pgp 8.3 invalid armor header
John Courie
admin at petridish.org
Fri Dec 12 10:02:43 CET 2003
I have someone new to this who generated a 4096 key ( I told him that was into the realm of tinfoil but he's a nooB and is excited about it) I can verify the key because I physically saw it generated and handed to me. Now when I go to import it into my keyring the error message is invalid armor header. So I thought about it a while and opened the asc in vi and deleted the second line of the header which just said "www.pgp.com" on it and tried again and the key imported without errors. With that in mind, my question is, isin't it a security violation to alter an armor header? I thought that messing with the header would break the key but it didn't, is there a danger of this contributing to a spoof of cleartext signing? It's kind of incidental because I told him I'm not using idea and that as soon as he gets a feel for the process he is going to have to use an algo that is _free_ but it piqued my interest and I began to wonder if I had a full comprehension for the structu!
re of a cleartext key.
More information about the Gnupg-users
mailing list