GnuPG key with subkeys garbled by PGP 5?
rabbi at quickie.net
Thu Aug 31 18:28:24 CEST 2000
-----BEGIN PGP SIGNED MESSAGE-----
There have been problems with GnuPG's handling of subkeys for some time.
(I'm not 100% sure if the problem stems entirely from GnuPG, but there are
clearly compatability problems with PGP keys that have multiple subkeys.)
On Thu, 31 Aug 2000, Rich Wales wrote:
> I created an experimental GnuPG key, with three subkeys. You can
> find it at: http://www.webcom.com/richw/pgp/gnupg.asc
> The key ID is: 0xa0301298
> I submitted this key to the pgp.ai.mit.edu key server. The server
> accepted the key, but also gave me the following error message:
> Your key block contained 2 format errors,
> which were treated as if the erroneous elements
> hadn't been part of your submission.
> The last error was on key 0x329a8cb5:
> Key block corrupt: more than one signature on subkey
> I don't know anything about a key with ID 0x329a8cb5, by the way; I
> don't have any such key in my own GnuPG or PGP keyrings, and a search
> of the MIT key server for this key ID came up empty. I assume the key
> server was misinterpreting some of the data in my key.
> I then retrieved the key I had just submitted, and added this copy
> of my key to my PGP 5 keyring (all of this is on a UNIX system). I
> did "pgpk -ll 0xa0301298" and got output showing an expiration date
> on the main key (which isn't really supposed to expire at all), and
> no expiration dates on the subkeys (all of which are supposed to
> expire in late November).
> I removed the key from my PGP 5 keyring and added my original copy
> of the key instead. When I listed the key using PGP 5, the expiration
> dates of the subkeys were correct, but the main key was still showing
> a spurious expiration date.
> I repeated both the above experiments with PGP 6.5.1i, with the same
> There clearly seems to be one or more bugs here. Is it (or are they)
> ==> PGP 5/6, by misinterpreting the expiry info in my key?
> ==> the MIT key server software, by mishandling my GnuPG key?
> ==> GnuPG, by creating a key that doesn't conform to the specs?
> Anyone who wants to look into this should, I assume, be able to do so
> by taking my original key (on my Web site as indicated above) and the
> copy of the key on the pgp.ai.mit.edu key server.
> Rich Wales richw at webcom.com http://www.webcom.com/richw/
Security Architect | "Lose your dreams and you
Technology Consultant | will lose your mind."
http://sion.quickie.net | --The Rolling Stones
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
-----END PGP SIGNATURE-----
More information about the Gnupg-devel