gpg: keydb_get_keyblock failed: Invalid object

[William Holmes]

Hi,
Not just sign-only Curve 448 subkey, gpg will fail after any subkey
(RSA/ECC [S]/[E]/[A]/[C]) is created when a keypair is generated with Curve
448.
When gpg fails, how can I recover keys?
This is so important.
This bug will destroy keydb, it is a "big" issue.

_____________________________________

On Thu, Aug 26, 2021 at 4:25 AM NIIBE Yutaka <gniibe at fsij.org> wrote:

> Hello,
>
> Thank you for your report.
>
> William Holmes wrote:
> > gpg failed after I created a second sign-only Curve 448 key.
>
> Please use --quick-add-key instead, while I'm fixing the bug.
>
> My changes of following commits were not enough.
>
>         2b50f942672d9a2c325a818f21f69d3ee69255d3
>         36355394d865f5760075e62267d70f7a7d5dd671
>
> I think that something like this will be needed to apply.
>
> Please note that 448 keys are not yet standardized as OpenPGP.  So,
> format for key, signature, encrypted data may be changed in future.
>
> diff --git a/g10/keygen.c b/g10/keygen.c
> index 239e7aca1..cb6487ea3 100644
> --- a/g10/keygen.c
> +++ b/g10/keygen.c
> @@ -5879,7 +5879,12 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t
> keyblock, const char *algostr,
>        else if (algo == PUBKEY_ALGO_ECDSA
>                 || algo == PUBKEY_ALGO_EDDSA
>                 || algo == PUBKEY_ALGO_ECDH)
> -        curve = ask_curve (&algo, NULL, NULL);
> +        {
> +          curve = ask_curve (&algo, NULL, NULL);
> +
> +          if (curve && (!strcmp (curve, "X448") || !strcmp (curve,
> "Ed448")))
> +            keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY;
> +        }
>        else
>          nbits = ask_keysize (algo, 0);
>
> --
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210826/fea23000/attachment.html>