Bug 116862 - GPG: Unclear error message when the OwnerTrust is different than ultimate
Summary: GPG: Unclear error message when the OwnerTrust is different than ultimate
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
(earliest affected)
Hardware: All All
: medium enhancement
Assignee: Not Assigned
Whiteboard: target:6.4.0
Depends on:
Blocks: Error-Messages
  Show dependency treegraph
Reported: 2018-04-07 17:20 UTC by Xisco Faulí
Modified: 2019-12-03 11:13 UTC (History)
6 users (show)

See Also:
Crash report or crash signature:

Hack-around patch - of course we cannot simply trust all keys... (1.04 KB, patch)
2018-06-05 09:50 UTC, Thorsten Behrens (allotropia)
Verified in LibreOffice 6.5 master (12.32 KB, image/png)
2019-12-03 11:11 UTC, Xisco Faulí

Note You need to log in before you can comment on or make changes to this bug.
Description Xisco Faulí 2018-04-07 17:20:55 UTC
Steps to reproduce:
1. create a GPG key if needed.
2. Change its ownertrust to something different than Ultimate ( use your password manager for that. Seahorse in Ubuntu)
3. Try to encrypt the document ( File - Save As - Encrypt with GPG key )

Observed behaviour: Error message is 'OpenPGP key not trusted, damaged, or encryption failure. Please try again.'

Expected behaviour: Error message should be 'OpenPGP key not trusted, damaged, or encryption failure. Please check your owner trust level and try again.'

Ownertrust info: https://gpgtools.tenderapp.com/kb/faq/what-is-ownertrust-trust-levels-explained

Reproduced in

Build ID: abf9ec7bef2c341ad9c914fd909dd03b4a784f18
CPU threads: 4; OS: Linux 4.13; UI render: default; VCL: gtk3; 
Locale: ca-ES (ca_ES.UTF-8); Calc: group
Comment 1 Xisco Faulí 2018-04-07 17:22:11 UTC
Hi bubli, this is the issue found during the hackfest, in case you're interested...
Comment 2 Thorsten Behrens (allotropia) 2018-06-05 09:48:32 UTC
Same here, but it's even worse - can't even use my own keys to encrypt. Happened after upgrade to gpg2:

gpg (GnuPG) 2.2.7-unknown
libgcrypt 1.7.9
Comment 3 Thorsten Behrens (allotropia) 2018-06-05 09:49:08 UTC
Marina, Xisco - can you paste your respective gpg versions please?
Comment 4 Thorsten Behrens (allotropia) 2018-06-05 09:50:41 UTC
Created attachment 142533 [details]
Hack-around patch - of course we cannot simply trust all keys...

With the attached patch, it works again. No real solution though
Comment 5 Xisco Faulí 2018-06-05 09:52:03 UTC
gpg (GnuPG) 1.4.20
Comment 6 Xisco Faulí 2018-06-05 09:56:53 UTC
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5
Comment 7 Thorsten Behrens (allotropia) 2018-11-12 00:37:04 UTC
Xisco, does signing the key help you're picking? With something != ultimate trust?
Comment 8 Franklin Weng 2019-08-10 09:23:05 UTC
Still reproducible in

組建 ID:057fc023c990d676a43019934386b85b21a9ee99
CPU 執行緒:4; OS:Linux 4.19; UI 算繪:預設; VCL: kde5; 
語言地區:zh-TW (zh_TW.UTF-8); UI-Language: zh-TW
Calc: threaded

Signing is okay, but encrypting would fail.

Nothing different for encrypting public keys being signed or not.
Comment 9 Franklin Weng 2019-08-11 14:04:10 UTC
(In reply to Thorsten Behrens (CIB) from comment #4)
> Created attachment 142533 [details]
> Hack-around patch - of course we cannot simply trust all keys...
> With the attached patch, it works again. No real solution though

I tried to debug it and have some interesting findings.


in comphelper/source/misc/storagehelper.cxx:496
xSignCertificates.getLength() is 2 though I chose only one recipient. (line 5 in pastebin)

Then I checked keyID at code line 509, after key is pushed back to vector (line 37 in pastebin)
The key is correct (my public key).

In the first iteration the result is correct.  Then goes to the second iteration (since xSignCertificates.getLength() is 2)

I checked the key in the second iteration (line 119 in pastebin) this time it returned another keyID (Osvaldo's public key!?)

This time crypt_res.error() returned code 53 and len was 0, so threw exception.

I have not checked why xSignCertificates.getLength() is 2 yet.  Maybe someone would be interested in it?
Comment 10 Franklin Weng 2019-08-12 12:08:53 UTC
It works when
1) encryption key is set in the personal profile, or 
2) "When encrypting documents, always encrypt to self" is unchecked, which is checked by default.

I think it makes sense that when sending a GPG-encrypted document the author should encrypt it with his/her own key, or when it is saved encrypted the author can not read it anymore.  Just that when the encrypt-to-self checkbox is set but no encryption key is set, there should be a warning or error message instead of jumping out the current error messages.
Comment 11 Commit Notification 2019-08-20 13:15:19 UTC
Franklin Weng committed a patch related to this issue.
It has been pushed to "master":


tdf#116862 do not encrypt to self when encryption key is not set

It will be available in 6.4.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:

Affected users are encouraged to test the fix and report feedback.
Comment 12 Xisco Faulí 2019-12-03 11:01:56 UTC
A polite ping to Franklin Weng:
Is this bug fixed? if so, could you please close it as RESOLVED FIXED ? Otherwise, Could you please explain what's missing?
Comment 13 Xisco Faulí 2019-12-03 11:11:50 UTC
Created attachment 156266 [details]
Verified in LibreOffice 6.5 master
Comment 14 Xisco Faulí 2019-12-03 11:12:55 UTC
Verified in

Build ID: ea97f0926e138712c3800f5274012f0f04fc1c47
CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; 
Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US
Calc: threaded

@Franklin Weng, thanks for fixing this issue. I believe we can close it as VERIFIED FIXED