Adding new UID problems.

Stewart V. Wright svwright+lists@amtp.liv.ac.uk
Tue Jun 3 14:45:02 2003 

--C1iGAkRnbeBonpVg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi,

I have just added a new UID to my keys and sent them off to the
keyservers.  The problem is that this new UID (or something I did) has
corrupted one of my keys (but not the other).

My two keys are a signing key (0x682B44D6), and my everyday key
(0xB3334559).  My 0x682B44D6 key is purely a DSA signing key, whilst
the 0xB3334559 key has three sub-keys (two DSA and one ElGamal).

I was using v1.2.1 (*) and switched on a signing policy.  I added the
new UID and cross signed my keys.


When I tried to update my 0xB3334559 key via pgp.mit.edu I get the
following error:

**********************************************************
Public Key Server -- Add

Key block added to key server database.
  Primary userid's changed: 1
Your key block contained 5 format errors,
which were treated as if the erroneous elements
hadn't been part of your submission.
The last error was on key 0x0445b8e9:
Key block corrupt: more than one signature on subkey
**********************************************************


keyserver.bu.edu doesn't complain if I try to update there, but I do
get errors when importing in the ASCII armor from this server:

**********************************************************
gpg: key B3334559: invalid subkey binding
gpg: key B3334559: invalid subkey binding
gpg: key B3334559: public key "Stewart V. Wright <svwright@liv.ac.uk>" imported
gpg: Total number processed: 1
gpg:               imported: 1
**********************************************************


For what it's worth, my gpg.cfg is

**********************************************************
openpgp
keyserver x-hkp://wwwkeys.eu.pgp.net
keyserver-options honor-http-proxy
set-policy-url http://www.liv.ac.uk/~svwright/security/gpg-policy.html
show-policy-url
**********************************************************




The strange thing is that the "--armor"ed file that I generate gets
accepted without concern by GnuPG 1.2.1 and 1.2.3-cvs.

Could this problem be a result of the openpgp option?

Is there anything I can do to recover my key, or should I revoke and
start from scratch?


Thanks,

Stewart



(*) as those of us stuck on RedHat 7.3 systems can't compile the CVS
version as our autoconf, automake and aclocal are too old.  Hint, hint!

--C1iGAkRnbeBonpVg
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)

iH8EARECAD8FAj7cmJA4Gmh0dHA6Ly93d3cubGl2LmFjLnVrL35zdndyaWdodC9z
ZWN1cml0eS9ncGctcG9saWN5Lmh0bWwACgkQaBqfzTXbdHL/VgCeKNITUeY8ta22
QgLiWdLmQlaLKaYAoJDuiTd7oNVPmAYJ5lkTQweErZlD
=pagp
-----END PGP SIGNATURE-----
Signature policy: http://www.liv.ac.uk/~svwright/security/gpg-policy.html

--C1iGAkRnbeBonpVg--