PGP 6.5.8 Public Key problems
L. Sassaman
rabbi@quickie.net
Mon, 16 Oct 2000 18:40:40 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yes, one of the things 6.5.8 does, if it encounters a tampered key, is
remove the tampered self signature. This is the reason for that message.
On Mon, 16 Oct 2000, customer wrote:
> I didn't get a response from my submission to gnupg-users@gnupg.org ,
> so I'm reposting it here:
>
> New to this list, and couldn't find a similar question in the archive,
> but if there is, feel free to flame me (while referencing the original
> question/answer!):
>
> It seems to me that PGP 6.5.8's fix for the nasty public key exploit
> caused GPG to have problems with the new public key. This is
> completely a guess, but this is what I've found, and help on the
> matter would be greatly appreciated:
>
> (BTW, I'm using GPG 1.0.3, tested on both a FreeBSD 4.1 box, and a
> Mandrake Linux 7.1 box with the exact same results)
>
> Importing public/private PGP keys from pre 6.5.8 works fine (DH/DSS &
> RSA)
>
> Importing PRIVATE keys from PGP 6.5.8 works fine
>
> Importing PUBLIC keys gives me an error every time, the error is as
> follows:
> > rizzo@demogw /usr/home/rizzo/gpg #cat temp
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> >
> > mQCNAznnhVwAAAEEAMDMAwnnKZhAYVGqM3Tdv5rFiTgfuZJgWuNj+hhOcg+DAIUe
> > K+jv2t7bHs8tCyX8xljwcPoXACtbEdZI5SzpxBp/useEas9+dMulBrw1AAUEclKf
> > Kam+KC0n/cLg3OOhEVZjtRzL/Lh8n9MObhnw0BCrCqatN5YJvUvvaABtv3bvAAUR
> > tBpteSB0ZXN0IDx0ZXN0MjEzQHRlc3QuY29tPokAlQMFEDnnhVxL72gAbb927wEB
> > BWcD/jjWtLilkeTQgDPDdoTh7lDt6ILGFhgTtEiX2gtJD8Wewoo8bKUgw4Jv/KiN
> > uyiwNZS+L78liEutbGyRD542oQsz2mIE4Wv/BXRHmszBW0UZNqga7wwacNhXDm66
> > JHrtlte++8GWBJsWrMJEyLB9GGQpMC2TysXYVyCAUIarIHbg
> > =W8Z8
> > -----END PGP PUBLIC KEY BLOCK-----
> > Fri Oct 13 18:59:17
> > rizzo@demogw /usr/home/rizzo/gpg # gpg --import temp
> > gpg: Warning: using insecure memory!
> > gpg: key has been created 10690 seconds in future (time warp or clock problem)
> > gpg: key 6DBF76EF: invalid self-signature
> > gpg: key 6DBF76EF: no valid user IDs
> > gpg: this may be caused by a missing self-signature
> > gpg: Total number processed: 1
> > gpg: w/o user IDs: 1
> > Fri Oct 13 18:59:38
> > rizzo@demogw /usr/home/rizzo/gpg #
> ######################################3
>
> > gpg: key has been created 10690 seconds in future (time warp or clock problem)
> the clocks on both systems are within a minute of each other
>
> Thanks for the anticipated help,
>
> Brendan Rizzo
>
>
__
L. Sassaman
Security Architect | "Lose your dreams and you
Technology Consultant | will lose your mind."
|
http://sion.quickie.net | --The Rolling Stones
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
iD8DBQE5664gPYrxsgmsCmoRAtfPAKCAj3AD4fsrH/zYCCRdKmg64CX8xwCfUwnc
GQOkW6vRNpraeEITPo/y8MY=
=Lvi+
-----END PGP SIGNATURE-----