import key failure, apparent bug
Joshua Hudson
jhudson at cedaron.com
Mon Jun 1 18:25:01 CEST 2026
On 5/30/2026 11:15 AM, Werner Koch wrote:
> Andrew remarked on the ML that the encoding of the MPIs is also not
> okay. I have not looked closer at this because I am still on vacation.
>
> What software was used for exporting the key?
>
>
> Shalom-Salam,
>
> Werner
I have a fifteen year old library for GPG keys that finally needs to add RSA
key support. It was tagged not-working at the time it was written and the
tech debt came due.
And according to my records, fifteen years ago, gpg would import private
keys without a checksum.
I found the MPI encoding problem; conversion to bits to bytes was
not correct. Since the keys were working elsewhere, that was the only
possible location. (Conversion from bits to bytes is nontrivial because of
the need to account for leading zero bits.) This caused the keyids to
disagree and the subkey import to therefore fail.
It would appear that gpg doesn't strictly follow the spec and compute
the key fingerprint over the incoming subkey packet; but that's neither
here nor there.
More information about the Gnupg-users
mailing list