Your message dated Thu, 16 Jul 2009 18:14:35 +0200
with message-id <1247760875.5922.49.ca...@leidi>
and subject line Re: Debian bug#191137: Interoperability problem with pgp 2.6.3i
has caused the Debian Bug report #191137,
regarding interoperability problem with pgp 2.6.3i
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
191137: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=191137
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gnupg
Version: 1.2.1-2
Severity: minor
PGP 2.6.3i has some stupid bugs where it doesn't check the type encoded
in the packet tag but checks the value of the byte directly. For example:
#define CTB_CERT_PUBKEY CTB_BYTE(CTB_CERT_PUBKEY_TYPE,1)
/* CTB_CERT_PUBKEY len16 timestamp userID mpi(n) mpi(e) crc16 */
and so it only accepts pubkey with 16-bit lengths. gnupg is generating
a pubkey with 8-bit lengths in some circumstances.
It might be the case that this isn't relevant; I'm investigating adding
support for v4 keys to the pgp 2.6 codebase and it's a v4 key that's
using an 8-bit length. Maybe gnupg is more careful when encoding a v3 key.
--
"It's not Hollywood. War is real, war is primarily not about defeat or
victory, it is about death. I've seen thousands and thousands of dead bodies.
Do you think I want to have an academic debate on this subject?" -- Robert Fisk
--- End Message ---
--- Begin Message ---
Am Donnerstag, den 16.07.2009, 14:45 +0200 schrieb Werner Koch:
> On Thu, 16 Jul 2009 12:52, [email protected] said:
> Hi,
>
> First of all PGP 2 is dead. The only reason it is still used is to
> allow decryption of old IDEA encrypted messages. PGP2 is not an OpenPGP
> application and thus compatibility with GnuPG is limited. You can't
> expect that PGP 2 groks OpenPGP messages.
>
> GnuPG 1.2 is also very old, thus I suggest to close the bug.
>
> >> > It might be the case that this isn't relevant; I'm investigating adding
> >> > support for v4 keys to the pgp 2.6 codebase and it's a v4 key that's
> >> > using an 8-bit length. Maybe gnupg is more careful when encoding a v3
> >> > key.
>
> I don't understand the problem. If someone is going to add v4 support
> to GPG 2, s/he need to add v4 support and that specifies different ways
> of encoding a length.
>
> The actual problem is a bit more complicated because the computation of
> a fingerprint requires a certain header format and one can't simply use
> the length from the header. See g10/keyid.c:hash_public_key.
>
> >> [1] http://bugs.debian.org/191137
>
> I suggest to close this bug.
>
> Salam-Shalom,
>
> Werner
Given the age of this report and Werners advice, I'm closing this
report. Please feel free to comment this decision and/or reopen your
report if necessary.
Regards, Daniel
--- End Message ---
