GnuPG key with subkeys garbled by PGP 5?

L. Sassaman rabbi at quickie.net
Thu Aug 31 18:28:24 CEST 2000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There have been problems with GnuPG's handling of subkeys for some time.
(I'm not 100% sure if the problem stems entirely from GnuPG, but there are
clearly compatability problems with PGP keys that have multiple subkeys.)



On Thu, 31 Aug 2000, Rich Wales wrote:

> I created an experimental GnuPG key, with three subkeys.  You can
> find it at:    http://www.webcom.com/richw/pgp/gnupg.asc
> 
> The key ID is:  0xa0301298
> 
> I submitted this key to the pgp.ai.mit.edu key server.  The server
> accepted the key, but also gave me the following error message:
> 
>     Your key block contained 2 format errors,
>     which were treated as if the erroneous elements
>     hadn't been part of your submission.
>     The last error was on key 0x329a8cb5:
>     Key block corrupt: more than one signature on subkey
> 
> I don't know anything about a key with ID 0x329a8cb5, by the way; I
> don't have any such key in my own GnuPG or PGP keyrings, and a search
> of the MIT key server for this key ID came up empty.  I assume the key
> server was misinterpreting some of the data in my key.
> 
> I then retrieved the key I had just submitted, and added this copy
> of my key to my PGP 5 keyring (all of this is on a UNIX system).  I
> did "pgpk -ll 0xa0301298" and got output showing an expiration date
> on the main key (which isn't really supposed to expire at all), and
> no expiration dates on the subkeys (all of which are supposed to
> expire in late November).
> 
> I removed the key from my PGP 5 keyring and added my original copy
> of the key instead.  When I listed the key using PGP 5, the expiration
> dates of the subkeys were correct, but the main key was still showing
> a spurious expiration date.
> 
> I repeated both the above experiments with PGP 6.5.1i, with the same
> results.
> 
> There clearly seems to be one or more bugs here.  Is it (or are they)
> in:
> 
> ==> PGP 5/6, by misinterpreting the expiry info in my key?
> 
> ==> the MIT key server software, by mishandling my GnuPG key?
> 
> ==> GnuPG, by creating a key that doesn't conform to the specs?
> 
> Anyone who wants to look into this should, I assume, be able to do so
> by taking my original key (on my Web site as indicated above) and the
> copy of the key on the pgp.ai.mit.edu key server.
> 
> Rich Wales         richw at webcom.com         http://www.webcom.com/richw/
> 

__

L. Sassaman

Security Architect             |  "Lose your dreams and you
Technology Consultant          |   will lose your mind."
                               |   
http://sion.quickie.net        |       --The Rolling Stones

-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE5rvgvPYrxsgmsCmoRAmfYAKDicQK2O4Rw76c1CfD3lU0WMmBBXwCbBN+O
t8rVK5bI/N078KK8/DTIjlA=
=UUmO
-----END PGP SIGNATURE-----

More information about the Gnupg-devel mailing list