GnuPG can't handle some V3 secret keys

Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE
Wed May 2 19:49:02 CEST 2001

As you all might know, the OpenPGP standard mandates (recommends?)
that multi-precision integers (MPIs) are stored in the shortest
possible way, i.e. that leading zeroes are stripped.  However, there
are exceptions, namely encrypted MPIs inside V3 secret key packets.
These can contain leading zeroes, and in fact do so sometimes. For
example, the encrypted d RSA parameter might look like

        03 ff 00 c5

and so on.

When GnuPG imports such a key, it is parsed correctly: The
corresponding bit count is read and stored, and so are the following
octets (32 in our case).  However, when the secret key is written to
the secret key ring, the bit length (03 ff in our example) is written,
but eventually following leading zero octets are dropped (see
mpi/mpicoder.c:mpi_write and mpi/mpicoder.c:do_get_buffer).  As a
result, the key ring is corrupt, and GnuPG is no longer able to read

(There's an additional bug lurking in the secret key parser routine,
but I haven't nailed down that one yet.)

Florian Weimer 	                  Florian.Weimer at RUS.Uni-Stuttgart.DE
University of Stuttgart 
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

More information about the Gnupg-devel mailing list