GnuPG fails to import some PGP keys
Werner Koch
wk@gnupg.org
Thu, 19 Oct 2000 18:13:38 +0200
On Thu, 19 Oct 2000, Daniele Arena wrote:
> Thanks a lot for the answer!
No problem, we need the RIPE ;-)
> The trick actually works, except for one key, 0x1228A499 (see below for
> the full public key). I have to import this key in PGP, then export it and
It seems that the signature packet is scrambled. I don't know why
PGP accepts it.
> If you could implement the b), that would be great. It would be especially
Done - will show up in the CVS soon.
> "--allow-non-selfsigned-uid" doesn't help. The key is 0x41B35C52, it is
> correctly imported by PGP 5.0, and not even the
> "import-then-export-with-pgp-then-try-gpg" trick works. Did I maybe hit an
Theis key has a user ID with no self-signature and no other
signature on it. You can't trust this user ID.
At least one signature is needed to accept a user ID,
--allow-non-selfsigned-uid just drops the requirement that this is
a self-signature. I fixed the documentation of
--allow-non-selfsigned-uid to make this more clear.
This requirement of one arbitraru signature is not secure but the
reason to implement the option was to help people with IN keys: The
IN CA requires 2 keys: One SIGN-ONLY and another one for
ENCRYPT-ONLY. Special strings in the user ID mark those keys.
Because the encryption key is signed by the SIGN-ONLY key, there is
no self-signature oh that key.
ciao,
Werner
--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org