GnuPG and PGP 2.6: unusable public key

Tommi Vainikainen tvainika@cc.hut.fi
Fri Oct 19 12:57:01 2001 

On Fri, 19 Oct 2001, ingo.kloecker@epost.de wrote:

> On Thursday 18 October 2001 10:02, Tommi Vainikainen wrote:

>> I got public key from a friend.  That key was generated with some

>> version of PGP 2.6.  To import that key I had to use

>> --allow-non-selfsigned-uid, but now the key is in my public

>> keyring.

>=20

> You have to sign his key with your key. Alternatively you could try

> if using the --always-trust option helps. However, signing your

> friend's key is the better solution.


This didn't help at all.  I had signed it already.  Same error
message.

But with more testing, it seems gpg doesn't allow using keys without
selfsignature.  I tested this with my temporarily generated pgp2 keys,
after selfsigning temp key, gpg allowed me to encrypt to that temporal
pgp2 key, but not without selfsignature even tough I added almost
every possible parameter.  So is this a bug or what because man page
says --always-trust would be enough for everbody (or did I
misunderstood that)?

       --always-trust
                 Skip key validation and assume  that  used  keys
                 are  always  fully  trusted.  You won't use this
                 unless you have installed some external  valida=AD
                 tion scheme.

       --allow-non-selfsigned-uid
                 Allow the import of keys with user IDs which are
                 not self-signed, but have at  least  one  signa=AD
                 ture.  This only allows the import - key valida=AD
                 tion will fail and you have to check the  valid=AD
                 ity  of  the  key  my other means.  ...

What I understood from those, (quoted from gpg man page) that non
selfsigned key is not valid, but always-trust would skip validation
and thus wouldn't care about validness of key.

Last night I did read some gpg code, adding oneliner "pk->is_valid =3D
1;" to right place is sufficient to force gpg to encrypt.  I tested
it.

Second problem is that pgp2 cannot decrypt those messages.  Difference
in messages generated by gpg and pgp2 was that length of encrypted
packet was "unknown" when generated by gpg and some integer when
generated by pgp2.  (That was with gpg's --list-packets.)  So what is
wrong here?  Does this mean gpg is not pgp2 compatible at all?  What
does --rfc1991 if pgp2 still cannot decrypt those messages?

--=20
Tommi Vainikainen