GnuPG key with subkeys garbled by PGP 5?

Rich Wales richw at webcom.com
Thu Aug 31 17:54:30 CEST 2000


I created an experimental GnuPG key, with three subkeys.  You can
find it at:    http://www.webcom.com/richw/pgp/gnupg.asc

The key ID is:  0xa0301298

I submitted this key to the pgp.ai.mit.edu key server.  The server
accepted the key, but also gave me the following error message:

    Your key block contained 2 format errors,
    which were treated as if the erroneous elements
    hadn't been part of your submission.
    The last error was on key 0x329a8cb5:
    Key block corrupt: more than one signature on subkey

I don't know anything about a key with ID 0x329a8cb5, by the way; I
don't have any such key in my own GnuPG or PGP keyrings, and a search
of the MIT key server for this key ID came up empty.  I assume the key
server was misinterpreting some of the data in my key.

I then retrieved the key I had just submitted, and added this copy
of my key to my PGP 5 keyring (all of this is on a UNIX system).  I
did "pgpk -ll 0xa0301298" and got output showing an expiration date
on the main key (which isn't really supposed to expire at all), and
no expiration dates on the subkeys (all of which are supposed to
expire in late November).

I removed the key from my PGP 5 keyring and added my original copy
of the key instead.  When I listed the key using PGP 5, the expiration
dates of the subkeys were correct, but the main key was still showing
a spurious expiration date.

I repeated both the above experiments with PGP 6.5.1i, with the same
results.

There clearly seems to be one or more bugs here.  Is it (or are they)
in:

==> PGP 5/6, by misinterpreting the expiry info in my key?

==> the MIT key server software, by mishandling my GnuPG key?

==> GnuPG, by creating a key that doesn't conform to the specs?

Anyone who wants to look into this should, I assume, be able to do so
by taking my original key (on my Web site as indicated above) and the
copy of the key on the pgp.ai.mit.edu key server.

Rich Wales         richw at webcom.com         http://www.webcom.com/richw/



More information about the Gnupg-devel mailing list