On 5/30/2026 11:15 AM, Werner Koch wrote:
Andrew remarked on the ML that the encoding of the MPIs is also not
okay. I have not looked closer at this because I am still on vacation.
What software was used for exporting the key?
Shalom-Salam,
Werner
I have a fifteen year old library for GPG keys that finally needs to add RSA
key support. It was tagged not-working at the time it was written and the
tech debt came due.
And according to my records, fifteen years ago, gpg would import private
keys without a checksum.
I found the MPI encoding problem; conversion to bits to bytes was
not correct. Since the keys were working elsewhere, that was the only
possible location. (Conversion from bits to bytes is nontrivial because of
the need to account for leading zero bits.) This caused the keyids to
disagree and the subkey import to therefore fail.
It would appear that gpg doesn't strictly follow the spec and compute
the key fingerprint over the incoming subkey packet; but that's neither
here nor there.
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
