core icon indicating copy to clipboard operation
core copied to clipboard
Published 6 days ago • verified publisher icon chatmail

Failed to import secret key

Open Wurzelkoch opened this issue 1 year ago • 3 comments

I am using deltachat as a secondary device for an email account where I have a long established key with multiple aliases. Until now, I've never written an email using deltachat with this account, because I'd prefer to keep the established key over a new key that only applies to one alias of this mail account. Now, I've tried to import that secret key into deltachat, so I can also write emails from my phone without worrying about a key mixup, and so I can actually read encrypted mails on the phone, and not only the unencrypted ones, however, key import failed.

  • Operating System (Linux/Mac/Windows/iOS/Android): Android 15.10.228
  • Delta Chat Version: both 1.46 and 1.50.2-foss
  • Expected behavior: should import and use key
  • Actual behavior: prints the attached error message and doesn't import key
  • Screenshots: omitted as it only prints the same error message as is visible in the below logs
  • Logs:
12-19 20:20:05.537 29917 30011 🔵 DeltaChat: [accId=2] src/imex.rs:208: Import path: /data/user/0/com.b44t.messenger/cache/tmp-keys-file8247660042905729016.tmp
12-19 20:20:05.537 29917 30011 🔵 DeltaChat: [accId=2] src/imex.rs:636: Importing secret key from /data/user/0/com.b44t.messenger/cache/tmp-keys-file8247660042905729016.tmp as the default key.
12-19 20:20:05.540 29917 30011 🔴 DeltaChat: [accId=2] IMEX failed to complete: "verify_certification: No matching issuer or issuer_fingerprint for Key ID: KeyId(395703ec0472e467)"
12-19 20:20:05.540 29917 30011 🔴 DeltaChat: IMEX failed to complete: "verify_certification: No matching issuer or issuer_fingerprint for Key ID: KeyId(395703ec0472e467)"
12-19 20:20:05.540 29917 30011 🟠 DeltaChat: [accId=2] deltachat-ffi/src/lib.rs:2314: IMEX failed: "verify_certification: No matching issuer or issuer_fingerprint for Key ID: KeyId(395703ec0472e467)"

Wurzelkoch avatar Dec 19 '24 19:12 Wurzelkoch

This should be fixed with 1.50.3 -- which is not out on F-droid yet but hopefully soon.

On Thu, Dec 19, 2024 at 11:26 -0800, Wurzelkoch wrote:

I am using deltachat as a secondary device for an email account where I have a long established key with multiple aliases. Until now, I've never written an email using deltachat with this account, because I'd prefer to keep the established key over a new key that only applies to one alias of this mail account. Now, I've tried to import that secret key into deltachat, so I can also write emails from my phone without worrying about a key mixup, and so I can actually read encrypted mails on the phone, and not only the unencrypted ones, however, key import failed.

  • Operating System (Linux/Mac/Windows/iOS/Android): Android 15.10.228
  • Delta Chat Version: both 1.46 and 1.50.2-foss
  • Expected behavior: should import and use key
  • Actual behavior: prints the attached error message and doesn't import key
  • Screenshots: omitted as it only prints the same error message as is visible in the below logs
  • Logs:
12-19 20:20:05.537 29917 30011 🔵 DeltaChat: [accId=2] src/imex.rs:208: Import path: /data/user/0/com.b44t.messenger/cache/tmp-keys-file8247660042905729016.tmp
12-19 20:20:05.537 29917 30011 🔵 DeltaChat: [accId=2] src/imex.rs:636: Importing secret key from /data/user/0/com.b44t.messenger/cache/tmp-keys-file8247660042905729016.tmp as the default key.
12-19 20:20:05.540 29917 30011 🔴 DeltaChat: [accId=2] IMEX failed to complete: "verify_certification: No matching issuer or issuer_fingerprint for Key ID: KeyId(395703ec0472e467)"
12-19 20:20:05.540 29917 30011 🔴 DeltaChat: IMEX failed to complete: "verify_certification: No matching issuer or issuer_fingerprint for Key ID: KeyId(395703ec0472e467)"
12-19 20:20:05.540 29917 30011 🟠 DeltaChat: [accId=2] deltachat-ffi/src/lib.rs:2314: IMEX failed: "verify_certification: No matching issuer or issuer_fingerprint for Key ID: KeyId(395703ec0472e467)"

-- Reply to this email directly or view it on GitHub: https://github.com/deltachat/deltachat-core-rust/issues/6350 You are receiving this because you are subscribed to this thread.

Message ID: @.***>

hpk42 avatar Dec 19 '24 22:12 hpk42

1.50.3 is fixing a different issue with existing keys that were successfully imported by old C core.

This problem is unrelated, it complains about importing some key that does not have a signature.

link2xt avatar Dec 19 '24 23:12 link2xt

@Wurzelkoch could you provide some more information about the key? e.g. what algorithms does it use?

It looks like rPGP considers one (or more) of the User IDs in it not correctly self-signed. Would be very interesting to get to the bottom of why that is (it might be that something about the key's internal structure is problematic, or it could be that some edge case is not handled correctly in rPGP).

If you could provide a public key (!) copy of the key in question, that might help debug this.

hko-s avatar Dec 19 '24 23:12 hko-s

Closing stale issue. In any case importing the key is not possible in the current UIs.

link2xt avatar Sep 09 '25 12:09 link2xt