mpi error with check-trustdb in 1.4.2 - resolved
Jason Harris
jharris at widomaker.com
Thu Aug 11 18:02:17 CEST 2005
On Wed, Aug 10, 2005 at 10:30:09PM -0500, John Clizbe wrote:
> Tracked down the two offending keys and deleted them with 1.4.1. They both
> failed to import from a keyserver with 1.4.2 with the same mpi error, so I'm
> marking it off to key cruft.
>
> The keys were:
>
> pub 1024R/FC05DA69 1997-05-12 Anand Kumria [snip]
> pub 1024D/A0B3E88B 2000-07-24 Martin Pool [snip]
Turning up the debugging level:
%gpg -vvv --recv A0B3E88B
shows the first offending packet:
:user ID packet: "Martin Pool <mbp samba.org>"
:signature packet: algo 17, keyid 2EDDBB0000000000
version 4, created 1043327185, md5len 0, sigclass 12
digest algo 2, begin of digest 00 00
hashed subpkt 2 len 4 (sig created 2003-01-23)
subpkt 16 len 8 (issuer key ID 2EDDBB0000000000)
data: [0 bits]
gpg: mpi larger than indicated length (2 bytes)
data: [MPI_NULL]
gpg: read_block: read error: invalid packet
pgpdump has this to add:
DSA r(0 bits) -
DSA s(0 bits) -
NB: The truncated issuer looks like a real issuer:
Key ID - 0x2EDDBB0000000000
Key ID - 0x2EDDBB4F51916CDA
pks decodes MPIs and can discard any packets with zero-length MPIs
if necessary. GPG used to ignore them, and I think it still could
since the packets seem to be of their indicated overall size.
Also, GPG states:
gpg: mpi larger than indicated length (2 bytes)
data: [MPI_NULL]
which seems self-contradictory. pgpdump says the MPIs are both
zero-length as well, so is GPG's claim: "mpi larger than indicated
length (2 bytes)" actually erroneous?
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20050811/d1c5602e/attachment-0001.pgp
More information about the Gnupg-devel
mailing list