failed to convert unprotected openpgp key: Checksum error

Simon Kissane skissane at medallia.com
Mon Jan 22 03:40:33 CET 2018


On Mon, Jan 22, 2018 at 11:36 AM, Zechariah Seth
<cousinwednesday at mail.com> wrote:
> Simon Kissane wrote:
>> (This is just a test key generated for testing purposes, so it is fine
>> to share it publicly.)
>
> Interesting "User ID" on that key:
> "root:testGpg:key_54503F79_3794_456C_8725_8977A68B71C1"
>
> I hope no one is foolish enough to import your key and run your script.
Hi Zechariah, thank you for taking the time to have a look at this for me. It
sounds like you are concerned that running my script may import some strange
key into your GPG home. If you read the script, you will see that it creates
two new GPG homes under a temporary directory, so no odd keys are going to be
imported into your day-to-day GPG config.

I realise the User ID is weird. To explain, in the use case I am working on we
are only using GPG for file encryption/decryption using keys pre-agreed out
of band. As such, we aren't actually using any of the PGP "web-of-trust"
functionality, and the actual User IDs are rather irrelevant. Maybe we should
just use S/MIME or CMS instead (and I'm looking into that option), but since
we are already using GPG for this I was looking at how to possibly integrate
our existing usage of GPG with an external key management system.

That said, I have changed my key generation code to generate more normal
looking User IDs, as you can see with this key:

https://gist.github.com/skissane/a64756f32e62fbc5b51ee1f4eef22575

which has User ID:
  Test Key 123 <root.testGpg.key_E9D999DB_2E83_4061_8E9A_6F5B60806146 at example.com>

And, if you run the new key against my script, you get the same error,
showing that problem (whatever it is) isn't the User ID. (My reading of RFC4880
section 5.11 is that having an email in the User ID is just a convention not
mandatory, so software should be robust in the face of User IDs breaking that
convention.)

Thank you
Simon

On Mon, Jan 22, 2018 at 11:36 AM, Zechariah Seth
<cousinwednesday at mail.com> wrote:
> Simon Kissane wrote:
>> (This is just a test key generated for testing purposes, so it is fine
>> to share it publicly.)
>
> Interesting "User ID" on that key:
> "root:testGpg:key_54503F79_3794_456C_8725_8977A68B71C1"
>
> I hope no one is foolish enough to import your key and run your script.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



More information about the Gnupg-users mailing list