How to fail at useful cryptography: bad error messages

October 26, 2011

I'm in the process of upgrading my office workstation from Fedora 14 to Fedora 15 (since I've already piloted Fedora 15 on my home machine). I'm doing it with a yum upgrade, since that's the sane way to do it if you don't want to be without your machine for hours. And I got the following (fatal) error:

warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 069c8460: NOKEY

The GPG keys listed for the "Fedora 15 - x86_64" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.

Now, notice some important omissions from this error message. It doesn't tell me which package is having problems. It doesn't identify the bad key that the package is signed by (at least not in any clear way; it may be key ID 069c8460 but it's hard to tell). It doesn't identify what it thinks are the GPG keys of the repository. It doesn't even really tell me what's wrong, not directly.

(See below for what I think was actually wrong.)

Here is today's pop quiz: what is even a well-intentioned person going to do when they are presented with an error message like this?

The answer is that they are going to do a web search for the error message to see if someone has already hit this and found a solution, and then they are going to shrug and turn off GPG package verification. Because for everyone except people who are very familiar with yum's insides, what this error message really translates to is 'something went wrong with the innards of yum GPG package verification, you're out of luck', and in that situation all they can do is either give up entirely or override the broken innards. And very few people are going to give up on what they wanted to do.

This is a terrible result. An unusable error message has just convinced people to entirely disable your protective cryptography, even in the face of a potential extreme danger. The reality is that useful cryptography requires useful, clear error messages. If you want people to pay attention to your cryptography when something is wrong, you must explain as clearly as possible what is wrong and give them the best tools possible for diagnosing the failure. If people can't clearly see what's wrong and how to at least investigate further, they have no real choice but to override your crypto and lose any safety you might have been providing them.

(You also want to give people minimal ways to work around the problem. For example, yum only gives me the option to turn off GPG package verification entirely; it has no visible '--skip-bad-signed' option.)

Sidebar: what was wrong

For the benefit of anyone doing a web search on this error message, I believe that there are two possible causes for it.

In my case, I think that the error message was wrong and I had not in fact imported the Fedora 15 GPG keys (although I thought I had; I think I accidentally imported the Fedora 16 keys instead). I don't know why yum thought I had. I can't be entirely sure of my diagnosis, but key ID 069c8460 is the Fedora 15 key and the problem went away after I (re)imported it, although I also did one other thing in the mean time.

(You can tell what key ID is which on either the Fedora keys page, where the key ID the bit after the '/' in the pub line, or by inspecting the file name in the key's URL in the Fedora yum upgrade page.)

Web searches suggest that the other case is a package labeled as being for Fedora 15 that's signed with the key of another Fedora release. Apparently this happens sometimes and yum normally forbids this, probably for good reasons.

Comments on this page:

From at 2011-10-26 14:35:10:

fair cop - adding a package to the output should happen.


From at 2013-05-08 04:53:42:

First, thanks for your post, indeed I found it while googling for the error text, and I fully agree with you on your stance about error messages :-)

However, I think I eventually understood what was really happening: there are two distinct sets of Fedora 15 keys floating around: A82BA4B7 and 069C8460 .

I had A82BA4B7 Somehow, the system still considers those as "valid" Fedora 15 keys at some initial stage, but later fails to verify the packages with them.

After downloading the real 069C8460 keys from, everything was fine.

Written on 26 October 2011.
« A reason not to automate: policy flexibility
A Wikitext formatting mistake that I made here »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Wed Oct 26 01:01:01 2011
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.