Allowing import of pubkeys without User ID

Werner Koch wk at gnupg.org
Thu Jan 12 09:33:33 CET 2023


Hi!

On Wed, 11 Jan 2023 00:19, Vincent Breitmoser said:

> Werner's rfc4880bis and the working group's crypto-refresh drafts
> agree that transferable public keys no longer are required to carry
> a User ID packet:

Thanks for noting.  Fix below.


Shalom-Salam,

   Werner



commit 64ace7e2c10ef92269073e481c1622b522dc0c9f (HEAD -> refs/heads/master)
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jan 12 09:31:19 2023 +0100

    Fix composition of public key blocks.
    
    In the course of the reformatting actions of the draft a regression
    against 4880 was not fixed (Zero User ID packets).  The reason for
    introducing zero User ID packets might have been the idea to express
    that an Attribute packet may be used instead of a User ID.  However,
    that should either be clarified in the comments or left to the
    implementation.
    
    The second fix is to require at least one Signature packet after a
    User ID and Attribute packet.  This was wrong in 2440 and 4880 but is
    cryptographically required.

	Modified   rfc4880bis.md
diff --git a/rfc4880bis.md b/rfc4880bis.md
index 038908b..1eaa21a 100644
--- a/rfc4880bis.md
+++ b/rfc4880bis.md
@@ -4083,14 +4083,14 @@ transferable public key are as follows:
 
   - Zero or more revocation signatures
 
-  - Zero or more User ID packets
+  - One or more User ID packets
 
-  - After each User ID packet, zero or more Signature packets
+  - After each User ID packet, one or more Signature packets
     (certifications and attestation key signatures)
 
   - Zero or more User Attribute packets
 
-  - After each User Attribute packet, zero or more Signature packets
+  - After each User Attribute packet, one or more Signature packets
     (certifications and attestation key signatures)
 
   - Zero or more Subkey packets
@@ -4106,7 +4106,7 @@ may have more than one email address, and construct a User ID for each
 one.  A transferable public key SHOULD include at least one User ID
 packet unless storage requirements prohibit this.
 
-Immediately following each User ID packet, there are zero or more
+Immediately following each User ID packet, there are one or more
 Signature packets.  Each Signature packet is calculated on the
 immediately preceding User ID packet and the initial Public-Key
 packet.  The signature serves to certify the corresponding public key
@@ -4119,7 +4119,7 @@ certifications over the associated User ID.
 
 Within the same section as the User ID packets, there are zero or more
 User Attribute packets.  Like the User ID packets, a User Attribute
-packet is followed by zero or more Signature packets calculated on the
+packet is followed by one or more Signature packets calculated on the
 immediately preceding User Attribute packet and the initial Public-Key
 packet.
 

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20230112/be128fe3/attachment.sig>


More information about the Gnupg-devel mailing list