Large keys and the keybox (was: 2.1.0~beta864 bugfixes)

Werner Koch wk at
Thu Oct 9 21:09:41 CEST 2014

On Tue,  7 Oct 2014 20:54, dkg at said:

>  0) create a new keyring with gpg2, and use it exclusively with gpg2 for
> a while.
>  1) somehow (accidentally?) use gpg (1.4.x) again -- this creates
> ~/.gnupg/pubring.gpg
>  2) future runs of gpg2 now only look at pubring.gpg and ignore
> pubring.kbx -- the keys you had accumulated in the keybox are no longer
> listed in the output of gpg2 --list-keys

Okay, this should be fixed now.  I also also found another problem which
is fixed for now (overlong keys):

2ca90f78 * gpg: Skip overlong keys and a print a warning.
60e21d8b * gpg: Sync keylist output and warning messages.
b6507bb8 * kbx: Fix handling of overlong keys.
ec332d58 * gpg: Take care to use pubring.kbx if it has ever been used.
d8c01d82 * gpg: Change wording of a migration error message.
6be5c4fe * doc: Add missing entry for allow-preset-passphase
27fe067e * Avoid unnecessary library linkage

The largest Key currently allowed are 2 MiB (formerly 1 MB).  With this
patch and reducing the limit for testing to 1 MiB I get this on my test

  gpg: Note: signatures using the MD5 algorithm are rejected
  gpg: Warning: 4 key(s) skipped due to their large size

Before that a large key stopped the key listing early when using the
keybox.  Eventually we may need to add an option to increase the limit,
but we should really keep one to not eat up all memory on small devices.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list