GnuPG fails to import some PGP keys

Daniele Arena
Wed, 18 Oct 2000 17:46:08 +0200 (CEST)

Hello Everybody,

As some of you probably already know, here at RIPE NCC we plan to use
GnuPG for signature authentication in the new implementation of the
software which runs the RIPE Database.

Since we are currently using PGP software to import the keys and check the
signatures, we will need to "port" all the keys to GnuPG. In the RIPE
Database, we have a bunch of objects which represent "key certificates",
which we use to import the keys in the database public keyring.

We would like to regenerate a GnuPG keyring from these key certificates,
but that's where the problem lies. Some keys can be successfully imported
by PGP, but not by GnuPG. They normally have a CRC error.

This issue has already been addressed in the message "Problems importing a
public DSA key" (,
but the answer from Werner Koch was "Something is wrong with the ascii
armor [...] Try to get the key from another source". 

Now, unfortunately we cannot get the keys "from another source", since
some users have already put those keys in the database, and the keys do
work with PGP. We cannot ask them to resend their keys.

Did anyone here had to solve a similar problem? I accept the fact that
there may be a problem with the ASCII armor (if I import then export the
key with PGP, the key block is slightly different, and the new one *can*
be imported with GnuPG), but then why does it work with PGP in the first
place? Is there any possibility to make the key work with GnuPG without
having to get a "better" copy of the key?

Thanks a lot in advance.



Daniele Arena			RIPE NCC - Database Group
phone  : +31 20 535 4444	Singel 258
fax    : +31 20 535 4445	1016AB Amsterdam
e-mail :	The Netherlands

Archive is at - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to