GnuPG fails to import some PGP keys

Werner Koch
Thu, 19 Oct 2000 18:13:38 +0200

On Thu, 19 Oct 2000, Daniele Arena wrote:

> Thanks a lot for the answer!
No problem, we need the RIPE ;-)
> The trick actually works, except for one key, 0x1228A499 (see below for
> the full public key). I have to import this key in PGP, then export it and
It seems that the signature packet is scrambled. I don't know why PGP accepts it.
> If you could implement the b), that would be great. It would be especially
Done - will show up in the CVS soon.
> "--allow-non-selfsigned-uid" doesn't help. The key is 0x41B35C52, it is
> correctly imported by PGP 5.0, and not even the
> "import-then-export-with-pgp-then-try-gpg" trick works. Did I maybe hit an
Theis key has a user ID with no self-signature and no other signature on it. You can't trust this user ID. At least one signature is needed to accept a user ID, --allow-non-selfsigned-uid just drops the requirement that this is a self-signature. I fixed the documentation of --allow-non-selfsigned-uid to make this more clear. This requirement of one arbitraru signature is not secure but the reason to implement the option was to help people with IN keys: The IN CA requires 2 keys: One SIGN-ONLY and another one for ENCRYPT-ONLY. Special strings in the user ID mark those keys. Because the encryption key is signed by the SIGN-ONLY key, there is no self-signature oh that key. ciao, Werner -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to