gpg --export produces invalid EdDSA output - regression

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Sep 15 01:56:38 CEST 2023


Marek Marczykowski-Górecki <marmarek at invisiblethingslab.com> writes:

>In the discussion I see that SSH uses signed numbers there, but I don't see
>how it's relevant for `gpg --export` which deals with OpenPGP format, not SSH
>format.

A data point from the ASN.1 world, they also use signed integers and in 100.0%
of all cases where the sign bit is set (at least in crypto usage) it's an
encoding error, not an attempt to encode a negative number.  So all
implementations treat the values as unsigned no matter what they're actually
supposed to be.

Which has in turn led to a tolerance of new implementations that get the
encoding wrong, but that's another issue.  However, if the whole world treats
your values as unsigned anyway then it seems a bit risky to break the encoding
to accommodate something that doesn't exist.

Peter.




More information about the Gnupg-devel mailing list