gpg: keydb_get_keyblock failed: Invalid object
William Holmes
xylene2016 at gmail.com
Thu Aug 26 16:21:27 CEST 2021
Hi,
Not just sign-only Curve 448 subkey, gpg will fail after any subkey
(RSA/ECC [S]/[E]/[A]/[C]) is created when a keypair is generated with Curve
448.
When gpg fails, how can I recover keys?
This is so important.
This bug will destroy keydb, it is a "big" issue.
_____________________________________
On Thu, Aug 26, 2021 at 4:25 AM NIIBE Yutaka <gniibe at fsij.org> wrote:
> Hello,
>
> Thank you for your report.
>
> William Holmes wrote:
> > gpg failed after I created a second sign-only Curve 448 key.
>
> Please use --quick-add-key instead, while I'm fixing the bug.
>
> My changes of following commits were not enough.
>
> 2b50f942672d9a2c325a818f21f69d3ee69255d3
> 36355394d865f5760075e62267d70f7a7d5dd671
>
> I think that something like this will be needed to apply.
>
> Please note that 448 keys are not yet standardized as OpenPGP. So,
> format for key, signature, encrypted data may be changed in future.
>
> diff --git a/g10/keygen.c b/g10/keygen.c
> index 239e7aca1..cb6487ea3 100644
> --- a/g10/keygen.c
> +++ b/g10/keygen.c
> @@ -5879,7 +5879,12 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t
> keyblock, const char *algostr,
> else if (algo == PUBKEY_ALGO_ECDSA
> || algo == PUBKEY_ALGO_EDDSA
> || algo == PUBKEY_ALGO_ECDH)
> - curve = ask_curve (&algo, NULL, NULL);
> + {
> + curve = ask_curve (&algo, NULL, NULL);
> +
> + if (curve && (!strcmp (curve, "X448") || !strcmp (curve,
> "Ed448")))
> + keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY;
> + }
> else
> nbits = ask_keysize (algo, 0);
>
> --
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210826/fea23000/attachment.html>
More information about the Gnupg-users
mailing list