dealing with misplaced signatures

David Shaw dshaw at jabberwocky.com
Wed Aug 1 07:11:19 CEST 2012


On Aug 1, 2012, at 12:51 AM, Werner Koch wrote:

> On Tue, 31 Jul 2012 23:29, dshaw at jabberwocky.com said:
> 
>> mangled it or it was imported already mangled doesn't matter).  GPG
>> fetches it, and there is some code to move misplaced packets to the
>> right place.  Unfortunately, as you noticed, that code does not work
> 
> At least in master there is no code to move packet during import; we
> only delete certain misplaced packets.
> 
>> This code actually dates to 1998.  The comment: "* Note: This function
>> does not work if there is more than one user ID."
> 
> That is only used by --edit-key as a fix to a bug in a very early
> version of GnuPG.

I know this was the original reason for the function, but it's also the code that is fixing the mangled keys on SKS.  When you import one of these keys, it is imported as-as (I did not mean to imply the repair happened as part of --import).  The next time you run --edit-key, it is repaired.  If the key has one user ID, the repair is as good as it can get.  If the key has multiple user IDs, it's not a reliable repair as the signatures may end up on the wrong user ID.

David




More information about the Gnupg-devel mailing list