnuPG gnu-dummy (s2k 1001)
New: User ID Packet(tag 13)(40 bytes)
User ID - ...
New: Signature Packet(tag 2)(619 bytes)
Ver 4 - new
Sig type - Positive certification of a User ID and Public Key packet(0x13).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA512(hash 10)
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to certify other keys
Flag - This key may be used to sign data
Hashed Sub: preferred symmetric algorithms(sub 11)(4 bytes)
Sym alg - AES with 256-bit key(sym 9)
Sym alg - AES with 192-bit key(sym 8)
Sym alg - AES with 128-bit key(sym 7)
Sym alg - Triple-DES(sym 2)
Hashed Sub: preferred hash algorithms(sub 21)(5 bytes)
Hash alg - SHA512(hash 10)
Hash alg - SHA384(hash 9)
Hash alg - SHA256(hash 8)
Hash alg - SHA224(hash 11)
Hash alg - SHA1(hash 2)
Hashed Sub: preferred compression algorithms(sub 22)(3 bytes)
Comp alg - ZLIB <RFC1950>(comp 2)
Comp alg - BZip2(comp 3)
Comp alg - ZIP <RFC1951>(comp 1)
Hashed Sub: features(sub 30)(1 bytes)
Flag - Modification detection (packets 18 and 19)
Hashed Sub: key server preferences(sub 23)(1 bytes)
Flag - No-modify
Hashed Sub: issuer fingerprint(sub 33)(21 bytes)
v4 - Fingerprint - ...
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Mon Aug 5 23:35:36 -03 2019
Hashed Sub: key expiration time(sub 9)(4 bytes)
Time - Wed Aug 4 23:35:36 -03 2021
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - ...
Sub: issuer fingerprint(sub 33)(21 bytes)
v4 - Fingerprint - ...
Hash left 2 bytes - 00 f7
RSA m^d mod n(4094 bits) - ...
-> PKCS-1
New: Secret Subkey Packet(tag 7)(1862 bytes)
Ver 4 - new
Public key creation time - Thu Jun 21 09:48:27 -03 2018
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(4096 bits) - ...
RSA e(17 bits) - ...
Sym alg - AES with 256-bit key(sym 9)
Iterated and salted string-to-key(s2k 3):
Hash alg - SHA256(hash 8)
Salt - ...
Count - ... (coded count 224)
IV - ....
Encrypted RSA d
Encrypted RSA p
Encrypted RSA q
Encrypted RSA u
Encrypted SHA1 hash
New: Signature Packet(tag 2)(595 bytes)
Ver 4 - new
Sig type - Subkey Binding Signature(0x18).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA512(hash 10)
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to encrypt communications
Flag - This key may be used to encrypt storage
Hashed Sub: issuer fingerprint(sub 33)(21 bytes)
v4 - Fingerprint - ...
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Mon Aug 5 23:36:10 -03 2019
Hashed Sub: key expiration time(sub 9)(4 bytes)
Time - Wed Aug 4 23:36:10 -03 2021
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - ...
Sub: issuer fingerprint(sub 33)(21 bytes)
v4 - Fingerprint - ...
Hash left 2 bytes - xx yy
RSA m^d mod n(4095 bits) - ...
-> PKCS-1To export my key from Gnupg keyring I
--armor --export-secret-subkeystomholub
commented
4 years ago Sorry for the lack of activity on this issue. I'll close it until we can have a similar private key to test with. Without it, it's very hard to attempt a fix.
drzraf
commented
4 years ago Is it at least possible to get some insight/documentation about how to export a password-less key from GPG and import it within flowcrypt?
tomholub
commented
4 years ago I'm not sure - you should not need to export it in plain, it's ok to export it pass phrase protected, and then enter that pass phrase into FlowCrypt.
Looking at this again, there are a few interesting parts in your dumps:
(15) PK 0 > Encrypt/Decrypt test: Encryption with key was successful
(16) PK 0 > Encrypt/Decrypt test: Decryption with key succeeded
(17) PK 0 > Sign/Verify test: [-] Exception: Error: Missing private key parameters It was using the subkey for encryption and decryption, but it seems like it wanted to use the primary key for signing. But the primary key is not present because you used --export-secret-subkeys.
This is because your subkey is missing signing key flag:
(22) PK 0 > SK 0 > SIG 0 > Key flags: [-] 12 If I'm reading this correctly, you have 0x04 and 0x08 flags (both for encryption) but not 0x02 (signing). This is standard, typically signing is done by the primary key.
So you have a choice of either exporting the full key:
gpg --output private-key.asc --armor --export-secret-key your@email.comOr modifying your key to include the signing flag on the subkey, too, then exporting the same way as before.
drzraf
commented
4 years ago Insightful. I'll let you know how it goes.
I imported my key. Passphrase is ok. But it fails at the first attempt to send a signed email with
Error encrypting message: Missing private key parameters.