V4 Key ID Mismatch - Check Me?

Justin Wienckowski Justin.Wienckowski at trw.com
Tue Jul 24 18:15:01 CEST 2001

Hey folks,

I'm attempting to write a little application which writes out a public key in OpenPGP format, such that it can be imported into GPG for use.  I think I've managed to get everything working, in general, but still have a problem.

When I run gpg --import newkey.pgp, I get:

gpg: key A2A76ED6: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:           w/o user IDs: 1

For reference, gpg --list-packets newkey.pgp gives me:

:public key packet:
	version 4, algo 1, created 995838931, expires 0
	pkey[0]: [1024 bits]
	pkey[1]: [17 bits (24)]
:user ID packet: "Justin Wienckowski <justin.wienckowski at trw.com>"
:signature packet: algo 1, keyid 0A9A90AC3971FE26
	version 4, created 995925231, md5len 0, sigclass 13
	digest algo 2, begin of digest f2 13
	hashed subpkt 2 len 5 (sig created 2001-07-23)
	hashed subpkt 16 len 9 (issuer key ID 0A9A90AC3971FE26)
	hashed subpkt 25 len 2 (primary user ID)
	data: [1023 bits (1024)]

Obviously, the key IDs are not matching, so I'm assuming that this is causing the import to fail.  GPG finds no signatures that match the key id it computes, so it erks and refuses to import the key.

For the life of me, I can't figure out why the key ID I compute (0A9A90AC3971FE26) doesn't match gpg's computed value.  To compute the key id, I'm doing the following:

1)  Hash the public key packet (tag 0x99, 2-octet length, 6-octet public key header, and the MPIs [mpi headers and data]) through SHA-1 (using cryptlib's SHA1 stuff)
2)  Use low-order 64 bits of the hash value as the key id.

Am I missing something?   Hashing too much data or am I not hashing needed data?

Any advice is appreciated as I continue to slap my code around.


More information about the Gnupg-devel mailing list