Failure to import home-brewn public key file

Rick van Rein rick at openfortress.nl
Mon Feb 1 17:38:47 CET 2016 

Hello,

I'm trying to generate public keys from PKCS #11 private keys using
https://github.com/arpa2/tlspool/blob/master/tool/pgp11_genkey.c

The public key files look good, but they don't import into GnuPG 1.4.12.

I've compared the file syntax with a freshly created key, and it looks
very similar.  I've double-checked the data that feeds into the
signature, and it seems to conform to RFC 4880.  Do you have any
suggestions on how to resolve this?

Below is output on what I've tried.  Just let me know if you'd like to
see a generated public key.


Thanks for any suggestions!

-Rick


The signed subpacket data in the UserID-signature contained:

05 02 56 af 26 f6  (timestamp)
02 1b 21           (key flags)

while the User ID packet looks like

00000110  cd 2f 4f 70 65 6e 50 47  50 20 54 65 73 74 20 43  |  OpenPGP
Test C|
00000120  6c 69 65 6e 74 20 3c 74  65 73 74 63 6c 69 40 74  |lient
<testcli at t|
00000130  6c 73 70 6f 6f 6c 2e 61  72 70 61 32 2e 6c 61 62 
|lspool.arpa2.lab|
00000140  3e                                               
|>               |


GnuPG is ignoring the self-made key, stating:

gpg: key 3257A80C: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:           w/o user IDs: 1

With --debug-all I could not find an underlying problem:

gpg: reading options from `/root/.gnupg/gpg.conf'
gpg: DBG: fd_cache_open (keyout.pgp) not cached
gpg: DBG: iobuf-1.0: open `keyout.pgp' fd=3
gpg: DBG: armor-filter: control: 5
gpg: DBG: iobuf-1.1: push `armor_filter'
gpg: DBG: armor-filter: control: 5
gpg: DBG: iobuf chain: 1.1 `armor_filter' filter_eof=0 start=0 len=0
gpg: DBG: iobuf chain: 1.0 `file_filter(fd)' filter_eof=0 start=0 len=0
gpg: DBG: armor-filter: control: 1
gpg: DBG: iobuf-1.1: underflow: req=8192
gpg: DBG: armor-filter: control: 3
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=1173 rc=0
gpg: DBG: iobuf-1.1: underflow: got=37 rc=0
gpg: DBG: parse_packet(iob=1): type=6 length=269 (new_ctb)
(parse.../../g10/import.c.390)
gpg: DBG: mpi_alloc(2048)
gpg: DBG: mpi_alloc_limb_space(2048)
gpg: DBG: iobuf-1.1: underflow: req=8192
gpg: DBG: armor-filter: control: 3
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=0 rc=-1
gpg: DBG: keyout.pgp: close fd 3
gpg: DBG: fd_cache_close (keyout.pgp) new slot created
gpg: DBG: iobuf-1.0: underflow: eof
gpg: DBG: iobuf-1.1: underflow: got=1136 rc=0
gpg: DBG: mpi_alloc(64)
gpg: DBG: mpi_alloc_limb_space(64)
gpg: DBG: parse_packet(iob=1): type=13 length=47 (new_ctb)
(parse.../../g10/import.c.390)
gpg: DBG: parse_packet(iob=1): type=2 length=287 (new_ctb)
(parse.../../g10/import.c.390)
gpg: DBG: mpi_alloc(2048)
gpg: DBG: mpi_alloc_limb_space(2048)
gpg: DBG: parse_packet(iob=1): type=14 length=269 (new_ctb)
(parse.../../g10/import.c.390)
gpg: DBG: mpi_alloc(2048)
gpg: DBG: mpi_alloc_limb_space(2048)
gpg: DBG: mpi_alloc(64)
gpg: DBG: mpi_alloc_limb_space(64)
gpg: DBG: parse_packet(iob=1): type=2 length=287 (new_ctb)
(parse.../../g10/import.c.390)
gpg: DBG: mpi_alloc(2048)
gpg: DBG: mpi_alloc_limb_space(2048)
gpg: DBG: iobuf-1.1: underflow: req=8192
gpg: DBG: armor-filter: control: 3
gpg: DBG: iobuf-1.0: underflow: eof (due to filter eof)
gpg: DBG: iobuf-1.1: underflow: got=0 rc=-1
gpg: DBG: armor-filter: control: 2
gpg: DBG: iobuf-1.1: pop in underflow (!len)
gpg: DBG: iobuf chain: 1.0 `[none]' filter_eof=0 start=1173 len=1173
gpg: DBG: iobuf-1.0: underflow: eof
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: mpi_free
gpg: DBG: dummy m_size called
gpg: DBG: mpi_free_limb_space of size 0
gpg: DBG: free_packet() type=14
gpg: DBG: mpi_free
gpg: DBG: dummy m_size called
gpg: DBG: mpi_free_limb_space of size 0
gpg: DBG: mpi_free
gpg: DBG: dummy m_size called
gpg: DBG: mpi_free_limb_space of size 0
gpg: DBG: free_packet() type=2
gpg: DBG: mpi_free
gpg: DBG: dummy m_size called
gpg: DBG: mpi_free_limb_space of size 0
gpg: key 3257A80C: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: DBG: free_packet() type=6
gpg: DBG: mpi_free
gpg: DBG: dummy m_size called
gpg: DBG: mpi_free_limb_space of size 0
gpg: DBG: mpi_free
gpg: DBG: dummy m_size called
gpg: DBG: mpi_free_limb_space of size 0
gpg: DBG: iobuf-1.0: underflow: eof (no filter)
gpg: DBG: iobuf-1.0: close `?'
gpg: DBG: iobuf-*.*: ioctl `keyout.pgp' invalidate
gpg: DBG: fd_cache_invalidate (keyout.pgp)
gpg: DBG:                 did (keyout.pgp)
gpg: Total number processed: 1
gpg:           w/o user IDs: 1
random usage: poolsize=600 mixed=0 polls=0/1 added=5/176
              outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768



A home-brewn parser says similar things to GnuPG on the self-made key...

shell$ pgpsplit.py
read keyfile restlen 1173
tag 6 data length 269 restlen 901
no sigdata
tag 13 data length 47 restlen 852
tag 2 data length 287 restlen 562
got sigdata 290 restlen 562
tag 14 data length 269 restlen 290
tag 14 data length 269 restlen 290
tag 2 data length 287 restlen 0
got sigdata 290 restlen 0
Public key 272 #uids 1 #subs 1
 - core.gpg length: 272
 - uid0.gpg length: 339
 - sub0.gpg length: 562
To construct a partial PGP key, combine the following parts:
 - core.pgp
 - one or more uid*.pgp
 - as many sub*.pgp as you like

...and it says virtually the same on an RSA/2048 key generated by OpenPGP...

shell$ pgpsplit.py
read keyfile restlen 1187
tag 6 data length 269 restlen 915
no sigdata
tag 13 data length 36 restlen 877
tag 2 data length 312 restlen 562
got sigdata 315 restlen 562
tag 14 data length 269 restlen 290
tag 14 data length 269 restlen 290
tag 2 data length 287 restlen 0
got sigdata 290 restlen 0
Public key 272 #uids 1 #subs 1
 - core.gpg length: 272
 - uid0.gpg length: 353
 - sub0.gpg length: 562
To construct a partial PGP key, combine the following parts:
 - core.pgp
 - one or more uid*.pgp
 - as many sub*.pgp as you like


This data is traced by wrapping the C_SignUpdate command, which tunnels
the data into SHA256 and RSA:

DEBUG: Initialising signature
DEBUG: Signature hexbytes: 99 01 0d
DEBUG: Signature hexbytes: 04 56 af 26 f6 01 08 00 e2 55 12 3a f6 18 9f
b8 8e a6 2c e6 c5 fc 13 61 72 8c 09 75 f5 9f 76 dd e9 0a 2c cc aa f4 bd
e0 07 88 55 cb 16 5d a2 0d 89 d5 51 67 e7 46 90 cd b2 25 b1 e7 50 3a 33
f3 58 e7 2f fa 87 97 1d 11 52 60 08 d9 dd d3 19 f4 93 a9 95 9f 66 4d a8
25 a1 8b cc f8 9c c7 c7 5a cc 50 78 05 68 3d 63 8d 03 d4 6e 73 27 0b 8d
d3 a1 c1 81 c8 9e 96 49 eb d9 e0 19 4e 82 b5 64 ca 65 2a e4 11 52 f4 4b
a3 f6 ae 34 34 3f 09 e2 8b b0 2f 09 df 49 25 95 a2 e3 e9 1e 32 07 88 ca
2f 89 98 b3 46 7c d2 f5 41 07 b4 18 f7 3f 08 d4 1b d7 7f ae 6e 4f 98 b7
2e 16 4b 08 7a 15 da f0 e2 f0 83 a0 0b b9 26 6b 13 34 74 05 1f b5 1a 6a
8d 25 dd d6 f9 ec 76 77 b9 33 e3 ef 3f 68 61 af 81 07 07 3b a4 b9 47 6c
33 64 45 f5 6a 54 64 58 93 c4 39 79 7f 87 5a 0f a6 84 aa cd ea bd 96 94
4a 6f d0 ea c1 29 31 f2 8f 00 10 00 00 00
DEBUG: Signature hexbytes: b4 00 00 00 2f
DEBUG: Signature hexbytes: 4f 70 65 6e 50 47 50 20 54 65 73 74 20 43 6c
69 65 6e 74 20 3c 74 65 73 74 63 6c 69 40 74 6c 73 70 6f 6f 6c 2e 61 72
70 61 32 2e 6c 61 62 3e
DEBUG: Signature hexbytes: 04 10 01 08 00 09 05 02 56 af 26 f6 02 1b 21
DEBUG: Signature hexbytes: 04 ff 00 00 00 0f
DEBUG: Finalising signature

-------------- next part --------------
A non-text attachment was scrubbed...
Name: home_brewn_key.pgp
Type: application/octet-stream
Size: 1173 bytes
Desc: not available
URL: </pipermail/attachments/20160201/9e0e7081/attachment.obj>

More information about the Gnupg-devel mailing list