Bug 250356

Summary: Cannot encrypt file with an imported key pair
Product: [Applications] kgpg Reporter: atnt <dioxinu>
Component: generalAssignee: Rolf Eike Beer <kde>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In: 4.5.1
Sentry Crash Report:
Attachments: Public key, that has been exported together with private key
Public key, that has been exported separately.

Description atnt 2010-09-06 14:00:33 UTC 
Version:           unspecified (using KDE 4.5.0) 
OS:                Linux

I have 2 machines with KDE 4.5.

I cannot encrypt files on machine B with keys created on A and imported on B.

Reproducible: Always

Steps to Reproduce:
1) I create a key pair on my machine A (FreeBSD). The key pair looks ok and the subkey has been created (so Bug 245110 is not happening now)
2) Export both public and private key to files.
3) Bring them to machine B (openSuse).
4) Import those keys.
5) Open dolphin
6) Right-click on file -> Actions -> Encrypt File
7) Choose my key
8) File has not been encrypted

Actual Results:  
Error dialog appears:

"Process halted.
Not all files were encrypted.
Details:
[GNUPG:] USERID_HINT 44B80B54BCF654E4 MyName <MyName@googlemail.com>
[GNUPG:] GOT_IT
[GNUPG:] INV_RECP 10 7074DAF267DD773E36FC820F79746522D3ECA1B4
"

Expected Results:  
The file is successfully encrypted.
Comment 1 Rolf Eike Beer 2010-09-06 14:05:11 UTC 
I suspect you have neither changed the trust level of this key (usually to ultimate for private keys) nor set "allow encryption with untrusted keys"?
Comment 2 atnt 2010-09-06 14:20:01 UTC 
I did changed  the trust level. I tried both "Fully" and "Ultimate" levels, but still no luck.

Having set "allow encryption with untrusted keys" the encryption succeeded.
Comment 3 atnt 2010-09-06 14:38:58 UTC 
Right now my key has trust level "Fully". As I understands, this level is enough to encrypt the file. But encryption is not working when the "allow encryption with untrusted keys" switch is off. When it is on, I can encrypt.

For now I will turn on that switch and personally I have nothing wrong with it. But, isn't it a wrong behaviour?
Comment 4 Rolf Eike Beer 2010-09-06 15:01:56 UTC 
Please run "gpg --update-trustdb" from commandline and try again. Maybe something hasn't been refreshed correctly.
Comment 5 atnt 2010-09-06 15:17:26 UTC 
(In reply to comment #4)
> Please run "gpg --update-trustdb" from commandline and try again. Maybe
> something hasn't been refreshed correctly.

> gpg --update-trustdb 
gpg: no ultimately trusted keys found

I tried to change the secret level to Ultimate, but as soon as press apply Apply button in the Key Properties dialog, the KGpg starts showing the busy sign. If I reopen the dialog again, the level is not Ultimate. Restarting Kgpg doesn't help either.

I will try to re-import the key.
Comment 6 Rolf Eike Beer 2010-09-06 15:34:31 UTC 
Setting trust to ultimate had a bug in 4.5.0, please upgrade to 4.5.1 where this is fixed (see bug 244288).
Comment 7 atnt 2010-09-06 15:50:05 UTC 
Created attachment 51361 [details]
Public key, that has been exported together with private key
Comment 8 atnt 2010-09-06 15:50:39 UTC 
Created attachment 51362 [details]
Public key, that has been exported separately.
Comment 9 atnt 2010-09-06 15:52:41 UTC 
Ok, thanks. I will try that.
I just got one more question. When I exported my private key, I assume, that the public key has been exported together with it. I Also exported the public key separately. But when I compare them, I see that they are different. Do you know, what can be the reason for that? Please see attachments for both keys.
Comment 10 atnt 2010-09-07 10:18:44 UTC 
(In reply to comment #6)
> Setting trust to ultimate had a bug in 4.5.0, please upgrade to 4.5.1 where
> this is fixed (see bug 244288).

I will have to wait a little bit, because there is only kgpg 4.5.0 in openSUSE's repositories.
Comment 11 Rolf Eike Beer 2010-09-07 12:06:27 UTC 
I can't see any differences between those two keys.
Comment 12 atnt 2010-09-07 12:10:14 UTC 
(In reply to comment #11)
> I can't see any differences between those two keys.

The difference begins on the 30th line in the 56th column and goes till the end of the key.
Comment 13 Rolf Eike Beer 2010-09-07 12:59:50 UTC 
I imported both into gpg and used "gpg --list-keys --with-colons" and did not have any differences. What happens in the files is "out of my scope", that's a question you should ask the GnuPG guys if you want to get an answer.
Comment 14 atnt 2010-09-13 10:22:18 UTC 
I'm sorry for the delay, but there is no kgpg 4.5.1 for openSUSE in in its repositories. So I can try this new version. I will write a feedback as soon as kgpg 4.5.1 packages comes out.
Comment 16 atnt 2010-09-14 07:49:40 UTC 
Thank you for the link. I'm on openSUSE 11.1 and explored only 11.1 repositories. But anyway, I installed kgpg 4.5.1 and now I can easily set any Trust level without any problems and encrypting is ok.

Just to clarify I have a question: When my key has trust level "Fully", doesn't that imply that the key is trusted and I can ecnrypt files without enabling "allow encryption with untrusted keys" option?

Thanks for your help.
Comment 17 Rolf Eike Beer 2010-09-14 10:14:05 UTC 
The trust level you set at this point is the owner trust, i.e. how much you trust the keys _signed_ by this key. Setting it to ultimate also has the side effect that you trust the key _itself_.

http://docs.kde.org/stable/en/kdeutils/kgpg/manage.html#keysigning
Comment 18 atnt 2010-09-14 12:02:28 UTC 
(In reply to comment #17)
> The trust level you set at this point is the owner trust, i.e. how much you
> trust the keys _signed_ by this key. Setting it to ultimate also has the side
> effect that you trust the key _itself_.
> 
> http://docs.kde.org/stable/en/kdeutils/kgpg/manage.html#keysigning

Ok, got it. Thanks.