importing large keyrings crashes the extension in Chrome versions < 36 about end-to-end HOT 23 CLOSED

From [email protected] on June 04, 2014 08:17:08

Thanks!

Could you please follow these steps? :)

Debug instructions:

1. Please build the extension and go to chrome-extension:///prompt.html and try to encrypt, decrypt or import a key from there.
2. Note the error shown in red (if any)
3. Open the JavaScript console (Tools -> JavaScript Console)
4. Copy the output from the console here.

Have you tested if this key/message works in other implementations? (PGP
Desktop, GnuPG, etc..)

If you can, please copy the output of gpg --list-packets .

from end-to-end.

From [email protected] on June 04, 2014 08:37:34

thanks for the awesomely fast response! :)

I'll give those steps a try and let you know. As for the key being usable elsewhere, I use it as my main encryption tool for encrypting files and data on my machine and also use it for signing/decryption in Thunderbird + Enigmail on my machine. This is a somewhat old key, so I've been using it successfully for a while.

I should've mentioned previously that I'm running a 64-bit Fedora 20 desktop, if that helps any.

Let me try those steps and I'll let you know shortly!

from end-to-end.

From [email protected] on June 04, 2014 08:49:54

OK, got it!

It's exactly what I thought was the issue -- in order to import the keyring, I had to get it into ASCII form. Once I ran gpg --export-secret-keys --armour > outputfile.pem to get the key exported, I was able to successfully import. Now I need to import my public keys and I should be good!

It might be helpful to add a note about how to convert existing keys to the proper format to import them in the FAQ. Thanks for this awesome extension!

from end-to-end.

From [email protected] on June 04, 2014 15:00:31

will do! thanks voyager :)

from end-to-end.

From [email protected] on June 05, 2014 13:00:37

Status: Accepted

from end-to-end.

From [email protected] on June 06, 2014 18:54:03

Labels: Type-Enhancement Priority-Medium Component-Docs Compatibility Usability

from end-to-end.

From [email protected] on June 09, 2014 11:23:42

thank you very much! Looking forward to all the awesome improvements coming! (if I had a suggestion, where could I send it? I did notice that there's no way, as far as I can tell, to import public keyrings in...is that coming?)

from end-to-end.

From [email protected] on June 09, 2014 13:15:00

to import public keyrings

Importing public keyrings works the same way in e2e as importing your private keyring. When exporting from gpg, use --export (instead of --export-secret-keys) in order to export your public keys: gpg --export --armor

from end-to-end.

From [email protected] on June 10, 2014 10:33:35

Thanks -- that's what I thought and gave that a try. However, when I try to import the generated ascii file, it causes the tab to crash :-/

from end-to-end.

From [email protected] on June 10, 2014 10:51:21

it causes the tab to crash :-/

Sounds like a bug in e2e. Two options:

1. If you're comfortable sending me your public key ring (not secret keyring), feel free to email it to me at [email protected] and I'll debug the issue.

2. On the options page, open the JavaScript console (Ctrl+Shift+J). Also, go to chrome://extensions/ and open the background page for end-to-end, and then open the JavaScript console there as well. Then try to import your public key ring and see if any data is printed to the console before it crashes. Please feel free to send me the debug output or paste it here.

Thanks!

from end-to-end.

From [email protected] on June 10, 2014 10:55:36

Thanks! I've got no problem sending my public keyring. I just need to make double sure that I only have my public ring in the file and not my secret. I'll take a look at #2 as quickly as possible!

from end-to-end.

From [email protected] on June 10, 2014 11:00:51

To double-check that you do not have any secret keys in your file, you can do this with gpg:
cat somefile | gpg --list-packets | grep "key packet"
You should see only public key packets and sub key packets in the output.

For example:
$ gpg --export --armor|gpg --list-packets|grep "key packet"
:public key packet:
:public sub key packet:
:public key packet:
:public sub key packet:

However if it accidentally includes secret keys somehow you'd see this:
$ gpg --export-secret-keys --armor|gpg --list-packets|grep "key packet"
:secret key packet:
:secret sub key packet:
:secret key packet:
:secret sub key packet:

from end-to-end.

From [email protected] on June 10, 2014 11:27:18

Great! that worked like a charm, looks like the ring I have is completely public :)

I'm attaching it here. Please feel free to use as you need!

Attachment: pubkey.pem

from end-to-end.

From [email protected] on June 16, 2014 03:55:48

Owner: [email protected]

from end-to-end.

From [email protected] on June 17, 2014 00:50:33

Confirming that this crashes for me. Within e2e.openpgp.block.factory.parseByteArrayMulti it crashes on the second e2e.openpgp.parse.parseSerializedPacket. The JavaScript console doesn't show anything obviously odd. I'll run Chrome with --enable-logging --v=1 and see if chrome_debug.log has any hints about what's going on.

from end-to-end.

From [email protected] on June 17, 2014 16:36:27

It appears that any keyring file 128KB or more is likely to crash the extension.
Tested on Chrome 35 on Linux and ChromeOS.

Summary: importing large keyrings crashes the extension (was: importing existing private keyring)

Attachment: 045

from end-to-end.

From [email protected] on June 17, 2014 23:22:53

Labels: -Type-Enhancement -Component-Docs Type-Defect

from end-to-end.

From [email protected] on June 18, 2014 00:10:45

koto mentioned that he saw similar crashes in Chrome versions before 36 when doing shift() on large arrays. Upgrading to Chrome 36 indeed fixes this crash for me -- yay!

However now it's surfaced a different error message when importing the pubkey.pem that you attached. e2e.openpgp.packet.Signature.parse sees a version 3 signature with a pubKeyAlgorithm of 16 for ElGamal encrypt-only. ElGamal signatures are not secure, so we should treat this as not having a signature, instead of throwing an unhandled exception.

from end-to-end.

From [email protected] on June 18, 2014 09:12:21

Thanks for the updates! appreciate your work on it. Yeah, i should've mentioned I'm running Chrome stable, so I'm still on Chrome 35. Anything I can do to help in testing?

from end-to-end.

From [email protected] on June 18, 2014 10:37:18

I've moved the ElGamal encrypt-only signature exception to a new issue: https://code.google.com/p/end-to-end/issues/detail?id=80 I'll close this issue. If anyone else sees the extension crash, please be sure you're running Chrome 36 or later.

Voyager, thanks for the help and for testing the extension!

Summary: importing large keyrings crashes the extension in Chrome versions < 36 (was: importing large keyrings crashes the extension)
Status: FixedInStaging

from end-to-end.

From [email protected] on June 18, 2014 10:56:02

Labels: Restrict-AddIssueComment-Commit

from end-to-end.

From [email protected] on June 25, 2014 12:00:36

Pushed https://code.google.com/p/end-to-end/source/detail?r=b6a0b9b8cde9c446f42bc81d4bd7d394996e10b7

Status: Fixed
Labels: Restrict-AddIssueComment-CoreTeam

from end-to-end.

From [email protected] on July 21, 2014 16:29:34

Labels: -Restrict-AddIssueComment-Commit Component-Logic

from end-to-end.