When encrypting with a gpg key that has multiple encryption subkeys ONLY
the newest encryption subkey is used when encrypting.
This leads to potential problems in pass when using such a key.
Consider this scenario:
Let's say we are using a key K with encryption subkey A.
We set up two password stores(S1 and S2) plus a git repository(G) with this
key.
All fine so far.
Let's say now that S1 adds a encryption subkey(B) to K.
S2 is still unchanged.
S1 then adds a new password P, and pushes this to G, which S2 then pulls.
When S2 tries to read password P it will get an error message from gpg:
"gpg: decryption failed: No secret key".
Even more dangerous: if S1 after adding the key does a "pass init" with K,
S2 will not be able to read a single password, if it pulls this change.
Patch 1,2,3 is just some tests exposing the problem.
The actual fix is in patch 4.
From a67c60d0913f5f565a57542d9b5732470f415579 Mon Sep 17 00:00:00 2001
From: Carl Michael Skog <cm@äger.com>
Date: Thu, 3 Oct 2019 14:48:55 +0200
Subject: [PATCH 1/4] Add an init test with a key with multiple subkeys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Using pass with a primary key with multiple subkeys fails the subkey
enumeration check, since gpg when encrypting with such a key only uses
the most recently added encryption subkey, not all encryption subkeys.
Signed-off-by: Carl Michael Skog <cm@äger.com>
---
...EFA1387A43F03768F13E6B25D345AD342F5386.key | Bin 0 -> 978 bytes
...3D633B6519FCE7187F66277EEE66F174BECFA0.key | Bin 0 -> 978 bytes
...745D43D2A2AF9D646DEC73F62109861A59C5E7.key | Bin 0 -> 978 bytes
tests/gnupg/pubring.gpg | Bin 5875 -> 7911 bytes
tests/gnupg/trustdb.gpg | Bin 1600 -> 1680 bytes
tests/setup.sh | 1 +
tests/t0300-reencryption.sh | 5 +++++
7 files changed, 6 insertions(+)
create mode 100644 tests/gnupg/private-keys-v1.d/06EFA1387A43F03768F13E6B25D345AD342F5386.key
create mode 100644 tests/gnupg/private-keys-v1.d/0E3D633B6519FCE7187F66277EEE66F174BECFA0.key
create mode 100644 tests/gnupg/private-keys-v1.d/A5745D43D2A2AF9D646DEC73F62109861A59C5E7.key
diff --git a/tests/gnupg/private-keys-v1.d/06EFA1387A43F03768F13E6B25D345AD342F5386.key b/tests/gnupg/private-keys-v1.d/06EFA1387A43F03768F13E6B25D345AD342F5386.key
new file mode 100644
index 0000000000000000000000000000000000000000..daf876b26e23c3098f0c859872d15e21a370d3c0
GIT binary patch
literal 978
zcmV;@11<b0F)=!Da%py9bY(4TWqBwwI&yPiC^0&2GBr0k0Jl%1i{Z4)IDl$4RYS@|
zz}1p@yLvT6m>Vmb!6e*#rk*hAdFwk=GqJ+tpX7NJbn8~JjV?Q499#`HTk^Z?bo4F4
zU@+JMR~FeaqJkgS&mKo^=hC91-%8U<LJJ|YIw<|Q89EsV9Nj7bqp&YJSQ?pU+_;u_
z+aj<<Q32hvfAAs+5=`A9BJz|%3YzMh2=+3<qb0h`MSf#%aT7)eZwi@CZac`8)^jk&
z?}0~dZ(R9DybW6eX60V03qJYJhVb$GbY@a(RUDJr<K+RF>&f^x4umh)GZC?ObmQgh
ziO7Tp&&29N2{W2zMUL_;C^JRQM#XM+K7@VDBFu@2<0&XHI%P9D0RRChC^0%@GBq|j
z6BetBS92806L35IFa&v-T?7_F6b(fbd`r{0&ZSu+o|t$~mQ%#WXHDd>)4*CFB|DE?
zq{2~3qq$0cQ?3UF{J>!w)G9(iAY^#8+;|0OkA5G?>oC25%#mp(RP$=?^#aPu8aFN#
zmta2dburD+3*ZW+JmHFOLsIy>;YD3y8FftIZ>e++gkiH$HTLAB<x=L0i}>W^1o^xx
z>~!9ThUT>_N!YM1{^EAun&bWsqBTJdko@0ja2`2IarsAL`40tMy}tR*H9W?k<x*}Y
zMOj_mO@|Zah)gQx{QC*Zx^C-`=B9umu^Q^GPzG(_mo=Q47BYhF)`)I1`_PdYDJU^I
za4|ADIsnK!MKPZF(<X!&WwU;B?otS0Ro3I5hGJe9lfH)#jbSY(RhQr;<nH@$_wJt-
ziy|cLmiTEqXH4P~DSDRPs-A}G;KO1kEGfgWb^hC&@1E3xZ^|l&`66?Ky^{1^gz*4R
z^0OreKm!6pJ>gscl{Y+|q(|SXueZ8bOFD+>@;fOgF*<QEGC4W`>Rs)D%8}+p&Y~|l
z<;gqx{@W@HBknL)0cB0|=t?Gc{US?1N_4msuaSr<VQqbe@Rs&gH=2{tj;`P7`#D&%
z&PPuNjZ(D~!*BtxAjJsH=kr`H(ttaikGY}H6`DSINIt18l49FLWv?qTIkcW1!Jkj~
z6YwuczX)tcYn5bqDJU^IbultIIsmGiAWJKNoL``&>8ULd$B|#Wh_@H!eZ_k3<nqZs
z$$U5++J-jAX`yLQlm8)RlVIL(;7+&$R#SL<={rRRhx6eqeUtrMt32J3V}p$XW{`Tx
z))0rIKD5FnfemUmV}#gj=A173wjvcbdz|d6>=#^hyWZ3q=c@QX!*0WsaBL|lDOsV?
Ap8x;=
literal 0
HcmV?d00001
diff --git a/tests/gnupg/private-keys-v1.d/0E3D633B6519FCE7187F66277EEE66F174BECFA0.key b/tests/gnupg/private-keys-v1.d/0E3D633B6519FCE7187F66277EEE66F174BECFA0.key
new file mode 100644
index 0000000000000000000000000000000000000000..666aa3140be551125cfb6c4ce2c98862aa4747ed
GIT binary patch
literal 978
zcmV;@11<b0F)=!Da%py9bY(4TWqBwwI&yPiC^0&2GBr0k0NSs`DP_(82b_XfD`n47
z{fy5$q~#mKUHcxemMk0}_&Zs^PTAj8Kn?z##(3f^3y>0DZN<6@oT+n`TO_)ELk-6Q
z)C#}Lz+0!*G&j21)yT0#35`_x?h<`F2eUpr`*LONF8E_CBT;7Ico_+3xUCloikem0
z$A3d2$sNot<2Kf*`P~`gX6N$v`6m4N<Q~wRPGV$y0%#tj6j#TnaS3a(-*Wl)_aLX;
zxYU7-Nu~W_1{9bVM*N>iHy*PY>_Rek_iZ>=uOg93W-mknefpW+tVHbFxkea1-gQ?{
z^ggLi#U9ojKLhJ@S&>kcpP48}kb@=$LX}kk6>e>^&nYM|I%P9D0RRChC^0%@GBq|j
zAIsEZY_7<S{cIRQ6~X&S2!*Z1kH}DSd5VimT^1=EdlOZ9L4;&C^@d0I!@6yR1&VX2
z?#Qo=Pz_jtwFx`&(nBiK@XXaZUXGE}U3>#|%>m!o#|XCWyh3;q>R<{M*F<zq(%Mnr
zYPzu9W0f)_K8k}wv3jL5mwPgv7pvXx9PV@q6Ukx`;ItPa=`4c3(pJd&1t4ev(rve4
zeF06_oy1j?@+XI=3EG8sJmT5gb(>Sl?vlU?qxcQ|&*T6V^A?-^KJs6U9m?$0NT`&k
z^B+aeGkT1FW(1w;X}C8dho17?Yy(VU<pAdl+`5xuk>N^5kR%)#3HZ^u+_!wWDJU^I
za4|ADIsoO9i$%?f$F2IFzv$%cHV(^+15*nCEn}sd264x2uvRMag?Q2<HmMA5;>hq{
z8Dc*EW(`k+`dzFer5sJD50?4mg&R-d??O?I25P}>V5&X-Cx@#x67iapfff{1#p0W7
zyW0U#MnTjPhT;tiXTsYYohPORtvNjv#CJFHI9VwuF*<QEGC4W`^V?iQ{d?X7n(+A3
zXE8W0OY75Z-W<%-W-v_+?uNFu5Wc`3|76itYpN~<95kiY(v|`|>nb^uU-GUSU9%yq
z1DazfjIx?PepgIslOA)<92civbLS8hQXLvAMceRs@e{cN<#%Oj;OTuUXB+A!>1%V8
zmFK2r&_mRFFOXknDJU^IbultIIsn`Ng)k$`-f4x73LkVY&u&zTIT{`!3+~lb!ffx(
zvX#FIj8O2XrY7=Z8o{o>^Ub3+bXFx>UZUcfZ;yh;xK1lvzN1et(8iC>NXB>v;kvJZ
zaTFQfTP&34Ns!-I+mh#fFkmsWNvK!{PC5>dgVQ|BSP<SQ?tOJ89+&}(IoT;GDZ*6C
AtpET3
literal 0
HcmV?d00001
diff --git a/tests/gnupg/private-keys-v1.d/A5745D43D2A2AF9D646DEC73F62109861A59C5E7.key b/tests/gnupg/private-keys-v1.d/A5745D43D2A2AF9D646DEC73F62109861A59C5E7.key
new file mode 100644
index 0000000000000000000000000000000000000000..30a660c226359e850a4eb1f68ccba91a5693ac51
GIT binary patch
literal 978
zcmV;@11<b0F)=!Da%py9bY(4TWqBwwI&yPiC^0&2GBr0k0LqD*4kYD?JuHa)n)S1T
zhd^dVwMLX=0hwapxhC`q_`gkdm@pn`uA0Iz`}p}T{;gh}*yH&YLn)e!2dOmB>Qk^I
zBB`9pumu2amQsU2j%I#QiA69?cs!F*i3>1borl*9Syyi6U?6@YuI<d^$)fSc_^+eo
z-tHFXvT}2!l7E<au0qRAPzeZ)?$yuk^&AtSoMCIl7FrH>##Fbj2x#*XmiN1T#*$#T
zc;j6ERt37Y<S*Y`h30>$V>+Mb;gZ?moMAql+xS&<zU!X=N3666+8Qc<0~?}ayXwV0
zgP((7{sERp1*P7D);oR?#XAE=Xa;GVn&Kg5l*MQLr70*eI%P9D0RRChC^0%@GBq|j
z8_>TeH=zJ>lF_qca<}&>)rr<mA_USQI2aJc%-A|Zgg#cey6y^8jPrY%-^>*ZtMRcK
z?%*&J1U)g^0eySznw7Vel$Nk<aT;iqqk3E%(ru}<0Qn2TrVA5{H>s+#C(Ar)ZmbX9
zhR56uv!U*f)SZC&q2Z7D$XEmQ32WhknCl;ph+0RI9E?)5%=g+aTHBLynC_pbKWqgg
zD!&yuT@(4L{9ZmjPv8uf4*`j*plTMaI%)Za_X0F1`P~^#Af;Q7hTtELvaMhJASQED
z!~GRx-td@t?c~vh_P)t6VhxI@gBBG}rC$oy>*j~T{&t%!2uJ{$N0^}O-Kei|DJU^I
za4|ADIsnv=;p>QjZ5yhl+U<PAMU%T&XXbdc!KcEmB-L^C%wim3C=vZ@;jZ%Mx&a^Y
zj<EG@0h)Z8(W<2z#v|&f!V17htr88kF7tWMUt#>}Ye&e8lWq4_VNP)lYS-Ig*faaS
zI}UcUGZXIEsDV*k1U^a-bhH8dgEk}RK79KJnEfdzF*<QEGC4W`^Xw&KFv)Sas?y!O
zwbElaT&^MxFI5e@VuA4xQGOS;7b{Px(-BF^kzR3+4k|C>(g`;c@Xz$`ldG&Wi^=$-
z5_anZ(KHr(0jN^#b^YN(QT>#3ax(}*RA)bdr+!_4(;bTF2GaM-AcGl8rbG-AY6C%1
z!W9b}aIGl>dA1A5DJU^IbultIIsnsf$<A;QEF2#SXAVxLDJ)TOlo9Y6f}T4c*ma`0
zY=7>(4E{~0P2*$!%R9BQ=;P5l1MfF@l1q`Se7DqDP1bBeXR+O2R$IXJqAqdmP;%fV
zC4nBPsG**VAR{L-1w1LxQ4CgQCnS`u?xUU;oDT9(>*_1MKdPw8Ez1eDF@Y&5DM)|S
AT>t<8
literal 0
HcmV?d00001
diff --git a/tests/gnupg/pubring.gpg b/tests/gnupg/pubring.gpg
index 0573fd3abdd95ee082b79394a840a60a9fe83dc2..e6e33d19ebe5e392dbfe7259845a0d24174832ca 100644
GIT binary patch
delta 2257
zcma*lc|6ql1IO|Cj%#KZF-j~3Lssr6w^=#UZbXC}>sUjzMi@DYuPaP7RzeI?j+i8)
zQLZ*e#yMrTpQ~}LbNXSCAv3Oie*3H6Pdy&LhyDKZeS9CE&-eMq`|)C{vrMQWfI3wO
z0`b4(4?zBUs`p*;4h@wf_=OVWF8W2v9r<(&{m(H?9xwp}_#r$ye?Vy7P#x%hKko4E
ziD`d@)$;AaIQ+XX4fvjz&R3WnVi)#{;4X}g+!H(c6*eQh3sVx=g}I~l#EyN1MT_mi
ze%-GF1wRd#10Z=lGG}H07^I7sE37z8G*L_0B(KsEl1*_|PpvY30&;x*s8d=&a2iit
z&elSoe@t#UvcchMY*%>Z4^DE$%@31r3Q&&zHhYGufT84dQTZVFEQbWsR9uWb(NgPF
zgz;?$qM(*ne)52jt22JaOD;y?@t+`Ls<ZHYJEyW}dUQdY^&}*;Bpu9-d~DWz>NFfi
zTIlOpSd|vLpXYs%E`Clpyv?zu5*ENlWvw+tx21d4MohYYJj+-AY)W&?{n`vj@ii=9
zji<jI&-2FS4{@9bFXjp$){m-T%x_dc9;rg#hFLl`p&-F)8_2TeD;Z7b2aRGx=|((O
z0sQCl$P@Co47&eT2}Bft0H2ooKQZclIV=&d<rUl6PG4M}x10S`!H{Zz_o>^c6e>Dz
z@Wkzx1wQD%$AwDq@Cm|U0#N<~2slg-$}0{9c>pLHfF6v6AmAdOZ%<gjAW4gCTAKoc
zIe*;i46Y}b1$zqNZLM13Qy=b?=&Ri-1to4TJJ4Q5)$o*jXzLJi9n5#}_lS_FZQyCV
zCU}mfEm?Tg!MUQ2lK5d=b!hB)yqKe3aMyTozU<P2)zVcjG}EJ$99i1{>QPkF#5FTe
z9L6i;b&;^HnHEQ><?sDr%gfzbCn|%4tlmx}Wv*a+Qt-%{yPhp4V{9V3JEe~WBJ~2t
zGS%*dHydX^<e&J#1$(u5R#x|lC%t<hIq>m~BMzw=C8FV~^ENfXb7@Tdmo9}9N=kH<
zuxHoDMV8%@)Njt9vPwWPkX<y2<-?NT%?-uK46SpQ>KSMI2iC78n0it_rCImCG;8dN
zZ;V$n^kXmRI+=G_H1(xNHbfn>%$8EkZB`t<`rxkCKO^Ui9CfN%rV6Ga4-n?gR*^J}
ze5Boxx^Bx2^Mn=k7B8(qsI&N6?ZSB3fgZFqh-bYiEE+rckMGR{<!Oe>TXm9#k}&BJ
z6`+W!Y3TAzj{k6NR>Tm7YH1IQ(7+`O9QDHp2D6-Dh9J-8!aiuX6dkH(SjPAU1&dk1
zf)F{jc%zQY{!p#<#W-txkUQ7<Ins>>H|_aQ5X<dJT6(`hz&TuWlD^HHoCb2{Izf(}
zaH8gbj%ZalVRCw&*pVpE(>iMg*CFF9Q<v40bu3?7(eanDiO~!UgGikGD@`Jx%PX-{
zo7^6?3GI#wY~G2=+}oyzEw<QH`6eUe-TXR`0d};8rf=&9bvf=+3XCfkqxl+_2bTSe
zNsZ1u;qa~iOR6K|l#gbW>r-?O>Kr#9D*vusGHko{yPiq)AB6gkm`=7Pp#{}B*vR$J
zKz_W{mVB(vq_-Ejrbt0~_y+{Xr@NOE)?RRfX38!N-!0QkEF+D|lb?5tH>Wf|3Y2MX
z0;3KOT>#@HqE0T27#Zw0f8R+ri3YAbXu%Js3Uwv}DE5$jMXxi{a%?Ew64hFvA!8wG
zAKSQa!i;>)xJ{l^(y^_{4p&zsJ#dfCfr*z%m(MqDOJo#`M|xD;(Ovg#ah=w?C$m+<
zOOx$q$uQ7gM#WM9cV=W((hvK+h6v=vyQup0*l*qJF)E&xdg-x&re>*0%W{ldn{3~X
zIhi82^V=dO)CAK|KL*n45qXr*EH}ma7;|Jhv=`CX-Q-r<e^jrY+1F8J0Vg@GFQB50
z1ZY^}jS#;-H8{R%3ii112uXNAZN)*vb+Qw)9W=*uf-($^N!@-5cSLd$$68+FDs6J7
z(7)x``uubi8h|d|@7!J%48QnfEQGtZCRaLA+Z#u+DcSPj-=BTZYO}yb4^5MtH`5MZ
z3)FY6#N0ZG)3ks_ujh<DvX~#Lvy#A$hB=>J!BXt#=zf{+c;*PMw@zmk<S1LGB`EQm
zWjX=i0es+-p1)lcO93kNMO7~PFbIVo;k_{taW6{QZV?vr?q=ByE|O!+sz~cTUTCoi
z?`d_&36JW4m_3ZjxPNbZlk*JG-<e{-votiHCJm<Ut66`jf>1I{DeSoJap%srNpknS
zFbi%0iFTLk${fU9hNfO>JY8x$9p97@|6=&NBw}Cn&xe!j*IGjww270Et6l>u>t0Ox
z*Mk?>s}uU60cV<!E2J>vTB<N(_<cmM<vw|vaO&-1W^SSB)S)YRvFfLePsI~Dins8q
z39sl*Wv$|I2aM;#;?9@_9{QHAXYpBHs!1*VNV-$>cI+aH8pp4y@I2;C4&j5Ze>mrr
f3Ms5E>Q^h4b%eiv9CvVO4oyh3>-${Q=l8z=p76>y
delta 207
zcmaEE`&oB`0Hfd*{({8fVug~_;u3}I)Jg@z&9;oTjLb|7%$pmTjG4fU-7HuX8g2f;
z3RP&s4pmsjiAACD=FMDCh2OcM3Jv+NC^Xre#}8GwNdT(wjSv=vrkgcIpbB$EAqoL%
Cur{9n
diff --git a/tests/gnupg/trustdb.gpg b/tests/gnupg/trustdb.gpg
index cb5ec15078c2d1f07150f49f8ba2061ea3b6ce82..6990b8639619b98f79686a4afd6728f6bb8ad39a 100644
GIT binary patch
delta 119
zcmX@WGl5rtF})z2nVFH5k%@sJcItDEiH71E)w`G(H6~`MZ@$T#&J@7IaQgFBWvdOA
zc}Y8eujg5uX}Kx7{~a3x7-&K$5Xs9>ccj(OCnGv2Lg(dav3wK0$KnZ`P<04p3;^Bp
B9ZCQI
delta 39
vcmbQhdw@rPF})z2nVFH5k%@sJINU^hqM`Uk^)BX#4*U}XBsbq=PG<rDum=gv
diff --git a/tests/setup.sh b/tests/setup.sh
index 5d1e794..e49d8cc 100644
--- a/tests/setup.sh
+++ b/tests/setup.sh
@@ -62,3 +62,4 @@ KEY2="D774A374" # pass test key 2
KEY3="EB7D54A8" # pass test key 3
KEY4="E4691410" # pass test key 4
KEY5="39E5020C" # pass test key 5
+KEY6="B25B8FEE" # pass test key 6
diff --git a/tests/t0300-reencryption.sh b/tests/t0300-reencryption.sh
index 3c88987..e61d796 100755
--- a/tests/t0300-reencryption.sh
+++ b/tests/t0300-reencryption.sh
@@ -45,6 +45,11 @@ test_expect_success 'Reencryption root multiple key with string' '
[[ $(canonicalize_gpg_keys $KEY2 $KEY3 $KEY1 $KEY4) == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]]
'
+test_expect_success 'Reencryption root single key with multiple subkeys' '
+ "$PASS" init $KEY6 &&
+ [[ $(canonicalize_gpg_keys "$KEY6") == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]]
+'
+
test_expect_success 'Reencryption root group' '
"$PASS" init group1 &&
[[ $(gpg_keys_from_group group1) == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]]
--
2.23.0
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store
