DeltaChat fails to import keys

tcrass · May 29, 2023, 5:47pm

Delta Chat version

1.36.5

Expected behavior

Some time ago, I exported keys from DeltaChat running on an Android device and copied them over to my PC using adb pull. Using adb push, I now copied them over to a new Android device into the directory suggested by DetaChat’s “Import secret key” dialog and verified their presence as well as file permissions using adb shell:

payton:/storage/emulated/0/Download $ ls -l
total 8
-rw-rw---- 1 root everybody 3498 2020-01-12 09:43 private-key-1.asc
-rw-rw---- 1 root everybody 1733 2020-01-12 09:43 public-key-1.asc

When in the “Import secret key” dialog I tap [OK], I expect the key files to get successfully imported.

Actual behavior

After tapping [OK], I get a message saying “IMEX failed to compete: No private keys found in ‘/storage/emulated/0/Download’.”

Steps to reproduce the problem

Described above.

Debug logs

05-29 19:43:57.690 I/DeltaChat(16335): src/scheduler.rs:82: stopping IO
05-29 19:43:57.695 I/DeltaChat(16335): src/scheduler.rs:345: shutting down inbox loop
05-29 19:43:57.695 I/DeltaChat(16335): src/scheduler.rs:552: shutting down simple loop
05-29 19:43:57.695 I/DeltaChat(16335): src/scheduler.rs:633: shutting down smtp loop
05-29 19:43:57.701 I/DeltaChat(16335): src/scheduler.rs:82: stopping IO
05-29 19:43:57.701 I/DeltaChat(16335): src/imex.rs:379: Import/export dir: /storage/emulated/0/Download
05-29 19:43:57.713 E/DeltaChat(16335): IMEX failed to complete: No private keys found in "/storage/emulated/0/Download".
05-29 19:43:57.713 W/DeltaChat(16335): deltachat-ffi/src/lib.rs:2192: IMEX failed: No private keys found in "/storage/emulated/0
/Download".
05-29 19:43:57.754 I/DeltaChat(16335): src/scheduler.rs:60: starting IO
05-29 19:43:57.754 I/DeltaChat(16335): src/scheduler.rs:252: starting inbox loop
05-29 19:43:57.754 I/DeltaChat(16335): src/job.rs:264: Loading job.
05-29 19:43:57.754 I/DeltaChat(16335): src/scheduler.rs:529: starting simple loop for Mvbox
05-29 19:43:57.754 I/DeltaChat(16335): src/imap.rs:309: Connecting to IMAP server
05-29 19:43:57.754 I/DeltaChat(16335): src/scheduler.rs:561: starting smtp loop
05-29 19:43:57.757 I/DeltaChat(16335): src/ephemeral.rs:565: Ephemeral loop waiting for deletion in 24h 0m 0s or interrupt
05-29 19:43:57.759 I/DeltaChat(16335): src/imap.rs:309: Connecting to IMAP server
05-29 19:43:57.760 I/DeltaChat(16335): src/scheduler.rs:724: scheduler is running
05-29 19:43:57.760 I/DeltaChat(16335): src/location.rs:654: Location loop is waiting for 24h 0m 0s or interrupt
05-29 19:43:57.762 I/DeltaChat(16335): src/smtp.rs:754: Sending MDNs
05-29 19:43:57.762 I/DeltaChat(16335): src/contact.rs:1609: Recently seen loop waiting for 24h 0m 0s or interrupt
05-29 19:43:57.764 I/DeltaChat(16335): src/scheduler.rs:600: smtp fake idle - started
05-29 19:43:57.764 I/DeltaChat(16335): src/scheduler.rs:622: smtp has no messages to retry, waiting for interrupt
05-29 19:43:57.774 I/DeltaChat(16335): src/net.rs:70: Resolved <some.mail.server>:993 into [2a01:488:42:1000:b24d:51f1:
c9:16d9]:993.
05-29 19:43:57.774 I/DeltaChat(16335): src/net.rs:70: Resolved <some.mail.server>:993 into 178.77.81.241:993.
05-29 19:43:57.777 I/DeltaChat(16335): src/net.rs:70: Resolved <some.mail.server>:993 into [2a01:488:42:1000:b24d:51f1:
c9:16d9]:993.
05-29 19:43:57.778 I/DeltaChat(16335): src/net.rs:70: Resolved <some.mail.server>:993 into 178.77.81.241:993.
05-29 19:43:57.926 I/DeltaChat(16335): src/imap.rs:378: Logging into IMAP server with LOGIN
05-29 19:43:57.968 I/DeltaChat(16335): src/imap.rs:378: Logging into IMAP server with LOGIN
05-29 19:43:57.988 I/DeltaChat(16335): src/imap.rs:394: Successfully logged into IMAP server
05-29 19:43:58.008 I/DeltaChat(16335): src/imap.rs:720: No new emails in folder DeltaChat
05-29 19:43:58.025 I/DeltaChat(16335): src/scheduler.rs:493: IMAP session supports IDLE, using it.
05-29 19:43:58.027 I/DeltaChat(16335): src/imap.rs:394: Successfully logged into IMAP server
05-29 19:43:58.042 I/DeltaChat(16335): src/imap/idle.rs:59: DeltaChat: Idle entering wait-on-remote state
05-29 19:43:58.046 I/DeltaChat(16335): src/imap.rs:720: No new emails in folder INBOX
05-29 19:43:58.067 I/DeltaChat(16335): src/scheduler.rs:493: IMAP session supports IDLE, using it.
05-29 19:43:58.082 I/DeltaChat(16335): src/imap/idle.rs:59: INBOX: Idle entering wait-on-remote state

link2xt · May 29, 2023, 6:10pm

This looks like a permission problem to me. The code which looks through the directory is here, and it should at least output the “considering key file” log:

github.com

deltachat/deltachat-core-rust/blob/5b435d11c72495ff2fbde60af7a0795b33757e16/src/imex.rs#L605-L630


      
          let mut dir_handle = tokio::fs::read_dir(&dir).await?;
          while let Ok(Some(entry)) = dir_handle.next_entry().await {
              let entry_fn = entry.file_name();
              let name_f = entry_fn.to_string_lossy();
              let path_plus_name = dir.join(&entry_fn);
              match get_filesuffix_lc(&name_f) {
                  Some(suffix) => {
                      if suffix != "asc" {
                          continue;
                      }
                      set_default = if name_f.contains("legacy") {
                          info!(context, "found legacy key '{}'", path_plus_name.display());
                          false
                      } else {
                          true
                      }
                  }
                  None => {
                      continue;
                  }

This file has been truncated. show original

Could you check if the application has the permission to read the storage? Maybe you denied it when it was requested?

tcrass · May 29, 2023, 6:27pm

Hm, I can’t remember being asked for any permissions when installing DeltaChat on the new device (which runs LineageOS 20). When checking DeltaChat permissions in the “Apps” category of the system settings, I find permissions for reading audio, video and image files, but no general permission of reading the storage. Or is there any other permissions settings page somewhere hidden in the system settings which I have overlooked?

BTW, DeltaChat is capable of exporting the keys in to the mentioned location, so write permissions seem to be granted.

dctopo · August 29, 2023, 4:08pm

Hi, maybe it is of interest what I figured out as a workaround here. I had the same situation, that DeltaChat fails to import keys. I am on Android 11 (LineageOS 18.1) and it looks like a very odd permission problem…

link2xt · September 1, 2023, 1:03pm

Maybe we should export both private and public key to a single file. Selecting a file on Android and similarly sandboxed platforms like Flatpak seems to be much less error-prone than selecting a folder, there are no failures like “granted access to the folder but not the files inside of it” possible.

gpg itself does not allow to use both --export and --export-secret-keys though, so having such file with both keys concatenated is probably not common.

Maybe it is possible to drop the public key and reconstruct it from the private key, then there is no need to import/export the public key at all, or only allow to export it for publishing somewhere?

EDIT: Information Security Stack Exchange question suggests that private key export contains the public key as well. So exporting public key should not be necessary to transfer
And the import function in the core only needs the secret key file, because it extracts the public key from the secret key:

github.com

deltachat/deltachat-core-rust/blob/4a0585404a0a5f2e3edb4257a69d63efeb199ef3/src/imex.rs#L594-L650


      
          async fn import_self_keys(context: &Context, dir: &Path) -> Result<()> {
              /* hint: even if we switch to import Autocrypt Setup Files, we should leave the possibility to import
              plain ASC keys, at least keys without a password, if we do not want to implement a password entry function.
              Importing ASC keys is useful to use keys in Delta Chat used by any other non-Autocrypt-PGP implementation.
          
              Maybe we should make the "default" key handlong also a little bit smarter
              (currently, the last imported key is the standard key unless it contains the string "legacy" in its name) */
              let mut set_default: bool;
              let mut imported_cnt = 0;
          
              let dir_name = dir.to_string_lossy();
              let mut dir_handle = tokio::fs::read_dir(&dir).await?;
              while let Ok(Some(entry)) = dir_handle.next_entry().await {
                  let entry_fn = entry.file_name();
                  let name_f = entry_fn.to_string_lossy();
                  let path_plus_name = dir.join(&entry_fn);
                  match get_filesuffix_lc(&name_f) {
                      Some(suffix) => {
                          if suffix != "asc" {
                              continue;

This file has been truncated. show original

EDIT2: I made a PR to stop using public keys in the tests: refactor: ignore public key argument in dc_preconfigure_keypair() by link2xt · Pull Request #4701 · deltachat/deltachat-core-rust · GitHub
If this works out, we can do the same for import/export and import/export a single “secret” file, thus not dealing with the directories anymore.

link2xt · September 18, 2023, 9:09pm

Note: there is a similar issue in the desktop repository, the requirement to select a directory rather than a file is confusing:

github.com/deltachat/deltachat-desktop

Importing keys: cannot select keys to import

opened 11:56PM - 26 Aug 20 UTC

micah

bug

- Operating System (Linux/Mac/Windows/iOS/Android): Ubuntu 20.04 - Delta Chat V…ersion: 1.12.0 - Expected behavior: I should be able to select the keys to import. - Actual behavior: When I am provided the file selection dialog, I can see my keys in my home directory, they are readable by me, but they are 'greyed out', so I cannot select them. - Steps to reproduce the problem: Settings->Import Secret Keys - Screenshots: I can not figure out how to add an image to an issue in github. I'm not using a window manager that has 'drag and drop', and I see no file picker here :(

Going to make a fix for the core to be able to open a file with a secret key directly, this may not only fix the Android permission problem but be a better UI for the desktop.

adbenitez · September 29, 2023, 5:04pm

android fix:

adbenitez · September 29, 2023, 5:08pm

desktop fix: