[pkg-gnupg-maint] Bug#930665: gpg won't import valid self-signatures if no user ids are present in imported transferable public key

Mon Jun 17 23:48:38 BST 2019

Package: gpg
Version: 2.2.13-2
Severity: normal

Dear Maintainer,

in the current version of GnuPG, signatures will be imported from public key
blocks only if they are accompanied by a UserID packet plus valid signature.
However, self-signatures on the key itself and on subkeys can be
cryptographically verified, independently of user ids. This opens a use case of
transferring revocations and updates on subkeys, without revealing the key's
user ids.

For instance, consider a case where I have the following key in my keyring:

> -----BEGIN PGP PUBLIC KEY BLOCK-----
>
> mDMEXECaehYJKwYBBAHaRw8BAQdAAiJ1/GyBM4kgpY/nx+sXytMi8I+x8MW0/NBq
> 3jepKpG0E0RhbmllbCBLYWhuIEdpbGxtb3KImQQTFggAQQIbAQUJA8JnAAULCQgH
> AgYVCgkICwIEFgIDAQIeAQIXgBYhBHI+NDrAAzHwNHPmg3vloR+jfochBQJcQJsl
> AhkBAAoJEHvloR+jfoch7q0A/3AMFfxPJGJ5rljN8qMctaFWAzAGc5rElBFQ433t
> vuFYAQDagLYOFgcv9A5axQR4O0oYXJKfMBuImqaWyhDRg/MbAA==
> =dSe7
> -----END PGP PUBLIC KEY BLOCK-----

The following PGP block contains the same primary key, as well as a valid
revocation signature:

> -----BEGIN PGP PUBLIC KEY BLOCK-----
>
> mDMEXECaehYJKwYBBAHaRw8BAQdAAiJ1/GyBM4kgpY/nx+sXytMi8I+x8MW0/NBq
> 3jepKpGIeAQgFggAIBYhBHI+NDrAAzHwNHPmg3vloR+jfochBQJcQJp6Ah0AAAoJ
> EHvloR+jfochA+QA/jzjDXDZxwNd39ZfEkngWkR3Xebc96hCkTu9+jlbQnL/AP0b
> HrIUG62g5BGzePFhXB+XtSpRL1g4H1Ywsd+GdWymBQ==
> =KuHa
> -----END PGP PUBLIC KEY BLOCK-----

Importing this via `gpg --import` will yield an error:

> gpg: key 0x7BE5A11FA37E8721: no user ID

The key in my keyring will remain valid and unrevoked, even though a keyblock
that contained a cryptographically valid revocation signature was encountered by
GnuPG during an import operation.

User IDs typically contain data that is of a more personal nature than the
cryptographic information stored in other packets. It is arguably a quite
important use case to distribute updates to cryptographic data in an OpenPGP
certificate independently of personal information. This applies in particular to
revoked keys, where usually the only important thing to distribute is the
revocation itself. In countries where GDPR applies, it can also be interpreted
as a legal obligation to distribute User IDs only with consent of its owner.

A related effort is a new keyserver implementation [Hagrid], which went live
last week at https://keys.openpgp.org/ (disclaimer: I'm the maintainer of said
project).  This keyserver publishes identity information only after verification
via e-mail, but distributes non-identity information freely. This was received
very well by the community so far. However, since GnuPG won't import keys
without identity information, a `gpg --refresh-keys` will not update any keys
which don't have at least one verified identity.

I contributed a patch series to GnuPG (see [patch mail] on gnupg-devel) that
implements the desired behavior, which is currently under review. Since GnuPG
already supports a similar (but different) mechanism via the import-option
"import-drop-uids" on its current master (see [related announcement]), the
required changes are relatively unintrusive.

Given the increasing reliability issues of the sks keyserver pool to distribute
OpenPGP certificate updates (in particular, key revocations), and the freshly
changing landscape of keyservers, I would welcome a speedy distribution and,
ideally, backport of this patch in the debian packaging of GnuPG.

Thanks

 - V

[section 11.1]: https://tools.ietf.org/html/rfc4880#section-11.1
[Hagrid]: https://gitlab.com/hagrid-keyserver/hagrid/
[related announcement]: https://lists.gnupg.org/pipermail/gnupg-devel/2018-October/033969.html
[patch mail]: mid:20190613192743.12991-1-look at my.amazin.horse