Page MenuHomePhabricator

SecurePoll: "gpg: decryption failed: No secret key" when tallying via CLI
Closed, ResolvedPublicBUG REPORT

Description

What is the problem?

I have just tried to tally this election with the tally.php script.

It failed after about 5 minutes with:

Tally error: Error executing GPG:

Command: #Command: 'gpg' '--homedir' '/tmp/securepoll-55dbaf2a56a8c7b2f947a4eaca87897c8c9fa39a' '--trust-model' 'always' '--batch' '--yes' '--decry
pt' '-o' '/tmp/securepoll-55dbaf2a56a8c7b2f947a4eaca87897c8c9fa39a/output' '/tmp/securepoll-55dbaf2a56a8c7b2f947a4eaca87897c8c9fa39a/input'                                           

Error:
<pre>gpg: encrypted with 3072-bit RSA key, ID 3009C0891705D47F, created 2021-02-01
&#32;     &#34;betavotewiki_encrypt&#34;
gpg: public key decryption failed: End of file
gpg: decryption failed: No secret key
</pre>

It is an encrypted STV election with 5000 votes.

I have checked that the decryption key I am using is correct. Besides, if I had uploaded the wrong key I would assume it would fail much sooner.

So far, I have only reproduced this locally. I can tally other encrypted elections locally. I have been able to successfully tally the same election on beta.

Steps to reproduce problem
  1. Get the dump for the election here https://vote.wikimedia.beta.wmflabs.org/wiki/Special:SecurePoll/dump/1545
  2. Add the gpg key from here https://www.mediawiki.org/wiki/Anti-Harassment_Tools/SecurePoll_Improvements/gpg_keys to the dump file (inside of a <property name="gpg-decrypt-key">)
  3. Run: php extensions/SecurePoll/cli/tally.php 1545-20210812150223.securepoll
Environment

Wiki(s):

  • local docker SecurePoll 3.0.0 (543f6f0) 04:43, 12 August 2021.

Event Timeline

I ran this on local and the script completed without errors
Script finished in 402 s

  • local docker
  • gpg (GnuPG) 2.1.18
  • libgcrypt 1.7.6-beta
<div class="election-tally-results--stv oo-ui-layout oo-ui-panelLayout oo-ui-panelLayout-scrollable oo-ui-stackLayout oo-ui-stackLayout-continuous">

<div class="oo-ui-layout oo-ui-panelLayout">

## Elected

Election for 6 seats with 20 candidates. Total 5,000 votes.

1.  2
2.  3
3.  4
4.  5
5.  1
6.  20

## Eliminated/Not elected

*   6
*   7
*   8
*   9
*   10
*   11
*   12
*   13
*   14
*   15
*   16
*   17
*   18
*   19

</div>

I ran this on local and the script completed without errors
Script finished in 402 s

  • local docker
  • gpg (GnuPG) 2.1.18
  • libgcrypt 1.7.6-beta

Hmmm, my docker environment:

  • gpg (GnuPG) 2.1.18
  • libgcrypt 1.7.6-beta

You might be able to investigate the temp folder (/tmp/securepoll-55dbaf2a56a8c7b2f947a4eaca87897c8c9fa39a/) if the election failed and didn't clean up after itself. You should see a key and an input file and maybe cating one of those would provide more data? It sounds like it might be a bad input somewhere if it took a long time (presumably successfully decrypting other inputs) to fail.

You might be able to investigate the temp folder (/tmp/securepoll-55dbaf2a56a8c7b2f947a4eaca87897c8c9fa39a/) if the election failed and didn't clean up after itself. You should see a key and an input file and maybe cating one of those would provide more data? It sounds like it might be a bad input somewhere if it took a long time (presumably successfully decrypting other inputs) to fail.

Unfortunately, after running the command the /tmp/securepoll-... folder does not exist. Either it gets cleaned up or docker does not persist state between calls to exec.

I have tried running it on my bare machine (without Docker) but that returns a different error:

LogicException from line 413 of /home/drw/wikimedia/srv/lone/includes/cache/MessageCache.php: Process cache for 'en' should be set by now.
#0 /home/drw/wikimedia/srv/lone/includes/cache/MessageCache.php(1115): MessageCache->load('en')
#1 /home/drw/wikimedia/srv/lone/includes/cache/MessageCache.php(1043): MessageCache->getMsgFromNamespace('Securepoll-full...', 'en')
#2 /home/drw/wikimedia/srv/lone/includes/cache/MessageCache.php(1014): MessageCache->getMessageForLang(Object(LanguageEn), 'securepoll-full...', true, Array)
#3 /home/drw/wikimedia/srv/lone/includes/cache/MessageCache.php(956): MessageCache->getMessageFromFallbackChain(Object(LanguageEn), 'securepoll-full...', true)
#4 /home/drw/wikimedia/srv/lone/includes/language/Message.php(1398): MessageCache->get('securepoll-full...', true, Object(LanguageEn))
#5 /home/drw/wikimedia/srv/lone/includes/language/Message.php(916): Message->fetchMessage()
#6 /home/drw/wikimedia/srv/lone/includes/language/Message.php(1020): Message->format('plain')
#7 /home/drw/wikimedia/srv/lone/includes/Status.php(202): Message->plain()
#8 /home/drw/wikimedia/srv/lone/extensions/SecurePoll/cli/tally.php(57): Status->getWikiText()
#9 /home/drw/wikimedia/srv/lone/maintenance/doMaintenance.php(108): TallyElection->execute()
#10 /home/drw/wikimedia/srv/lone/extensions/SecurePoll/cli/tally.php(74): require_once('/home/drw/wikim...')
#11 {main}

At least it sounds like cleanup even if error is now working? 😅 If it's replicable, you can set an early return in GpgCrypt->cleanup() and that should give you a folder to investigate?

	public function cleanup() {
		return; // <- add here
		if ( !$this->homeDir ) {
			return;
		}

At least it sounds like cleanup even if error is now working? 😅 If it's replicable, you can set an early return in GpgCrypt->cleanup() and that should give you a folder to investigate?

Thanks, I have just done this. See below.

You might be able to investigate the temp folder (/tmp/securepoll-55dbaf2a56a8c7b2f947a4eaca87897c8c9fa39a/) if the election failed and didn't clean up after itself. You should see a key and an input file and maybe cating one of those would provide more data? It sounds like it might be a bad input somewhere if it took a long time (presumably successfully decrypting other inputs) to fail.

So the key file is the correct private key for decrypting the election. input is a GPG encrypted message. output is a vote record (Q0000060A-C0000060F-R00000000--). I checked that the encrypted message in input when decrypted locally corresponds to the vote record in output.

None of the other files in the directory were cat-able.

@dom_walden does the file you are using have gpg-sign-key ? after removing it I am getting an error though not exactly the same but I think it might be related

gpg: encrypted with 3072-bit RSA key, ID 3009C0891705D47F, created 2021-02-01\n
      "betavotewiki_encrypt"\n
gpg: Signature made Thu Aug 12 09:23:46 2021 UTC\n
gpg:                using RSA key D1E9450246A75741\n
gpg: Can't check signature: No public key\n

I think we might need the gpg-sign-key because the key was created/signed on a different server?

@dom_walden does the file you are using have gpg-sign-key ? after removing it I am getting an error though not exactly the same but I think it might be related

The file I have been using does have the gpg-sign-key.

gpg: encrypted with 3072-bit RSA key, ID 3009C0891705D47F, created 2021-02-01\n
      "betavotewiki_encrypt"\n
gpg: Signature made Thu Aug 12 09:23:46 2021 UTC\n
gpg:                using RSA key D1E9450246A75741\n
gpg: Can't check signature: No public key\n

I think we might need the gpg-sign-key because the key was created/signed on a different server?

I thought it was in the dump file. Just in case I have put it here: https://www.mediawiki.org/wiki/Anti-Harassment_Tools/SecurePoll_Improvements/gpg_keys#Beta_votewiki_signing_secret_key

We decided this wasn't important enough to spend anymore time on this. No one else could reproduce this.