GnuPG can't handle some V3 secret keys
Florian Weimer
Florian.Weimer at RUS.Uni-Stuttgart.DE
Wed May 2 19:49:02 CEST 2001
As you all might know, the OpenPGP standard mandates (recommends?)
that multi-precision integers (MPIs) are stored in the shortest
possible way, i.e. that leading zeroes are stripped. However, there
are exceptions, namely encrypted MPIs inside V3 secret key packets.
These can contain leading zeroes, and in fact do so sometimes. For
example, the encrypted d RSA parameter might look like
03 ff 00 c5
and so on.
When GnuPG imports such a key, it is parsed correctly: The
corresponding bit count is read and stored, and so are the following
octets (32 in our case). However, when the secret key is written to
the secret key ring, the bit length (03 ff in our example) is written,
but eventually following leading zero octets are dropped (see
mpi/mpicoder.c:mpi_write and mpi/mpicoder.c:do_get_buffer). As a
result, the key ring is corrupt, and GnuPG is no longer able to read
it.
(There's an additional bug lurking in the secret key parser routine,
but I haven't nailed down that one yet.)
--
Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
More information about the Gnupg-devel
mailing list