Parsing SKS key dumps

Tobias Mueller 4tmuelle at informatik.uni-hamburg.de
Sun Sep 9 13:44:59 CEST 2012


Hey folks :)

For the fun of it, I tried to parse a few weekly dumps (i.e. from here:
http://keys.niif.hu/keydump/) and very often,
not even GnuPG can successfully parse the packets, i.e. gpg
--list-packets fails. Usually with "gpg: mpi too large for this
implementation (56104 bits)" but there is a myriad of errors, i.e.
gpg: subpacket of type 16 too short
gpg: mpi larger than indicated length (517 bytes)
gpg: mpi larger than indicated length (0 bytes)
gpg: signature packet: unhashed data too long
gpg: signature packet: hashed data too long
gpg: mpi larger than indicated length (514 bytes)
gpg: packet(14) too short

I usually can parse 30 to 40 out of the 206 or 207 dumps (probably
containing 15k keys each).

I wonder why that is.

Is that just malicious data which landed in the pool?

Or is SKS better on parsing OpenPGP packets than GnuPG?
Because one offending key seems to be 0x5df5c3733a6ced98 which,
according to
<http://gpg.spline.inf.fu-berlin.de:11371/pks/lookup?search=0x5DF5C3733A6CED98&fingerprint=on&hash=on&op=vindex>

is successfully parsed by SKS. Same thing for 0xb51b4b095356aac8 or
0x857625223295AAB2.

These appear to be keys that carry signature from 0x9710B89BCA57AD7C,
the "PGP Global Directory Verification Key".

Cheers,
  Tobi



More information about the Gnupg-users mailing list