pgp 8.3 invalid armor header

Todd Freedom_Lover at pobox.com
Fri Dec 12 10:35:37 CET 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Courie wrote:
> I have someone new to this who generated a 4096 key ( I told him
> that was into the realm of tinfoil but he's a nooB and is excited
> about it) I can verify the key because I physically saw it generated
> and handed to me.  Now when I go to import it into my keyring the
> error message is invalid armor header.  So I thought about it a
> while and opened the asc in vi and deleted the second line of the
> header which just said "www.pgp.com" on it and tried again and the
> key imported without errors.

It sounds like the Comment: header was wrapped by whatever software
you used to transfer the key.  (Ironically, while the key you were
importing seems to have been wrapped where it shouldn't have been,
your post here wasn't wrapped and it should have been. :)

> With that in mind, my question is, isin't it a security violation to
> alter an armor header?

Certainly not the Comment: header.  It's only there as a comment.
Mucking around with other armor headers might result in a message you
can't open, but I don't think there's any way to turn that into a real
security issue.

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
Reality is that which, when you stop believing in it, doesn't go away.
    -- Philip K. Dick

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iD8DBQE/2eBJuv+09NZUB1oRAl+/AKCn8sbpnv7W7Cuo1Z0de+NzHlkq1wCfe0k1
b7O7ak4qBgt1oBLZgQivK1E=
=NQ7W
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list