Debian bug#191137: Interoperability problem with pgp 2.6.3i

Daniel Leidert daniel.leidert.spam at
Thu Jul 16 12:52:40 CEST 2009

Am Donnerstag, den 16.07.2009, 12:48 +0200 schrieb Daniel Leidert:
> Hi,
> May you comment on the following report [1] please, which I will fully
> quote. I don't know, if this is still relevant and I would like to know,
> how to treat the report (e.g. close it or not with/without action).
> So here is the report:
> > PGP 2.6.3i has some stupid bugs where it doesn't check the type encoded
> > in the packet tag but checks the value of the byte directly.  For example:
> > 
> >         /* CTB_CERT_PUBKEY len16 timestamp userID mpi(n) mpi(e) crc16 */
> > 
> > and so it only accepts pubkey with 16-bit lengths.  gnupg is generating
> > a pubkey with 8-bit lengths in some circumstances.
> > 
> > It might be the case that this isn't relevant; I'm investigating adding
> > support for v4 keys to the pgp 2.6 codebase and it's a v4 key that's
> > using an 8-bit length.  Maybe gnupg is more careful when encoding a v3 key.
> Can you comment on this please?

Is this maybe already considered when using --pgp2?

> [1]

Regards, Daniel

More information about the Gnupg-devel mailing list