Debian bug#191137: Interoperability problem with pgp 2.6.3i
Daniel Leidert
daniel.leidert.spam at gmx.net
Thu Jul 16 12:48:26 CEST 2009
Hi,
May you comment on the following report [1] please, which I will fully
quote. I don't know, if this is still relevant and I would like to know,
how to treat the report (e.g. close it or not with/without action).
So here is the report:
> PGP 2.6.3i has some stupid bugs where it doesn't check the type encoded
> in the packet tag but checks the value of the byte directly. For example:
>
> #define CTB_CERT_PUBKEY CTB_BYTE(CTB_CERT_PUBKEY_TYPE,1)
> /* CTB_CERT_PUBKEY len16 timestamp userID mpi(n) mpi(e) crc16 */
>
> and so it only accepts pubkey with 16-bit lengths. gnupg is generating
> a pubkey with 8-bit lengths in some circumstances.
>
> It might be the case that this isn't relevant; I'm investigating adding
> support for v4 keys to the pgp 2.6 codebase and it's a v4 key that's
> using an 8-bit length. Maybe gnupg is more careful when encoding a v3 key.
Can you comment on this please?
[1] http://bugs.debian.org/191137
Regards, Daniel
More information about the Gnupg-devel
mailing list