bug in gnupg handling of revoker signatures

Werner Koch wk at gnupg.org
Fri May 7 13:43:02 CEST 2010


We did not checked the direct key signature during import.  The problem
is that during the import we try to detect duplicate signatures by
comparing the signature but not the signed material.  With the bogus
signature already in the keyring, importing a good signature will sort
the latter out as a duplicate.

The implemented solution is to check the direct signature on import.  To
detect problems from the past we also check the existing key for bad
direct key signatures during import and delete them.

Fixed in 1.4, 2.0 and trunk.  Added a test case to trunk.

Because gpg --desig-revoke includes a copy of the key in question, the
import of this revocation certificate would delete any bogus direct key
signatures and insert a correct one.

Daniel, thanks for the very good report, it was really helpful.

2.0.16 will be released pretty soon.  For 1.4.11 we need to see what
else should go in.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list