pubkey_encrypt failed: Provided object is too short (with 2.1.11 and Werner's new subkeys)

Bernhard Reiter bernhard at intevation.de
Thu Jan 5 17:07:58 CET 2017


This is to document a difficulty.

As it is for a specific GnuPG version and Werner's new subkey
it may or may not be interesting to others. Thus I am not opening a report in 
the tracker right away.

== Observations
With gnupg 2.1.11 libgcrypt 1.6.5 using
pub   dsa2048/F2AD85AC1E42B367 2007-12-31 Werner Koch <wk at gnupg.org>
 Primary key fingerprint: 8061 5870 F5BA D690 3336  86D0 F2AD 85AC 1E42 B367

LANG=C gpg2 -e -v -r 29D746E5560A3555 x 
failed with 
gpg: using subkey 7F3B7ED4319BCCA8 instead of primary key F2AD85AC1E42B367
gpg: pubkey_encrypt failed: Provided object is too short
gpg: x: encryption failed: Provided object is too short
(or general error when viewing from kmail).

Using several variations of --disable-pubkey-algo=ECDSA or selecting the RSA
subject as recipient could not make the problem go away.

when using --edit the general error was seen when computing the keygrip
on the cv25519 encryption key:
gpg: error computing keygrip
gpg: error computing a keygrip: Allgemeiner Fehler
sub  cv25519/7F3B7ED4319BCCA8
     erzeugt: 2017-01-01  verfällt: 2018-12-30  Aufruf: E   

== Workaround
deleting the problematic subkey

Using --edit
  key 7F3B7ED4319BCCA8
  delkey
could make m

== Why GnuPG 2.1.11?
On some systems I do not have  the most recent release because those release 
can be problematic on their own ways (example the keyserver and 32bit 
problems of 2.1.17). Hopefully the defect is already fixed, still I've found 
others seem to have the problem, too. 
GnuPG 2.0 worked for me, as the keygrip computing seems to be skipped
for this subkey.

== Details

LANG=C gpg2 --version
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5

Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20170105/700a8444/attachment-0001.sig>


More information about the Gnupg-devel mailing list