Gnupg cannot handle extremely large keys on 32 bit Linux

Charly Avital shavital at mac.com
Sat Apr 14 09:54:10 CEST 2007


David Shaw wrote the following on 4/13/07 7:57 PM:
> On Sun, Apr 08, 2007 at 01:00:13AM +0300, Charly Avital wrote:
> 
>> Running gpg 1.4.7 under Mac OSX 10.4.9
>> -------------------------------------------
>> pub  16384R/17CACAE3  created: 2007-04-07  expires: never       usage: SCEA
>>                      trust: unknown       validity: unknown
>> [ unknown] (1). Testing only <test at test.test>
>>
>> Command> check
>> uid  Testing only <test at test.test>
>> sig!3        2D879666 2007-04-07  [User ID not found]
>> 1 user ID without valid self-signature detected
> 
> I cannot confirm this.  I tested GPG 1.4.7 on OSX 10.4.9 running on
> both PPC and Intel.  The 16k key works correctly on both.  Can you
> double check your report?
> 
> David
> 

David,

This report comes from a Powerbook G4 PPC, running GPG 1.4.7 on OSX
10.4.9, Thunderbird version 1.5.0.10 (20070221), Enigmail 0.94.3

1. Using TB+Enigmail's OpenPGP's option 'Sender's Key->Import Public
key', a on-screen sheet asked whether to import the public key embedded
in the message; upon confirming the action, another on-screen sheet
showed the message:
----------
gpg: key 2D879666: public key "[User ID not found]" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
----------

2. In Terminal:
----------
$ gpg --edit-key 2D879666
gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details
----------

This, to my understanding (limited) means that gpg didn't find any key
with ID 2D879666.

3. Searching with
gpg --list-keys
as well as in GPG Keychain Access, a GUI that lists the contents of the
public and secret keyrings, I found a key bearing UID 'Testing only
<test at test.test>'. This is the UID used by Alexander Feigl when he
generated that large key:
------
pub   16384R/17CACAE3 2007-04-07
uid                  Testing only <test at test.test>
------

4. Now again in Terminal:
------
$ gpg --edit-key 17CACAE3
gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.


pub  16384R/17CACAE3  created: 2007-04-07  expires: never       usage: SCEA
                     trust: unknown       validity: unknown
[ unknown] (1). Testing only <test at test.test>

Command> check
uid  Testing only <test at test.test>
sig!3        2D879666 2007-04-07  [User ID not found]
1 user ID without valid self-signature detected

Command> list

pub  16384R/17CACAE3  created: 2007-04-07  expires: never       usage: SCEA
                     trust: unknown       validity: unknown
[ unknown] (1). Testing only <test at test.test>

Command> fpr
pub   16384R/17CACAE3 2007-04-07 Testing only <test at test.test>
 Primary key fingerprint: 3945 7320 723A 643D FB07  F7A3 C8B6 7AA7 17CA CAE3
----------

If the above is accurate, we have a key:
- that was apparently imported as 2D879666, but gpg --edit-key 2D879666
does not find it.
- whose fpr shows its Key ID to be 17CACAE3
- that has been signed (sig!3) with a key whose Key ID is 2D879666, back
to square one.

5. As you know, I am far, far from being an expert, or even
knowledgeable. But I remember from my first attempts at PGP (circa 1995
or so) similar occurrences with RSA keys (and this is an RSA keys
*without* subkeys) *showing* with two different Key IDs. Unfortunately,
I cannot document these occurrences, after such a long time.

6. PGP Desktop 9.5.3, after the key block is imported, shows a key:
- size 16834
- UID test at test.test
- Key ID 0x2D879666
- Cipher CAST
- Type: RSA
- Created: 4/7/07
- Self-signature 0x2D879666 marked with a red dot showing a white X,
suggesting that this self-signature is not valid.

I'll send you a report from the Intel Mac as soon as possible.

I'm not sure all this reporting should be posted to the list, occupying
space. If you prefer that I report OFF list, please let me know.

Charly


Charly






More information about the Gnupg-users mailing list