Can't import new public keys (can't write tu pubring.kbx)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Dec 10 20:19:56 CET 2016
On Sat 2016-12-10 11:30:53 +0100, Ondřej Střeštík wrote:
> Today i appeard i can not import new public keys every time when i try gpg
> --import i will
>
> gpg: error writing keyring '/home/user/.gnupg/pubring.kbx': Unexpected
> error
> gpg: key 4D3DE5CC4DAC4561: public key "[User ID not found]" imported
> gpg: error reading 'Dokumenty/key.asc': Unexpected error
> gpg: import from 'Dokumenty/key.asc' failed: Unexpected error
> gpg: Total number processed: 0
> gpg: imported: 1
This key has a zero-length User ID. that is, the User ID is the empty
string ("").
You can see this with:
0 dkg at alice:/tmp/cdtemp.Ok5Ijz$ wget -q -O- 'http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x4D3DE5CC4DAC4561' | pgpdump
Old: Public Key Packet(tag 6)(269 bytes)
Ver 4 - new
Public key creation time - Sat Jan 30 18:42:22 CET 2016
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(2048 bits) - ...
RSA e(17 bits) - ...
Old: User ID Packet(tag 13)(0 bytes)
User ID -
Old: Signature Packet(tag 2)(284 bytes)
Ver 4 - new
Sig type - Generic certification of a User ID and Public Key packet(0x10).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA1(hash 2)
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Sat Jan 30 18:42:22 CET 2016
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x4D3DE5CC4DAC4561
Hash left 2 bytes - bf d8
RSA m^d mod n(2046 bits) - ...
-> PKCS-1
Old: Signature Packet(tag 2)(284 bytes)
Ver 4 - new
Sig type - Generic certification of a User ID and Public Key packet(0x10).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA256(hash 8)
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Fri Aug 19 00:29:49 CEST 2016
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0xBE3CD7444608B62A
Hash left 2 bytes - b9 c0
RSA m^d mod n(2043 bits) - ...
-> PKCS-1
0 dkg at alice:/tmp/cdtemp.Ok5Ijz$
i suppose someone could argue that a zero-length user ID is valid, but i
don't see any use for it, and i can imagine it causing problems in a lot
of situations. So i think on balance i'm that gpg rejecting it by
default is doing the right thing.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20161210/ccce4bd6/attachment.sig>
More information about the Gnupg-users
mailing list