(GPG1) Download of false key? Key not included?

Steffen Nurpmeso steffen at sdaoden.eu
Thu Jan 23 17:46:16 CET 2020


Hello.

Can anyone tell me what is actually going on here.
If it is as easy as "use GPG2" do not waste that much time,
however, doesn't the below use RSA plus SHA-512, what v1 supports?
( Supported algorithms:
  Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
  Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
          CAMELLIA128, CAMELLIA192, CAMELLIA256
  Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
  Compression: Uncompressed, ZIP, ZLIB, BZIP2

And you will not go for zstd i have seen fly by, right, even
though it decompresses very, very fast, and is a small and self-
sufficient implementation.  Do you.)

  #?0|kent:gmake.tar_bomb_git-no_reduce$ gpg --verify make-4.3.tar.lz.sig
  Reading passphrase from file descriptor 4
  gpg: assuming signed data in `make-4.3.tar.lz'
  gpg: Signature made Sun 19 Jan 2020 11:24:51 PM CET using RSA key ID DB78137A
  gpg: Can't check signature: public key not found

  #?2|kent:gmake.tar_bomb_git-no_reduce$ gpg --search-key DB78137A
  Reading passphrase from file descriptor 4
  gpg: searching for "DB78137A" from hkps server hkps.pool.sks-keyservers.net
  (1)     Paul D. Smith <psmith at gnu.org>
          Paul D. Smith <paul at mad-scientist.net>
            4096 bit RSA key 20C79BB2, created: 2016-10-22
  Keys 1-1 of 1 for "DB78137A".  Enter number(s), N)ext, or Q)uit > 1
  gpg: requesting key 20C79BB2 from hkps server hkps.pool.sks-keyservers.net

  gpg: Total number processed: 1
  gpg:       skipped new keys: 1

Why is it skipped?  GPG1 does support RSA and SHA-512 digests (see
below)?

  $ gpg --list-keys|grep -B1 -A1 Smith
  pub   1024D/6338B6D4 2004-01-04
  uid                  Paul Smith (Mad Scientist) <psmith at gnu.org>
  sub   2048g/E0EB03CE 2004-01-04

  #?0|kent:gmake.tar_bomb_git-no_reduce$ gpg --delete-keys 6338B6D4
  pub  1024D/6338B6D4 2004-01-04 Paul Smith (Mad Scientist) <psmith at gnu.org>

  Delete this key from the keyring? (y/N) y

  #?0|kent:gmake.tar_bomb_git-no_reduce$ gpg -vvvvv --search-key DB78137A
  gpg: using character set `utf-8'
  Reading passphrase from file descriptor 4
  gpg: searching for "DB78137A" from hkps server hkps.pool.sks-keyservers.net
  (1) Paul D. Smith <psmith at gnu.org>
          Paul D. Smith <paul at mad-scientist.net>
            4096 bit RSA key 20C79BB2, created: 2016-10-22
  Keys 1-1 of 1 for "DB78137A".  Enter number(s), N)ext, or Q)uit > 1
  gpg: requesting key 20C79BB2 from hkps server hkps.pool.sks-keyservers.net
  gpg: armor: BEGIN PGP PUBLIC KEY BLOCK
  gpg: armor header: Version: SKS 1.1.6
  gpg: armor header: Comment: Hostname: sks.pod02.fleetstreetops.com
  :public key packet:
          version 4, algo 1, created 1477170443, expires 0
          pkey[0]: [4096 bits]
          pkey[1]: [17 bits]
          keyid: 80CB727A20C79BB2
  :user ID packet: "Paul D. Smith <psmith at gnu.org>"
  :signature packet: algo 1, keyid 80CB727A20C79BB2
          version 4, created 1477172043, md5len 0, sigclass 0x13
          digest algo 10, begin of digest 3a bd
          hashed subpkt 2 len 4 (sig created 2016-10-22)
          hashed subpkt 27 len 1 (key flags: 03)
          hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 3)
          hashed subpkt 21 len 4 (pref-hash-algos: 10 9 8 11)
          hashed subpkt 22 len 4 (pref-zip-algos: 2 3 1 0)
          hashed subpkt 30 len 1 (features: 01)
          hashed subpkt 23 len 1 (key server preferences: 80)
          subpkt 16 len 8 (issuer key ID 80CB727A20C79BB2)
          data: [4095 bits]
  :signature packet: algo 17, keyid 96B047156338B6D4
          version 4, created 1477178301, md5len 0, sigclass 0x13
          digest algo 10, begin of digest 93 10
          hashed subpkt 2 len 4 (sig created 2016-10-22)
          subpkt 16 len 8 (issuer key ID 96B047156338B6D4)
          data: [158 bits]
          data: [157 bits]
  :user ID packet: "Paul D. Smith <paul at mad-scientist.net>"
  :signature packet: algo 1, keyid 80CB727A20C79BB2
          version 4, created 1477172069, md5len 0, sigclass 0x13
          digest algo 10, begin of digest e3 f0
          hashed subpkt 27 len 1 (key flags: 03)
          hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 3)
          hashed subpkt 21 len 4 (pref-hash-algos: 10 9 8 11)
          hashed subpkt 22 len 4 (pref-zip-algos: 2 3 1 0)
          hashed subpkt 30 len 1 (features: 01)
          hashed subpkt 23 len 1 (key server preferences: 80)
          hashed subpkt 2 len 4 (sig created 2016-10-22)
          hashed subpkt 25 len 1 (primary user ID)
          subpkt 16 len 8 (issuer key ID 80CB727A20C79BB2)
          data: [4095 bits]
  :signature packet: algo 17, keyid 96B047156338B6D4
          version 4, created 1477178301, md5len 0, sigclass 0x13
          digest algo 10, begin of digest 89 10
          hashed subpkt 2 len 4 (sig created 2016-10-22)
          subpkt 16 len 8 (issuer key ID 96B047156338B6D4)
          data: [160 bits]
          data: [159 bits]
  :public sub key packet:
          version 4, algo 1, created 1477170443, expires 0
          pkey[0]: [4096 bits]
          pkey[1]: [17 bits]
          keyid: 609DAAD35F61D607
  :signature packet: algo 1, keyid 80CB727A20C79BB2
          version 4, created 1477170443, md5len 0, sigclass 0x18
          digest algo 10, begin of digest e7 70
          hashed subpkt 2 len 4 (sig created 2016-10-22)
          hashed subpkt 27 len 1 (key flags: 0C)
          subpkt 16 len 8 (issuer key ID 80CB727A20C79BB2)
          data: [4092 bits]
  :public sub key packet:
          version 4, algo 1, created 1477172175, expires 0
          pkey[0]: [4096 bits]
          pkey[1]: [17 bits]
          keyid: DEACCAAEDB78137A
  :signature packet: algo 1, keyid 80CB727A20C79BB2
          version 4, created 1477172175, md5len 0, sigclass 0x18
          digest algo 10, begin of digest 74 4e
          hashed subpkt 2 len 4 (sig created 2016-10-22)
          hashed subpkt 27 len 1 (key flags: 02)
          hashed subpkt 9 len 4 (key expires after 10y0d0h0m)
          subpkt 16 len 8 (issuer key ID 80CB727A20C79BB2)
          subpkt 32 len 540 (signature: v4, class 0x19, algo 1, digest algo 10)
          data: [4095 bits]
  gpg: pub  4096R/20C79BB2 2016-10-22  Paul D. Smith <psmith at gnu.org>
  gpg: key 20C79BB2: new key - skipped
  gpg: Total number processed: 1
  gpg:       skipped new keys: 1
  #?0|kent:gmake.tar_bomb_git-no_reduce$

Thanks.
And ciao from (and to) Germany,

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)



More information about the Gnupg-users mailing list