BUG #16677: pgcrypto.pgp_key_id() thinks that a PGP message containing multiple packets is a full keyring.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

BUG #16677: pgcrypto.pgp_key_id() thinks that a PGP message containing multiple packets is a full keyring.

PG Bug reporting form
The following bug has been logged on the website:

Bug reference:      16677
Logged by:          Ryan
Email address:      [hidden email]
PostgreSQL version: 12.4
Operating system:   Pop!_OS (Ubuntu derivative) 20.04
Description:        

When using the `pgcrypto.pgp_key_id()` function with a dearmored output from
`gpg --export --armor --export-options export-minimal,no-export-attributes
8333F292B1BBD334A61E6F566785F7AF28DE7081`, I am given the following error:

ERROR:  Several keys given - pgcrypto does not handle keyring

I believe that pgcrypto thinks that each packet in the PGP message is a key.
When using the `gpgsplit` command with the output from the above GPG
command, I can see 5 packets:

1. The PGP public key. This is the packet that should be used for the
`pgp_key_id()` function.
2. The first UID attached to that key.
3. A signature verifying the aforementioned UID.
4. The second UID attached to that key.
5. A signature verifying the second aforementioned UID.

Below, I have included a full set of code that should reproduce this:

```
CREATE EXTENSION pgcrypto SCHEMA pgcrypto;
SELECT pgcrypto.pgp_key_id(pgcrypto.dearmor($$-----BEGIN PGP PUBLIC KEY
BLOCK-----
mQENBF1lrTcBCACwH7BO2EJGgIHDwo3jUyHnqKg6r5qE6SSFlCLkCeVsekTQcAfw
IaCt/MBDNiPrEnKfTT0j+jEiEvoZMEpL8XCpGxSj3LWj4uJY+/P+7K73gUDguPWF
ERJlsxqecjxqZpr7buQI9FN3sYIWxjK4b12OI6TzjSf9LUwl5lSvBCx0jVLeSV+N
V0jZQJ+iNC4SPB5qSdlvykl5n9+1t/B3anMZdXFJpnuqTYLNTGCr82MkMR5iredh
IDnBatpRlMO47lWlVOXi0s5MOdErUUQKX64lyQG0j/fsyo+5BBROLf2fczrIVRRl
IaQ8XkyTCdOSZnFyX3/ngelcIPrSgMpYqljdABEBAAG0P1J5YW4gSGV5d29vZCAo
UnlhblNxdWFyZWQgLSBZdWJpa2V5IDVDIE5hbm8pIDxyeWFuQGhhc2hiYW5nLnNo
PokBVAQTAQoAPhYhBIMz8pKxu9M0ph5vVmeF968o3nCBBQJdZa03AhsDBQkDwmcA
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGeF968o3nCB38wIAIwfteKojzfh
zPNaUHQ4Czh5BYtnHMQh4W30x3wBu1FHZubl5PlkSj1rnMxMzu75Y4pjKAJdFRr5
q6I6TUcZUOLPjQqzKBYYzaE5F2qUnPaAqTqw1bXaoX0s3af3zNY7B7VNBphMPIt5
7H9RugqhY7xc0QBGY9JdBSpW0h+1ggtie76nRrZA4zK1sltHLQZMJFh5K/BgXn1k
2iwiRC9Jt7p01AYvipB03Lh1lUxAP/alsiXCFHfJ3PL1exXEwukH0ROAVpRKD1so
+lN8BpApLEpCF7sdOruMDfzGMSVdwsPuawQHWxGgZAOeQttUm/LjEiZd6czRZmi5
pcnM9eAaXf20I1J5YW4gSGV5d29vZCA8dmFuZG9yMjAxMkBnbWFpbC5jb20+iQFU
BBMBCgA+FiEEgzPykrG70zSmHm9WZ4X3ryjecIEFAl3x3FkCGwMFCQPCZwAFCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQZ4X3ryjecIFNeQf/YIeML5ptYdZE+tC1
zbkX30elzYL4fYLzIhGv4IFB9KgxaDQUPWmxY3833D8BkBXF/w9RkS+kzgrSvY2j
v7DA5uhq3TnioVarXCy5Dpnih9KsmamovQln/ZC97vAnzjw1m9R+z8kBnyDRuggp
TwO7WgKhWWtrFRWbNaf3NHvG8JOQlGBX3eNqmFX7LVjMSh0xubVMM2laSzIhYYR9
n+URpt39QTkYkfeGAgkYAOCnbzIvg6wFwFHhA7GHTuS+qW3DKkqhYHVt/u8ZSUWX
JtBBGo+cTEHafafBsWkYvzpet+h4EeuFCu1YtU49NUGggUTj+3PukZCnNWcjrAh2
trZBzrkBDQRdZa03AQgAxHn96AR42unTdV7VJrfnXG+wJQ3XZGmb6DnU5NqVrdt0
Dv0/QrN1HjmYw4K4IzrAC7ebNXHzUNml1tr77mjlHmEekbdkvZngiP+8ncfcxwo8
xQi3ircZVKsnek+lDx65sg6+nFgfwtftANQri+4wi+a6y4ocxFSFd2O2jPkrdjAE
QBjFlgzBcJGi96bJcYi95XY3vWHS1sonCYjSXw7CSqqCpD6TbnjqNSvH3yCfsj1c
kcDkk6TAui5H80eI7CEFd4VDGPiLqed/K65NGaViAv87m9cOja8o7eSrAM99+FG6
SbMjChmGcpFIYE2gCyFpVESU851gJI63ZTTfosirDwARAQABiQE8BBgBCgAmFiEE
gzPykrG70zSmHm9WZ4X3ryjecIEFAl1lrTcCGyAFCQPCZwAACgkQZ4X3ryjecIFR
HAf+K7TvFZM+Ny+sA0bgI/LmRoIrn3r6t49tNARIDEN4eBAZLR6dhE1RzQAagIrA
rTsmybBQODmXVj5RKgkOTglRjVy8EEO6eqKZ5sfxBSzw3NHOHn+thI+7yqaXf34b
74249zoNI4/ezB20UaJOtnjSHo6IJ20gkltB0BR0tyelfcEgxlO1jYUUNJcLFzfz
/FvGbx3TC18bddmLykuD6kIOK2nG0IGoi11LMMr3K4JLP5U+DxnAShGY2KNRF+Gx
RAIhKZ/VqwLAd90Nv15uPgtu7wcsEluM6Uq/foxOLMNnt5MYWI36YA/OpHhsXovx
hYyQTkJTayYjY5/cQDDliSH2iLkBDQRdZa03AQgAqNLJN4ARHT37/9B3iEsuasbu
jRtLVGboNAMMtw4lYjinKuFBlcvbKI4DZyqkA3oRm1jxEkGC3sBD4a15x7OktN9x
K1b43B9GXQ/ZIgXd4fWAafrY7oJcWTYfaXOfTj4aOZJfICVAV4x+UvCYyf4uXmrE
IRcIfmhsAgoJbNyt5q67sHdJe0gqwgqSq7cmKZqdBDQzK7lTf6hY6ygTEy6sr2Dr
S+QGG9uFWsD3Y9NHDLfptYyU5uPA5BOhREVIaVrrYmBphqiszvuxrMxMcAj/X2vB
RPN1yDYp6Pvn7rYC5Xi+9h0VAGKYjmJ/9JzZBwaCqX4KMr269WMZ+QV4w2sHuQAR
AQABiQE8BBgBCgAmFiEEgzPykrG70zSmHm9WZ4X3ryjecIEFAl1lrTcCGwwFCQPC
ZwAACgkQZ4X3ryjecIE+twf9EMrYtF1wk7Wx2vUVtXJRYHRE9/R3Qvr00FnOhg5N
v2OWFBOwD5O7xJ0YSPD7W7+pdEUzYIsCEFL4HO645Z1PXQ1Iu1R4Xjhh5ZQTHy0w
N389dXw21Er7WC6tvDf3/+sFni5LkkzeTK45X+VExvRfMSVgboHEtysju+6GhnC5
bT4volWULkxGuoKGM9qWIkgMzOh5PSdvdfgvvCWUzDpatjIj13caEDOKHtc2AurQ
QoyE6kCd1WqbmuJau1tmp4INWm0MZWrtF84A4I/AM4POMMErqV7N8aQYyezV2udO
BLNCVZqTB1eoWIx+kgvigetwlhHmIEpM9V0tLSPcfKtT+w==
=8MvD
-----END PGP PUBLIC KEY BLOCK-----
$$));
```

Reply | Threaded
Open this post in threaded view
|

Re: BUG #16677: pgcrypto.pgp_key_id() thinks that a PGP message containing multiple packets is a full keyring.

Charles Heywood
I have set up a Gist with a full example. I forgot the `CREATE SCHEMA`
line, and the mailing list automatically broke up one of my lines.

https://gist.github.com/RyanSquared/1b14850611e46059432378d8e892669d

On Fri, Oct 16, 2020 at 6:53 PM PG Bug reporting form
<[hidden email]> wrote:

>
> The following bug has been logged on the website:
>
> Bug reference:      16677
> Logged by:          Ryan
> Email address:      [hidden email]
> PostgreSQL version: 12.4
> Operating system:   Pop!_OS (Ubuntu derivative) 20.04
> Description:
>
> When using the `pgcrypto.pgp_key_id()` function with a dearmored output from
> `gpg --export --armor --export-options export-minimal,no-export-attributes
> 8333F292B1BBD334A61E6F566785F7AF28DE7081`, I am given the following error:
>
> ERROR:  Several keys given - pgcrypto does not handle keyring
>
> I believe that pgcrypto thinks that each packet in the PGP message is a key.
> When using the `gpgsplit` command with the output from the above GPG
> command, I can see 5 packets:
>
> 1. The PGP public key. This is the packet that should be used for the
> `pgp_key_id()` function.
> 2. The first UID attached to that key.
> 3. A signature verifying the aforementioned UID.
> 4. The second UID attached to that key.
> 5. A signature verifying the second aforementioned UID.
>
> Below, I have included a full set of code that should reproduce this:
>
> ```
> CREATE EXTENSION pgcrypto SCHEMA pgcrypto;
> SELECT pgcrypto.pgp_key_id(pgcrypto.dearmor($$-----BEGIN PGP PUBLIC KEY
> BLOCK-----
> mQENBF1lrTcBCACwH7BO2EJGgIHDwo3jUyHnqKg6r5qE6SSFlCLkCeVsekTQcAfw
> IaCt/MBDNiPrEnKfTT0j+jEiEvoZMEpL8XCpGxSj3LWj4uJY+/P+7K73gUDguPWF
> ERJlsxqecjxqZpr7buQI9FN3sYIWxjK4b12OI6TzjSf9LUwl5lSvBCx0jVLeSV+N
> V0jZQJ+iNC4SPB5qSdlvykl5n9+1t/B3anMZdXFJpnuqTYLNTGCr82MkMR5iredh
> IDnBatpRlMO47lWlVOXi0s5MOdErUUQKX64lyQG0j/fsyo+5BBROLf2fczrIVRRl
> IaQ8XkyTCdOSZnFyX3/ngelcIPrSgMpYqljdABEBAAG0P1J5YW4gSGV5d29vZCAo
> UnlhblNxdWFyZWQgLSBZdWJpa2V5IDVDIE5hbm8pIDxyeWFuQGhhc2hiYW5nLnNo
> PokBVAQTAQoAPhYhBIMz8pKxu9M0ph5vVmeF968o3nCBBQJdZa03AhsDBQkDwmcA
> BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGeF968o3nCB38wIAIwfteKojzfh
> zPNaUHQ4Czh5BYtnHMQh4W30x3wBu1FHZubl5PlkSj1rnMxMzu75Y4pjKAJdFRr5
> q6I6TUcZUOLPjQqzKBYYzaE5F2qUnPaAqTqw1bXaoX0s3af3zNY7B7VNBphMPIt5
> 7H9RugqhY7xc0QBGY9JdBSpW0h+1ggtie76nRrZA4zK1sltHLQZMJFh5K/BgXn1k
> 2iwiRC9Jt7p01AYvipB03Lh1lUxAP/alsiXCFHfJ3PL1exXEwukH0ROAVpRKD1so
> +lN8BpApLEpCF7sdOruMDfzGMSVdwsPuawQHWxGgZAOeQttUm/LjEiZd6czRZmi5
> pcnM9eAaXf20I1J5YW4gSGV5d29vZCA8dmFuZG9yMjAxMkBnbWFpbC5jb20+iQFU
> BBMBCgA+FiEEgzPykrG70zSmHm9WZ4X3ryjecIEFAl3x3FkCGwMFCQPCZwAFCwkI
> BwIGFQoJCAsCBBYCAwECHgECF4AACgkQZ4X3ryjecIFNeQf/YIeML5ptYdZE+tC1
> zbkX30elzYL4fYLzIhGv4IFB9KgxaDQUPWmxY3833D8BkBXF/w9RkS+kzgrSvY2j
> v7DA5uhq3TnioVarXCy5Dpnih9KsmamovQln/ZC97vAnzjw1m9R+z8kBnyDRuggp
> TwO7WgKhWWtrFRWbNaf3NHvG8JOQlGBX3eNqmFX7LVjMSh0xubVMM2laSzIhYYR9
> n+URpt39QTkYkfeGAgkYAOCnbzIvg6wFwFHhA7GHTuS+qW3DKkqhYHVt/u8ZSUWX
> JtBBGo+cTEHafafBsWkYvzpet+h4EeuFCu1YtU49NUGggUTj+3PukZCnNWcjrAh2
> trZBzrkBDQRdZa03AQgAxHn96AR42unTdV7VJrfnXG+wJQ3XZGmb6DnU5NqVrdt0
> Dv0/QrN1HjmYw4K4IzrAC7ebNXHzUNml1tr77mjlHmEekbdkvZngiP+8ncfcxwo8
> xQi3ircZVKsnek+lDx65sg6+nFgfwtftANQri+4wi+a6y4ocxFSFd2O2jPkrdjAE
> QBjFlgzBcJGi96bJcYi95XY3vWHS1sonCYjSXw7CSqqCpD6TbnjqNSvH3yCfsj1c
> kcDkk6TAui5H80eI7CEFd4VDGPiLqed/K65NGaViAv87m9cOja8o7eSrAM99+FG6
> SbMjChmGcpFIYE2gCyFpVESU851gJI63ZTTfosirDwARAQABiQE8BBgBCgAmFiEE
> gzPykrG70zSmHm9WZ4X3ryjecIEFAl1lrTcCGyAFCQPCZwAACgkQZ4X3ryjecIFR
> HAf+K7TvFZM+Ny+sA0bgI/LmRoIrn3r6t49tNARIDEN4eBAZLR6dhE1RzQAagIrA
> rTsmybBQODmXVj5RKgkOTglRjVy8EEO6eqKZ5sfxBSzw3NHOHn+thI+7yqaXf34b
> 74249zoNI4/ezB20UaJOtnjSHo6IJ20gkltB0BR0tyelfcEgxlO1jYUUNJcLFzfz
> /FvGbx3TC18bddmLykuD6kIOK2nG0IGoi11LMMr3K4JLP5U+DxnAShGY2KNRF+Gx
> RAIhKZ/VqwLAd90Nv15uPgtu7wcsEluM6Uq/foxOLMNnt5MYWI36YA/OpHhsXovx
> hYyQTkJTayYjY5/cQDDliSH2iLkBDQRdZa03AQgAqNLJN4ARHT37/9B3iEsuasbu
> jRtLVGboNAMMtw4lYjinKuFBlcvbKI4DZyqkA3oRm1jxEkGC3sBD4a15x7OktN9x
> K1b43B9GXQ/ZIgXd4fWAafrY7oJcWTYfaXOfTj4aOZJfICVAV4x+UvCYyf4uXmrE
> IRcIfmhsAgoJbNyt5q67sHdJe0gqwgqSq7cmKZqdBDQzK7lTf6hY6ygTEy6sr2Dr
> S+QGG9uFWsD3Y9NHDLfptYyU5uPA5BOhREVIaVrrYmBphqiszvuxrMxMcAj/X2vB
> RPN1yDYp6Pvn7rYC5Xi+9h0VAGKYjmJ/9JzZBwaCqX4KMr269WMZ+QV4w2sHuQAR
> AQABiQE8BBgBCgAmFiEEgzPykrG70zSmHm9WZ4X3ryjecIEFAl1lrTcCGwwFCQPC
> ZwAACgkQZ4X3ryjecIE+twf9EMrYtF1wk7Wx2vUVtXJRYHRE9/R3Qvr00FnOhg5N
> v2OWFBOwD5O7xJ0YSPD7W7+pdEUzYIsCEFL4HO645Z1PXQ1Iu1R4Xjhh5ZQTHy0w
> N389dXw21Er7WC6tvDf3/+sFni5LkkzeTK45X+VExvRfMSVgboHEtysju+6GhnC5
> bT4volWULkxGuoKGM9qWIkgMzOh5PSdvdfgvvCWUzDpatjIj13caEDOKHtc2AurQ
> QoyE6kCd1WqbmuJau1tmp4INWm0MZWrtF84A4I/AM4POMMErqV7N8aQYyezV2udO
> BLNCVZqTB1eoWIx+kgvigetwlhHmIEpM9V0tLSPcfKtT+w==
> =8MvD
> -----END PGP PUBLIC KEY BLOCK-----
> $$));
> ```
>


--
Ryan Heywood | [hidden email] | [hidden email]
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`