Can't import new public keys (can't write tu pubring.kbx)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Dec 10 20:19:56 CET 2016 

On Sat 2016-12-10 11:30:53 +0100, Ondřej Střeštík wrote:

> Today i appeard i can not import new public keys every time when i try gpg
> --import i will
>
> gpg: error writing keyring '/home/user/.gnupg/pubring.kbx': Unexpected
> error
> gpg: key 4D3DE5CC4DAC4561: public key "[User ID not found]" imported
> gpg: error reading 'Dokumenty/key.asc': Unexpected error
> gpg: import from 'Dokumenty/key.asc' failed: Unexpected error
> gpg: Total number processed: 0
> gpg:               imported: 1

This key has a zero-length User ID.  that is, the User ID is the empty
string ("").

You can see this with:

0 dkg at alice:/tmp/cdtemp.Ok5Ijz$ wget -q -O- 'http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x4D3DE5CC4DAC4561' | pgpdump
Old: Public Key Packet(tag 6)(269 bytes)
	Ver 4 - new
	Public key creation time - Sat Jan 30 18:42:22 CET 2016
	Pub alg - RSA Encrypt or Sign(pub 1)
	RSA n(2048 bits) - ...
	RSA e(17 bits) - ...
Old: User ID Packet(tag 13)(0 bytes)
	User ID - 
Old: Signature Packet(tag 2)(284 bytes)
	Ver 4 - new
	Sig type - Generic certification of a User ID and Public Key packet(0x10).
	Pub alg - RSA Encrypt or Sign(pub 1)
	Hash alg - SHA1(hash 2)
	Hashed Sub: signature creation time(sub 2)(4 bytes)
		Time - Sat Jan 30 18:42:22 CET 2016
	Sub: issuer key ID(sub 16)(8 bytes)
		Key ID - 0x4D3DE5CC4DAC4561
	Hash left 2 bytes - bf d8 
	RSA m^d mod n(2046 bits) - ...
		-> PKCS-1
Old: Signature Packet(tag 2)(284 bytes)
	Ver 4 - new
	Sig type - Generic certification of a User ID and Public Key packet(0x10).
	Pub alg - RSA Encrypt or Sign(pub 1)
	Hash alg - SHA256(hash 8)
	Hashed Sub: signature creation time(sub 2)(4 bytes)
		Time - Fri Aug 19 00:29:49 CEST 2016
	Sub: issuer key ID(sub 16)(8 bytes)
		Key ID - 0xBE3CD7444608B62A
	Hash left 2 bytes - b9 c0 
	RSA m^d mod n(2043 bits) - ...
		-> PKCS-1
0 dkg at alice:/tmp/cdtemp.Ok5Ijz$ 


i suppose someone could argue that a zero-length user ID is valid, but i
don't see any use for it, and i can imagine it causing problems in a lot
of situations.  So i think on balance i'm that gpg rejecting it by
default is doing the right thing.

          --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20161210/ccce4bd6/attachment.sig>

More information about the Gnupg-users mailing list