search

hpk42 / muacrypt

Autocrypt and more for Mail User Agents
Other
36 stars 15 forks source link

Can't use existing key from OpenPGP card #73

Closed shtrom closed 1 month ago

shtrom commented 6 years ago

I have a master key offline, and encryption/signing keys on implementation of the OpenPGP card standard. The subkeys are used through GPG-agent.

Trying to use this set of keys with muacrypt fails:

$ muacrypt add-account Account --use-key <master-keygrip> --use-system-keyring
Traceback (most recent call last):
  File "/home/shtrom/.local/bin/muacrypt", line 11, in <module>
    sys.exit(autocrypt_main())
  File "/usr/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/shtrom/src/muacrypt/muacrypt/cmdline_utils.py", line 39, in invoke
    return super(MyCommand, self).invoke(ctx)
  File "/usr/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/home/shtrom/src/muacrypt/muacrypt/cmdline.py", line 116, in add_account
    email_regex=email_regex
  File "/home/shtrom/src/muacrypt/muacrypt/account.py", line 118, in add_account
    gpgbin=gpgbin, gpgmode=gpgmode)
  File "/home/shtrom/src/muacrypt/muacrypt/account.py", line 254, in create
    keydata = self.bingpg.get_secret_keydata(keyhandle)
  File "/home/shtrom/src/muacrypt/muacrypt/bingpg.py", line 318, in get_secret_keydata
    return self._gpg_out(args, strict=True, encoding=None)
  File "/home/shtrom/src/muacrypt/muacrypt/bingpg.py", line 150, in _gpg_out
    return self._gpg_outerr(argv, input=input, strict=strict, encoding=encoding)[0]
  File "/home/shtrom/src/muacrypt/muacrypt/bingpg.py", line 192, in _gpg_outerr
    out=out, err=err)

This is due to it trying to export the private key when creating the account.

https://github.com/hpk42/muacrypt/blob/43e69c70cfeec235c7b0e46d070de40d464b3aa9/muacrypt/account.py#L254-L257

I'm not sure I understand why this is necessary (yet), and am hoping we can replace having the keydata with relying on the agent.

hpk42 commented 6 years ago

maybe we need to change this and allow configurations where we don't have the secret key ourselves. originally we wanted to have an "autocrypt only keystore" but i guess the ability to use gpg in more advanced ways (like yours) makes sense. autocrypt keys typically have no passphrase as we consider at-rest encryption a filesystem issue, not an application issue.

The quoted code is currently not used so that would be easy to remove/modify. But there are other code parts that assume that no passphrase is used and that probably doesn't fit your usecase. Or are you using a passphrase even?

shtrom commented 6 years ago

On Mon 21 May 2018 at 08:34:47 -0700, holger krekel wrote:

The quoted code is currently not used so that would be easy to remove/modify. But there are other code parts that assume that no passphrase is used and that probably doesn't fit your usecase. Or are you using a passphrase even?

C'mon (:

Yes, I do. But the agent handles it for you.

I'll have a look at how I can make that work.

-- Olivier Mehani shtrom@ssji.net PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655 Confidentiality cannot be guaranteed on emails sent or received unencrypted.

hpk42 commented 6 years ago

On Mon, May 21, 2018 at 15:23 -0700, Olivier Mehani wrote:

On Mon 21 May 2018 at 08:34:47 -0700, holger krekel wrote:

The quoted code is currently not used so that would be easy to remove/modify. But there are other code parts that assume that no passphrase is used and that probably doesn't fit your usecase. Or are you using a passphrase even?

C'mon (:

Yes, I do. But the agent handles it for you.

I'll have a look at how I can make that work.

With autocrypt level 1 there is a discussion around passphrases: https://autocrypt.org/level1.html#secret-key-protection-at-rest the current muacrypt default and tested way is to do everything without passphrases.

that being said i am not against trying to allow with-passphrase work flows.

note however that process-incoming and process-outgoing may be called without a user present to type in passphrases.

holger

shtrom commented 5 years ago

note however that process-incoming and process-outgoing may be called without a user present to type in passphrases.

In which context? I can imagine process-incoming being called periodically (but then, does it need to decrypt the content, or just to process the cleartext headers?), but not sure about when this would happen for process-outgoing, as I'd expect it to always be called wen the user requests an email to be sent.