Ubuntu
seahorse package

Does not show fingerprint in key import dialog

Bug #1257939 reported by itzeme
260
This bug affects 2 people
Affects Status Importance Assigned to Milestone
seahorse
Fix Released
High
seahorse (Ubuntu)
Triaged
Low
Unassigned

Bug Description

Using the seahorse option to find and import remote public keys, the properties dialog does not show the correct fingerprint but the key ID instead.

to reproduce:

go to remote, find remote keys, enter a valid search term, select a key from the results and select properties in the context menu of the selected key.

bug was confirmed using the following versions:

3.10.1 (using ArchLinux)
3.2.2 (Using Ubuntu 12.04.3)

itzeme (launchacc)
information type: Private Security → Public Security
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I presume this is due to some limitation in the key search protocol that is being used. Compare the following two sks keyserver searches:

http://pool.sks-keyservers.net:11371/pks/lookup?op=vindex&search=seth.arnold
http://pool.sks-keyservers.net:11371/pks/lookup?op=vindex&search=seth.arnold&fingerprint=on

Perhaps 'fingerprint=on' isn't an option on all keyservers? Or perhaps they are using a more meager search mechanism that doesn't expose this information cheaply.

Once the key _has_ been imported, the fingerprint is then available.

This might also be a failing at the GPGME interface level; I understand gpg --recv-key, when given a fingerprint, will download a key matching only the keyid, and it does not verify that the fingerprint matches before saving the key into the keyring. I'm having trouble tracking down a reference for this behavior though.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue you are reporting is an upstream one and it would be nice if somebody having it could send the bug to the developers of the software by following the instructions at https://wiki.ubuntu.com/Bugs/Upstream/GNOME. If you have done so, please tell us the number of the upstream bug (or the link), so we can add a bugwatch that will inform us about its status. Thanks in advance.

Changed in seahorse (Ubuntu):
importance: Undecided → Low
Revision history for this message
itzeme (launchacc) wrote :

https://bugzilla.gnome.org/show_bug.cgi?id=719872

Revision history for this message
itzeme (launchacc) wrote :

"Perhaps 'fingerprint=on' isn't an option on all keyservers? Or perhaps they are using a more meager search mechanism that doesn't expose this information cheaply."

The fingerprint was not shown using several different servers.

It might be a simple bug like the key ID Variable used where the fingerprint variable should be.
I did not find the specific section of the code yet.

https://github.com/GNOME/seahorse

Sebastien Bacher (seb128)
Changed in seahorse (Ubuntu):
status: New → Triaged
Bug Watch Updater (bug-watch-updater)
Changed in seahorse:
importance: Unknown → High
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in seahorse:
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in seahorse:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.