Issue with certain key

David Shaw dshaw at jabberwocky.com
Sat Feb 25 15:55:20 CET 2006


On Sat, Feb 25, 2006 at 02:53:38PM +0100, Christian Biere wrote:
> David Shaw wrote:
> > On Thu, Feb 23, 2006 at 06:55:02PM +0100, Christian Biere wrote:
> > > gpg: requesting key FC05DA69 from hkp server blackhole.pca.dfn.de
> > > gpg: mpi larger than indicated length (2 bytes)
> > > gpg: read_block: read error: invalid packet
> > > gpg: Total number processed: 0
> > > gpg: no valid OpenPGP data found.
> 
> > > All checks pass when I run "make check". I've also tried
> > > pgpkeys.mit.edu. Is there something wrong with this key?
> > > According to its owner, it's alright. So it must be a bug,
> > > right?
> 
> > Yes.  There are corrupt signatures on that key.  GnuPG 1.4.3 has code
> > to skip the corrupt signatures rather than reject the whole key.
> 
> Thanks for confirming this. It's a little bit odd though. I'm sure I
> used blackhole.pca.dfn.de to retrieve this key initially and that one
> uses SKS unlike pgpkeys.mit.edu which uses the broken PKS. It's really
> strange but on Debian with GnuPG 1.4.2 I can retrieve the key and
> cannot reproduce the warning. On NetBSD, no dice. The key seems to
> have corrupted my key ring slightly too because I get that warning
> whenever I use GnuPG now. It's still working fine but always emits
> that warning additionally.  I even tried an empty ~/.gnupg and the
> suggested subkeys.pgp.net but I always get the warning as above. I'll
> fetch GnuPG from CVS and retry.

The problem with corrupted signatures is that they tend to spread from
keyserver to keyserver unless the keyserver does sanity checks.

David



More information about the Gnupg-devel mailing list