search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
899 stars 37 forks source link

Can't Decrypt or Verify Signature for PGP via Web UI #2944

Open mletterle opened 7 years ago

mletterle commented 7 years ago

Web UI returns "Keybase doesn't have the public key that signed this message."

However gpg and keybase pgp decrypt and keybase pgp verify command line both work fine.

Example signed message:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

This is a test -----BEGIN PGP SIGNATURE----- Version: Keybase OpenPGP v2.0.68 Comment: https://keybase.io/crypto

wkYEABEKAAYFAljm4Q4ACgkQSq9VV7c/IZOhAwCgm3KAzr8Iwn9gaaUc3m+hWrIn PdYAoOnyRHBwK/CoVyTWR0t7UD10Kzep =jdRS -----END PGP SIGNATURE-----

zapu commented 7 years ago

Thanks, it looks like a bug on our end. I'm looking into it.

kklash commented 5 years ago

@zapu Has this bug been squashed yet? I can replicate this issue. Example:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

hi this is konnor
-----BEGIN PGP SIGNATURE-----

iQFOBAEBCgA4FiEEs/9iIT9WwzMz8qFMM3WQKUKok2kFAlwpCGQaHGttYW4ua2xh
c2hpbnNreUBnbWFpbC5jb20ACgkQM3WQKUKok2k0qwf/f5hI0oAeYNZswn0GJsy5
oxNELscWHNwdCAdDVJaw58ZIFNM6naugCMFm9IN7PswHpxUmmLo+rnocATPFSrm4
k1cybA7Yhdr51jHZ3dXxU8EWyINUjYhohsoekLbvuSEQdshzVKAkn8hxdOS3SJNw
csrCYRIwNV+44IgPUJGDeSaASO39TaOHxFYRyDTvSWVOxtkMacxeHVfBl4RqIXrE
D+FxIom1hvgiY90U0fhmM6DOn3nqNOQw6c2d8ijQnnKgPUlgJAD2q4AnU75Qq8Gx
RO4HLJ45EAfO7+QmwTu3GGdtTSPpIOZpqWhH8mceuJIyeWhlkTS6bf+rO/1QYTj6
hA==
=9XeY
-----END PGP SIGNATURE-----

Web interface also fails to verify with same message as OP. Interestingly, if i do a regular ASCII sig instead of clear-sign, (gpg -s instead of --clear-sign) i get this message: screenshot_2018-12-30_10-11-16

Despite that being the exact PGP key fingerprint of my profile screenshot_2018-12-30_10-12-38

zapu commented 5 years ago

has anything changed on your end?

this is how it looks here:

image

would you mind looking into your network activity in browser's developer tools to see if there's nothing weird? our javascript will try to make a request to fetch.json to look for PGP key.

kklash commented 5 years ago

Working for me now! <3

timnolte commented 4 years ago

I was able to decrypt messages using the Linux command line but neither the web or Linux GUI app can decrypt the messages.

maxtaco commented 4 years ago

@timnolte we need some more details if we're going to help debug the issue

timnolte commented 4 years ago

@maxtaco what additional details would you like that would be helpful. The scenario was that I provided my public key for use in sending me secure email messages. When I received the PGP encrypted message I was unable to decrypt the message via the web, receiving the same error message originally reported ("Keybase doesn't have the public key that signed this message") on this issue. I received the same message when using the Keybase Linux GUI. However, I was able to successfully decrypt the message by putting the encrypted message in a text file and using the CLI on Linux. On the web I'm using Google Chrome 80, or Chrome OS 80.