Re: How to get a pubkey with WKD (Re: Incompatible secret key format between 2.4.4 and 2.2.27?)

[Werner Koch via Gnupg-users]

On Thu, 15 Feb 2024 11:48, Bernhard Reiter said:

> But it does not get the current version of the pubkey in some circumstances.

Example?  I am not zware of it.

> And the long version works in a few more elder GnuPG versions. ;)

Since 2.2.17 from summer 2019 - 5 years passed since then with a couple
of CVEs.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

How to get a pubkey with WKD (Re: Incompatible secret key format between 2.4.4 and 2.2.27?)

[Bernhard Reiter via Gnupg-users]

Am Donnerstag 15 Februar 2024 10:45:53 schrieb Werner Koch:
>  The following will get his pubkey by WKD on the command line:
> >  gpg  --locate-keys --auto-key-locate clear,nodefault,wkd w...@gnupg.org
>
> FWIW,
>
>   gpg --locate-external-key w...@gnupg.org
>
> is much easier that the abvove long list of options.

FWIW

But it does not get the current version of the pubkey in some circumstances.
And the long version works in a few more elder GnuPG versions. ;)

Bernhard

-- 
https://intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Incompatible secret key format between 2.4.4 and 2.2.27?

[Werner Koch via Gnupg-users]

On Wed, 14 Feb 2024 11:24, Bernhard Reiter said:

> The following will get his pubkey by WKD on the command line:
>  gpg  --locate-keys --auto-key-locate clear,nodefault,wkd w...@gnupg.org


FWIW,

  gpg --locate-external-key w...@gnupg.org

is much easier that the abvove long list of options.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Incompatible secret key format between 2.4.4 and 2.2.27?

[Bernhard Reiter via Gnupg-users]

Am Dienstag 13 Februar 2024 15:50:55 schrieb mlist_e9e869bc--- via 
Gnupg-users:
> Is wk at gnupg.org the private email I can send the public key to you?

Yes, that is one of Werner's pubkeys.

The following will get his pubkey by WKD on the command line:
 gpg  --locate-keys --auto-key-locate clear,nodefault,wkd w...@gnupg.org

> I'm willing to send you a copy to examine but not publicly as that's
> (now I remember) a result of a dumb experiment.


-- 
https://intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Incompatible secret key format between 2.4.4 and 2.2.27?

[mlist_e9e869bc--- via Gnupg-users]

On 13/02/2024 09:57, Werner Koch 'wk at gnupg.org' wrote:
> Can you please try to import that key (with the v5 key signature) using
> a current 2.2. version (2.2.42)?  Or you can send me the public key by
> private mail so that I can check what's going on.
>
>
> Salam-Shalom,
>
> Werner
>
I couldn't find a distro with 2.2.42 so I have to compile it myself. I'm 
using Docker with ubuntu:latest.

In conclusion, the import failed.

```
$ gpg --version
gpg (GnuPG) 2.2.42
libgcrypt 1.9.4
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
     CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed

$ gpg --import PUBLIC_v5_certify.asc
gpg: packet(2) with unknown version 5
gpg: read_block: read error: Invalid packet
gpg: import from 'PUBLIC_v5_certify.asc' failed: Invalid keyring
gpg: Total number processed: 0
```

Is wk at gnupg.org the private email I can send the public key to you? 
I'm willing to send you a copy to examine but not publicly as that's 
(now I remember) a result of a dumb experiment.

Regards,
Hartman



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Incompatible secret key format between 2.4.4 and 2.2.27?

[Werner Koch via Gnupg-users]

On Sun, 11 Feb 2024 20:28, mlist_e9e869bc--- said:

> signature is done in Version 5, instead of Version 4 like other parts of 
> the key. With that certify signature removed, I can import the secret 
> key to GPG 2.2.27 no problem.

Can you please try to import that key (with the v5 key signature) using
a current 2.2. version (2.2.42)?  Or you can send me the public key by
private mail so that I can check what's going on.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Incompatible secret key format between 2.4.4 and 2.2.27?

[mlist_e9e869bc--- via Gnupg-users]

On 11/02/2024 18:09, IngoKlöcker 'kloecker at kde.org' wrote:
> Are you sure that the problem isn't the decryption? I checked the code and
> this error message is emitted by the armor/dearmor code. My guess is that the
> decryption fails and therefore outputs nothing and importing nothing results
> exactly in the above error message:
> ```
> $ echo "" | gpg --import -
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
> ```
>
> Regards,
> Ingo

Hello Ingo,

Thanks for the reply. It seems like the update I sent yesterday didn't 
went out. Apologize for being a noob on mailing list.

The problem is in the certify signature. For some reason a certify 
signature is done in Version 5, instead of Version 4 like other parts of 
the key. With that certify signature removed, I can import the secret 
key to GPG 2.2.27 no problem.

Now the unrelated decryption. It actually decrypt nicely to an armoured 
PGP private key block. However, it just not importable even with GPG 
2.4.4. I guess the data with in is corrupted but no way to verify.

Regards,
Hartman
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Incompatible secret key format between 2.4.4 and 2.2.27?

[Ingo Klöcker]

On Sonntag, 11. Februar 2024 02:05:52 CET mlist_e9e869bc--- via Gnupg-users 
wrote:
> I'm trying to import a key generated from GPG 2.4.4 to 2.2.27 but
> unsuccessful.
> 
> Upon importing, it returns `gpg: no valid OpenPGP data found.`
> 
> I tried with compliance options but it does nothing.
> 
> Command I used:
> 
> - export: `gpg -a --export-secret-subkey  | gpg -a -c
> --cipher-algo AES --force-mdc -o `
> - import: `gpg --decrypt -o - keys.sec.asc | gpg --import -`
> 
> What else I can do? I can't update the GPG version because one of my
> import device is an Android phone which stuck at 2.2.27 for quite a long
> time.

Are you sure that the problem isn't the decryption? I checked the code and 
this error message is emitted by the armor/dearmor code. My guess is that the 
decryption fails and therefore outputs nothing and importing nothing results 
exactly in the above error message:
```
$ echo "" | gpg --import -
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
```

Regards,
Ingo

signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users