support import and skipping problematic keys

rnpgp / rnp

RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird

https://www.rnpgp.org

Other

194 stars 55 forks source link

support import and skipping problematic keys #1145

Closed kaie closed 4 years ago

kaie commented 4 years ago

Users who migrate to RNP might want to import their complete public keyring.

Apparently RNP is more strict about keys, or, might not support some kinds of keys, so it refuses to import them.

The problem is:

When importing a large key block that contains many keys, RNP aborts the import at the first problem.

I'd like to request one of the following mechanisms:

add an option for rnp_import_keys that says "import what you can, ignore what you cannot import" or
add a new API that allows me to split a key block, and retrieve a list of individual key blocks for each of the contained keys. With, I could loop, call rnp_import_keys separately for each of the keys, and know directly which keys are problematic.

ni4 commented 4 years ago

@kaie Today I got to this idea as well, thanks to the data provided by Patrick. At the moment the most logical way seems to be to add flag like IGNORE_BAD_KEYS, and pass data about invalid keys back in results JSON.

kaie commented 4 years ago

yes that would work

kaie commented 4 years ago

I'd like to suggest an additional flag.

A key might fail to import, because it contains a signature that RNP is rejecting.

So another option for import could be: If invalid signature is found on key, try to import the stripped/minimized key.

ni4 commented 4 years ago

@kaie JFYI: While this is not 100% complete yet, since just merged PR #1149 RNP should be much more relaxed in signature consumption, and rnp --dump-packets more informative for easier debugging.

ni4 commented 4 years ago

@kaie As of now there is an additional RNP_LOAD_SAVE_PERMISSIVE flag for rnp_import_keys(), which should skip bad sigs/keys and dump some more detailed debug output.

kaie commented 4 years ago

Thanks. But if we import multiple keys at once, there's no output that says which key is failing. That makes it very difficult to diagnose, because you have no idea to which key an message refers to. I suggest to log the failing key ID to the console. I have a patch.

kaie commented 4 years ago

Because this issue is closed, I've filed new https://github.com/rnpgp/rnp/issues/1162

kaie commented 4 years ago

I'm trying to see the effect of RNP_LOAD_SAVE_PERMISSIVE.

Do you have an example key, which gets imported with RNP_LOAD_SAVE_PERMISSIVE, but which gets rejected without that flag? I couldn't find any.

ni4 commented 4 years ago

@kaie Together with RNP_LOAD_SAVE_PERMISSIVE, I fixed other loading issues, that's probably the reason. However there are manually modified keys with different errors in sig/key data, please see the test_ffi_malformed_keys_import() in ffi.cpp

kaie commented 4 years ago

Thanks @ni4 that is helpful and allowed me to test.