View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000811Main CAcert WebsiteGPG/PGPpublic2010-02-26 01:202012-12-20 08:35
Reporterdeelkar Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Summary0000811: GPG key parsing incorrectly detects multiple e-mail addresses per UID
Descriptionthe following key is rejected by the GPG-Signing mechanism, due to alleged multiple e-mail addresses for one UID.

there is one email-like entry in the comment field of one of the UIDs, which might be confusing the parser.

possible solution: ignore everything in parentheses (), or use only the last e-mail found per UID, or use only addresses in angle brackets. (This assumes standard gnupg output format of UID info).

Additional Informationthe offending key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)

mQGiBEO9aJMRBADjo0rRvveQlh2U/9S8DPqUNCgvNYN4yIDR5+qYXwcwWP7Kay/H
CU2wuRyW7KnD0NZbZJcyQ3ZUD1TIdsB10Oc83Ety759g5cr7A7FtgXzxJb7BK3V5
MMXON2M+e4qMt979b6RghiI/500N2Jn8n+2OptKdsrdnCilh2nC1M0Nc0wCg1Z1r
VyxcsvxAXuzBnlSGzkIBo0MEANl9QfPYla/CdPikMmaXo2bgHw1eHl0j1VUbLgHe
rk9vq80pxvHNpvwcv9H1YHqfu3wJdqx7UuDQATPyEjb4J9U07QUvwd4vVLdRTzfU
vX5NRJeF3YEzY0VTzJ9XLHzDnEHG7hSN7LCeAccEiclJxrROZw1Xasw57z8mcJTs
Sq2oA/9wXLLYSA24pbjJg/VDNTkR+hnLp124YfghDcTqDYEw2vs954C1fCxZLC4C
NsuD+83vBzfwHfWTq4S3sz1DllQnE86FTw6T+xvcwbQ5PfXxnr4d/lXFIlZZuwiL
jwAYJjC2nvb+ikhN8Js8L+PY3XHyzeBlLth7S69t+9CnsJJvmLQ2RGlyay1Mw7xk
ZXIgS3JlaWUgKGNvbW11bmljYXRpb24ga2V5KSA8ZGVlbGthckBnbXguZGU+iGYE
ExECACYCHgECF4ACGQEGCwkIBwMCBBUCCAMEFgIDAQUCSri0rgUJCdY/TQAKCRAV
Rs4N2lFUPHYIAJ9jpw+nKcg5xgV38VNLSbDoeiErTgCgkDb3PxNnYot+KabRxPnn
6dCB7g+0JERpcmstTHVlZGVyIEtyZWllIDxkZWVsa2FyQGFyY29yLmRlPohmBBMR
AgAmAhsjAh4BAheABgsJCAcDAgQVAggDBBYCAwEFAkq4tLMFCQnWP00ACgkQFUbO
DdpRVDz6MgCggPS2Wq1irATAn4rl/yhKREPw+PcAn1K4Dohe9LS2/+8awKauQYgx
nWWutExEaXJrLUx1ZWRlciBLcmVpZSAoZ2lsdCBpbSBQcmluemlwIGbDvHIgKkBk
ZWVsa2FyLm5ldCkgPGRlZWxrYXJAZGVlbGthci5uZXQ+iGYEExECACYCGyMCHgEC
F4AGCwkIBwMCBBUCCAMEFgIDAQUCSri0swUJCdY/TQAKCRAVRs4N2lFUPGSaAJ4v
H05L7HXyAlv36Cd8WShdb85qSgCeM4Dc/2YwDaOlVHug2BlPTqqzRcC0NURpcmst
TMO8ZGVyIEtyZWllIChqYWJiZXIgSUQpIDxkZWVsa2FyQGphYmJlci5jY2MuZGU+
iGYEExECACYCGyMCHgECF4AGCwkIBwMCBBUCCAMEFgIDAQUCSri0swUJCdY/TQAK
CRAVRs4N2lFUPMIJAJ96SKM8M7IyRvOc3FSQvGn4d9mr3gCfRj0NyqFoNpcRp9go
qN2C5s0EUoO0I0RpcmstTMO8ZGVyIEtyZWllIDxkZWVsa2FyQGdteC5uZXQ+iGYE
ExECACYCGyMCHgECF4AGCwkIBwMCBBUCCAMEFgIDAQUCSri0swUJCdY/TQAKCRAV
Rs4N2lFUPIXAAJ0dcRn2sJT8WYwVEdUYfNHx8/WquACgqzpBfXDHqKgZgCRbulGi
/ptfj+60NURpcmstTPxkZXIgS3JlaWUgKGphYmJlciBJRCkgPGRlZWxrYXJAc2No
b2tva2Vrcy5vcmc+iGYEExECACYCGyMCHgECF4AGCwkIBwMCBBUCCAMEFgIDAQUC
Sri0swUJCdY/TQAKCRAVRs4N2lFUPAiyAJsEv1TWIOS9fL5a3HyYOXxh9r7MiQCg
o5vqGJzlUoV1okcZvMOx9H0GosW0O0RpcmstTMO8ZGVyIEtyZWllIChvc20tbGlz
dCBjb250YWN0KSA8b3NtLWxpc3RAZGVlbGthci5uZXQ+iGYEExECACYCGyMCHgEC
F4AGCwkIBwMCBBUCCAMEFgIDAQUCSri0swUJCdY/TQAKCRAVRs4N2lFUPL5qAJoC
WgP7hF/IYxQGrnrm8sPZaoz29QCg0aB1NH5H89WkKXZlDzto/FxeWjm0LURpcmsg
S3JlaWUgKDgtYml0LXNhZmUpIDxkZWVsa2FyQGRlZWxrYXIubmV0PohmBBMRAgAm
AhsjAh4BAheABgsJCAcDAgQVAggDBBYCAwEFAkq4tLMFCQnWP00ACgkQFUbODdpR
VDz+RQCfVQkFF+/BwgUNfwKU9sIYqA7HAGEAoNIXXiVvcaw+vUWJVGKcDDjOKiMI
tENEaXJrLUx1ZWRlciBLcmVpZSAob25seSBlbmNyeXB0ZWQgbWFpbCBhY2NlcHRl
ZCkgPGJhbmtAZGVlbGthci5uZXQ+iGYEExECACYCGyMGCwkIBwMCBBUCCAMEFgID
AQIeAQIXgAUCSri0swUJCdY/TQAKCRAVRs4N2lFUPJHMAJ9TkVFl5Jc+J58GCX5L
xdRFF9obqgCgxV6mQw5O8wBUVrdrT8Gu0gI/tS25AQ0EQ71olRAEAJMMet4wpNIV
UgJhuaLX8hLeyK0Cj2gRosxNK4SgBP5Ml/En/8JWAzUkbN3ey5Lvty9YlQgX2vc0
v8/U75tT9k28MQiH7sliPlobeHP5wMNCvzhw7OzCdsk101YfllBq6W/Z6fOhvoCh
y/CBsnpWHUavjs58Ph6CT7/Ee0wPEw9jAAMGA/4/PjwZNVb4MacCp9cfR1AGCh00
4ZNWOBRCMNXXu9vREr/GPxMxcqHoNjCYa0+KCXakdF9IVDZ6BGW28khjVlUEnDQs
1zcSkQ2kcznaPQR8MfoDk869JJE1lmb892TMkGseJ9gM8t3dvwwckEQWeCWWxTA0
aIC9Obihh2+Q1BZfgIhsBCgRAgAsBQJH8T2fJR0DZGVwcmVjYXRlZCBpbiBmYXZv
ciBvZiA0MDk2IGJpdCBrZXkACgkQFUbODdpRVDxacACghEX8nK+Fo+LoS5wJ5E9m
zZiBTDQAoK1JDmqAPClf0BtXXPxSYAbRQq6EiEsEGBECAAwFAkfw5foFCQf15GUA
CgkQFUbODdpRVDxcugCY3C3MnaEK7XZ48Va3vjLUTG2UlACfWz5rjz6Sv70pQ24R
+aOld3npQAyITAQYEQIADAUCR/EogwUJBhTzbgAKCRAVRs4N2lFUPBVkAJ9+zh2c
acVKI7O6ZIC2UW2VIeu5twCdFq/usdJgFp4pQ2ztPbzUJRQAZSK5BA0ER/EnwxAQ
AMYDS9hjorDPpTEBOWuSg/zu5BFsewJWYSKG52FKqtGOYa8zQznnBqVwLepYU56W
cfl1Z0pTVkRlcJDZAb0COW9gbrdvpUHdrsgdlSLq1pOE3VizJFsfFaHZCGysSOuM
DMryNBW6FsnlA8y9fmcMmk/ivvZ5gBYSmqdOvR7r4s7On5jlep9gkDMpohqPM+tV
vSOe6tNqSVAylbIGC6EQGfPeNADZgSBkwn4NgG9T74AsrCPDPvFpaIb4+AILolzw
zHujgmVUT9I0v23INV8poFDNlBsf2yBw2SSxfBchsphg1kb6ijwfNf8JGaBQQgDW
LNM4itgzOYIlXsR1VPaWT99g3omQnalKuDo5/YGnMMJgixdylwX28Frf5Xw8/ipY
VvlQ8otYDw7QG2Bv2qsP6Gs7Kg7N2rHF/s/5i+eG2VKepNSOnxhWSsLmQY6PdkP/
J5/yzlENtzw+Xd1ti64NdXZsA0TcRB8cTjS6K0PcrRSf023CzqKmApWynh+N2Xfo
TIR/e1dQeXCcx3Kcgxfu4nVzMTPYsr6PKTQI3LBR5idOM8dBI/Nad2jXFSBCZ89w
ACbrsv3q/fRpV9gft49N2jC/yBjnhTREZWaeJ657o6kYaJjBml6o23Nf4E5YbylF
DRDQPcLaG+Tfs1rXXAuXWgnnjLZgj+w9ewYsR9XYDEYrAAMFD/9Ax+Y7vLr0C9wy
GlWLaU/T840NK3+eyLf8dMptb1/GldWKgRqB4kj8sPSgIzKKg6T01AAM11N4q3d7
WL252ZhSSist/7LLCCPrT29jPETkK9y7QADVTDF123Y37CpgL4r2nC3IxhCvQkdY
yk1eojdL62hDQ1thypkzlqegk0Q4Pb/TL+E/rVczpxz/z8RXRUx3eE58d1pSaS1X
XzjookmkXWSRQeOC6SW67/Cl2/ARgQWtbfwfd2NjPCQC2nMS/ecS0h8/FoQOlRFZ
j1+ietADeI0d7GyMXm2cjmOa6f1AmwXFxer/ggbn+ZcoctubfR6GDaTzg3GjrHrp
Lt64klbg3p0WWXH0DTiCYj3u34cxyEe5mgeMsMw3MRo+gp+CCean+HSg+uSTdpme
nJP3kQs17wRVbxaJKVClBUnrde+baVXrCjCoNczx5p76Hc+aHGTZ6VPYeARdtbsA
W7Cu3xdG3Gvt2FK3WGl5f+nOHC9ngq6bHV6qSgaK01yLxvV01w06MiKI8hCLGE0I
4/HG6d1FPB0AfauFEwcAjSpAVJWiJvQsyidnmFi4ywG/GDDbMH8Axdjz13gyrHax
5pxRG8ClqlSv2qfkvq2Zybe3UDAIAwDT43VfmDvoEQlf+52rteDYHAHfcYpqhWKD
TvR/2W9EX50T31/Ug6wZHcg7Nw6+C4hPBBgRAgAPBQJH8SfDAhsMBQkDwmcAAAoJ
EBVGzg3aUVQ8Qz0AniYDLnDqcvrZ9gDUu+DcKwSPorjFAJ9ui5R22ERI+8trLVyt
x5P7p4W0Fw==
=xAIs
-----END PGP PUBLIC KEY BLOCK-----
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0000089 needs workSourcerer GPG Revokation Escrow Service 
related to 0001079 needs work GPG key can not be revoked 

Activities

Sourcerer

2010-02-26 10:42

administrator   ~0001561

This is intentional behaviour on the CAcert side, since some email clients take email addresses from the () comment and use them to contact people.

deelkar

2010-02-26 11:24

reporter   ~0001562

Wouldn't it then make more sense to just ignore that UID instead of rejecting the entire key, like it is (was) done with other UIDs the bot cannot verify?

Sourcerer

2010-07-27 16:05

administrator   ~0001603

Yes, that would be preferable, Patches are welcome.

Issue History

Date Modified Username Field Change
2010-02-26 01:20 deelkar New Issue
2010-02-26 10:42 Sourcerer Note Added: 0001561
2010-02-26 11:24 deelkar Note Added: 0001562
2010-07-27 16:05 Sourcerer Note Added: 0001603
2012-12-20 07:59 Werner Dworak Relationship added related to 0000089
2012-12-20 08:35 Werner Dworak Relationship added related to 0001079