Debian bug#191137: Interoperability problem with pgp 2.6.3i
Daniel Leidert
daniel.leidert.spam at gmx.net
Thu Jul 16 12:52:40 CEST 2009
Am Donnerstag, den 16.07.2009, 12:48 +0200 schrieb Daniel Leidert:
> Hi,
>
> May you comment on the following report [1] please, which I will fully
> quote. I don't know, if this is still relevant and I would like to know,
> how to treat the report (e.g. close it or not with/without action).
>
> So here is the report:
>
> > PGP 2.6.3i has some stupid bugs where it doesn't check the type encoded
> > in the packet tag but checks the value of the byte directly. For example:
> >
> > #define CTB_CERT_PUBKEY CTB_BYTE(CTB_CERT_PUBKEY_TYPE,1)
> > /* CTB_CERT_PUBKEY len16 timestamp userID mpi(n) mpi(e) crc16 */
> >
> > and so it only accepts pubkey with 16-bit lengths. gnupg is generating
> > a pubkey with 8-bit lengths in some circumstances.
> >
> > It might be the case that this isn't relevant; I'm investigating adding
> > support for v4 keys to the pgp 2.6 codebase and it's a v4 key that's
> > using an 8-bit length. Maybe gnupg is more careful when encoding a v3 key.
>
> Can you comment on this please?
Is this maybe already considered when using --pgp2?
> [1] http://bugs.debian.org/191137
Regards, Daniel
More information about the Gnupg-devel
mailing list