cannot import key
David Shaw
dshaw@jabberwocky.com
Fri Aug 10 23:31:02 2001
On Fri, Aug 03, 2001 at 07:33:42PM +0200, Marco d'Itri wrote:
> I can't import key 0x527F8911 (got it from a keyserver), what's wrong
> with it?
>
> $ LANG= gpg --import new-key
> gpg: key 527F8911: invalid self-signature
> gpg: key 527F8911: no valid user IDs
> gpg: this may be caused by a missing self-signature
> gpg: Total number processed: 1
> gpg: w/o user IDs: 1
>
> Is it damaged? The owner is a friend of mine and he can't use it with
> gnupg either.
> If it's damaged, can it be repaired?
I looked at this key on two different keyservers. One copy (from
certserver.pgp.com) was okay, and one was broken (from www.pgp.dk).
The difference is in the self signature on the UID:
:signature packet: algo 17, keyid 0329EEFB527F8911
version 4, created 906181339, md5len 0, sigclass 10
digest algo 2, begin of digest 9e 8b
hashed subpkt 2 len 5 (sig created 1998-09-19)
hashed subpkt 11 len 4 (pref-sym-algos: 3 2 1)
subpkt 16 len 9 (issuer key ID 0329EEFB527F8911)
data: [155 bits]
data: [158 bits]
:signature packet: algo 17, keyid 0329EEFB527F8911
version 4, created 906180491, md5len 0, sigclass 10
digest algo 2, begin of digest 55 fc
hashed subpkt 2 len 5 (sig created 1998-09-19)
hashed subpkt 11 len 4 (pref-sym-algos: 3 2 1)
subpkt 16 len 9 (issuer key ID 0329EEFB527F8911)
data: [159 bits]
data: [160 bits]
Notice the two different creation dates. The digest data is different
as well. The first of these two sigs is the bad one. Can you think
of any reason the key might have been self-signed at two different
times? (Changing the expiration on the key can do this).
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson