PGP 6.5.8 Public Key problems

L. Sassaman rabbi at quickie.net
Mon Oct 16 19:40:40 CEST 2000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, one of the things 6.5.8 does, if it encounters a tampered key, is
remove the tampered self signature. This is the reason for that message. 

On Mon, 16 Oct 2000, customer wrote:

> I didn't get a response from my submission to gnupg-users at gnupg.org ,
> so I'm reposting it here:
> 
> New to this list, and couldn't find a similar question in the archive,
> but if there is, feel free to flame me (while referencing the original
> question/answer!):
> 
> It seems to me that PGP 6.5.8's fix for the nasty public key exploit
> caused GPG to have problems with the new public key.  This is
> completely a guess, but this is what I've found, and help on the
> matter would be greatly appreciated:
> 
> (BTW, I'm using GPG 1.0.3, tested on both a FreeBSD 4.1 box, and a
> Mandrake Linux 7.1 box with the exact same results)
> 
> Importing public/private PGP keys from pre 6.5.8 works fine (DH/DSS &
> RSA)
> 
> Importing PRIVATE keys from PGP 6.5.8 works fine
> 
> Importing PUBLIC keys gives me an error every time, the error is as
> follows:
> > rizzo at demogw /usr/home/rizzo/gpg #cat temp
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> > 
> > mQCNAznnhVwAAAEEAMDMAwnnKZhAYVGqM3Tdv5rFiTgfuZJgWuNj+hhOcg+DAIUe
> > K+jv2t7bHs8tCyX8xljwcPoXACtbEdZI5SzpxBp/useEas9+dMulBrw1AAUEclKf
> > Kam+KC0n/cLg3OOhEVZjtRzL/Lh8n9MObhnw0BCrCqatN5YJvUvvaABtv3bvAAUR
> > tBpteSB0ZXN0IDx0ZXN0MjEzQHRlc3QuY29tPokAlQMFEDnnhVxL72gAbb927wEB
> > BWcD/jjWtLilkeTQgDPDdoTh7lDt6ILGFhgTtEiX2gtJD8Wewoo8bKUgw4Jv/KiN
> > uyiwNZS+L78liEutbGyRD542oQsz2mIE4Wv/BXRHmszBW0UZNqga7wwacNhXDm66
> > JHrtlte++8GWBJsWrMJEyLB9GGQpMC2TysXYVyCAUIarIHbg
> > =W8Z8
> > -----END PGP PUBLIC KEY BLOCK-----
> > Fri Oct 13 18:59:17
> > rizzo at demogw /usr/home/rizzo/gpg # gpg --import temp
> > gpg: Warning: using insecure memory!
> > gpg: key has been created 10690 seconds in future (time warp or clock problem)
> > gpg: key 6DBF76EF: invalid self-signature
> > gpg: key 6DBF76EF: no valid user IDs
> > gpg: this may be caused by a missing self-signature
> > gpg: Total number processed: 1
> > gpg:           w/o user IDs: 1
> > Fri Oct 13 18:59:38
> > rizzo at demogw /usr/home/rizzo/gpg #
> ######################################3
> 
> > gpg: key has been created 10690 seconds in future (time warp or clock problem)
> the clocks on both systems are within a minute of each other
> 
> Thanks for the anticipated help,
> 
> Brendan Rizzo
> 
> 

__

L. Sassaman

Security Architect             |  "Lose your dreams and you
Technology Consultant          |   will lose your mind."
                               |   
http://sion.quickie.net        |       --The Rolling Stones

-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE5664gPYrxsgmsCmoRAtfPAKCAj3AD4fsrH/zYCCRdKmg64CX8xwCfUwnc
GQOkW6vRNpraeEITPo/y8MY=
=Lvi+
-----END PGP SIGNATURE-----

More information about the Gnupg-devel mailing list