Control: reopen 1010171 Control: reassign 1010171 src:gnupg2 2.2.34-1 Control: affects 1010171 + sbuild Control: tags 1010171 + patch Control: forwarded 1010171 https://dev.gnupg.org/T5953
I've tracked this problem down to a change in upstream that was intended to accomodate non-standards-compliant secret key material. I'm going to revert that change in debian (using the attached patch) until we can figure out how to support both existing, standards-compliant key material and the "SOS"-formatted secret keys. The change made to sbuild (supplying --batch for key import) is still the right change to make, but it was insufficient to resolve the problem. --dkg
From a86a3026218c2d5ac7cd898666b8ef60a5734bb9 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <d...@fifthhorseman.net> Date: Wed, 27 Apr 2022 16:57:28 -0400 Subject: [PATCH] gpg: import Ed25519 private keys as MPIs * g10/parse-packet.c (parse_key): Use mpi_read for Ed25519 private key. -- This functionally reverts 14de7b1e5904e78fcbe413a82d0f19b750bd8830, because it caused breakage with sbuild's continuous integration testing, which uses gpg via debsign (see https://bugs.debian.org/1010171) In particular, it fixes the use of the following two commands with an unencrypted Ed25519 secret key where the full 256-bits are used in the secret scalar: gpg --allow-secret-key-import --import gpg --batch --detach-sign I guess this also unfortunately breaks importing "SOS"-formatted secret keys as a byproduct, though I don't fully understand the mechanism. The upstream test suite should probably be updated to include samples of each of these flavors of secret key material, and ensure that they can be imported and used directly. --- g10/parse-packet.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 6a529707a..7eb2d03b0 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2805,10 +2805,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, goto leave; } n = pktlen; - if (algorithm == PUBKEY_ALGO_EDDSA) - pk->pkey[i] = sos_read (inp, &n, 0); - else - pk->pkey[i] = mpi_read (inp, &n, 0); + pk->pkey[i] = mpi_read (inp, &n, 0); pktlen -= n; if (list_mode) { -- 2.35.1
signature.asc
Description: PGP signature