Debian bug#191137: Interoperability problem with pgp 2.6.3i

Daniel Leidert daniel.leidert.spam at
Thu Jul 16 12:48:26 CEST 2009


May you comment on the following report [1] please, which I will fully
quote. I don't know, if this is still relevant and I would like to know,
how to treat the report (e.g. close it or not with/without action).

So here is the report:

> PGP 2.6.3i has some stupid bugs where it doesn't check the type encoded
> in the packet tag but checks the value of the byte directly.  For example:
>         /* CTB_CERT_PUBKEY len16 timestamp userID mpi(n) mpi(e) crc16 */
> and so it only accepts pubkey with 16-bit lengths.  gnupg is generating
> a pubkey with 8-bit lengths in some circumstances.
> It might be the case that this isn't relevant; I'm investigating adding
> support for v4 keys to the pgp 2.6 codebase and it's a v4 key that's
> using an 8-bit length.  Maybe gnupg is more careful when encoding a v3 key.

Can you comment on this please?


Regards, Daniel

More information about the Gnupg-devel mailing list