mpi error with check-trustdb in 1.4.2 - resolved

Jason Harris jharris at
Thu Aug 11 18:02:17 CEST 2005

On Wed, Aug 10, 2005 at 10:30:09PM -0500, John Clizbe wrote:

> Tracked down the two offending keys and deleted them with 1.4.1. They both
> failed to import from a keyserver with 1.4.2 with the same mpi error, so I'm
> marking it off to key cruft.
> The keys were:
> pub  1024R/FC05DA69 1997-05-12 Anand Kumria [snip]
> pub  1024D/A0B3E88B 2000-07-24 Martin Pool [snip]

Turning up the debugging level:

  %gpg -vvv --recv A0B3E88B

shows the first offending packet:

  :user ID packet: "Martin Pool <mbp>"
  :signature packet: algo 17, keyid 2EDDBB0000000000
          version 4, created 1043327185, md5len 0, sigclass 12
          digest algo 2, begin of digest 00 00
          hashed subpkt 2 len 4 (sig created 2003-01-23)
          subpkt 16 len 8 (issuer key ID 2EDDBB0000000000)
          data: [0 bits]
  gpg: mpi larger than indicated length (2 bytes)
          data: [MPI_NULL]
  gpg: read_block: read error: invalid packet

pgpdump has this to add:

          DSA r(0 bits) - 
          DSA s(0 bits) - 

NB:  The truncated issuer looks like a real issuer:

                  Key ID - 0x2EDDBB0000000000
                  Key ID - 0x2EDDBB4F51916CDA

pks decodes MPIs and can discard any packets with zero-length MPIs
if necessary.  GPG used to ignore them, and I think it still could
since the packets seem to be of their indicated overall size.
Also, GPG states:

  gpg: mpi larger than indicated length (2 bytes)
          data: [MPI_NULL]

which seems self-contradictory.  pgpdump says the MPIs are both
zero-length as well, so is GPG's claim:  "mpi larger than indicated
length (2 bytes)" actually erroneous?

Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at _|_ web:
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20050811/d1c5602e/attachment-0001.pgp

More information about the Gnupg-devel mailing list