Secret key export difference in 1.4 and 2.1

A.L.E.C alec at alec.pl
Wed Oct 26 14:20:56 CEST 2016


On 10/26/2016 11:35 AM, Werner Koch wrote:
> It seems that the key binding signature for the subkey has been
> re-created.  DSA is depending on the implementation not deterministic
> and thus you see different signature values.
> 
> An you please describe exactly how you created the keys and the test
> vector?

For each test we setup a new homedir with content generated long time
ago with this script
https://github.com/pear/Crypt_GPG/blob/master/tools/build-keyring.sh#L70.
As generating keys takes long time we obviously can't generate the
content on every tests execution.

In other words, we generated a set of keys and imported them to the
empty keyring. Then when we run tests we re-create a new homedir and
copy saved keyring (and other homedir files) there, then execute a test.
In this case we compare the original private key block with the result
of the --export-secret-keys command.

Maybe I just should generate a homedir and keys sets for each main gpg
version separately. I should probably do it anyway, to skip the
migration process on every test, but will that solve the secret key
export issue? Will be signature the same for every gpg release across
the main version, i.e. 1.4, 2.0, 2.1? Or maybe there's some command line
argument which we could use for export command to get the same signature
value?

-- 
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer         [http://kolab.org]
Roundcube Webmail Developer   [http://roundcube.net]
----------------------------------------------------
PGP: 19359DC1 # Blog: https://kolabian.wordpress.com



More information about the Gnupg-devel mailing list