GPG Signature Verification
Hello and thank you for taking the time to help out! I am developing my own implementation of the PGP specification and have a question regarding the signature generation/verification for Transferable Public Keys that maybe one of you could help shed some light on. Currently I create a single primary RSA key and userID and bind the two with a certification self-signature (0x13). When importing this certificate into GPG I get a a signature verification failure which prevents the certificate from importing. I've read through the rfc4880, 5.2.4 - Computing Signatures section quite thoroughly and believe I am generating the signature properly - Signing the Hash context of the primary key + user ID + signature data (V4). One thing I notice in the debug info is that the first several few bytes of the rsa_verify data and rsa_verify cmp do not match. DBG: rsa_verify data:+01ff \ DBG: \ DBG:ff0030 31300d06096086480165030402010500042007 \ DBG: 3d952c71b2d7c2c945c60f828f087e1d517774f84fe30825f18709659466e7 DBG: rsa_verify cmp:+01ff \ DBG: \ DBG:ff0030 2f300b0609608648016503040201042007 \ DBG: 3d952c71b2d7c2c945c60f828f087e1d517774f84fe30825f18709659466e7 Does anyone know exactly what this verify data is comprised of? I notice that the hash of the (Primary Key + UserID + Signature Data hash context) = 073D952C71B2D7C2C945C60F828F087E1D517774F84FE30825F18709659466E7 which seems to match for both the verify data and cmp. I've attached my public key and debug log but please let me know if there is any other information that might be helpful. (See attached file: exportZPGPTest.bin)(See attached file: debug.txt) Thanks Again! exportZPGPTest.bin Description: Binary data gpg: NOTE: no default option file `C:/Users/IBM_ADMIN/AppData/Roaming/gnupg/gpg.conf' gpg: enabled debug flags: packet mpi cipher filter iobuf memory cache memstat trust hashing extprog cardio assuan gpg: DBG: fd_cache_open (C:\\cygwin\\home\\Paul\\exportZPGPTest.bin) not cached gpg: DBG: iobuf-1.0: open `C:\\cygwin\\home\\Paul\\exportZPGPTest.bin' fd=216 gpg: DBG: armor-filter: control: 5 gpg: DBG: iobuf-1.1: push `armor_filter' gpg: DBG: armor-filter: control: 5 gpg: DBG: iobuf chain: 1.1 `armor_filter' filter_eof=0 start=0 len=0 gpg: DBG: iobuf chain: 1.0 `file_filter(fd)' filter_eof=0 start=0 len=0 gpg: DBG: armor-filter: control: 1 gpg: DBG: iobuf-1.1: underflow: req=8192 gpg: DBG: armor-filter: control: 3 gpg: DBG: iobuf-1.0: underflow: req=8192 gpg: DBG: iobuf-1.0: underflow: got=489 rc=0 gpg: DBG: iobuf-1.1: underflow: got=339 rc=0 gpg: DBG: parse_packet(iob=1): type=6 length=266 (new_ctb) (parse.../../gnupg2-2.0.30/g10/import.c.426) gpg: DBG: parse_packet(iob=1): type=13 length=33 (new_ctb) (parse.../../gnupg2-2.0.30/g10/import.c.426) gpg: DBG: parse_packet(iob=1): type=2 length=183 (new_ctb) (parse.../../gnupg2-2.0.30/g10/import.c.426) gpg: DBG: iobuf-1.1: underflow: req=8192 gpg: DBG: armor-filter: control: 3 gpg: DBG: iobuf-1.0: underflow: req=8192 gpg: DBG: iobuf-1.0: underflow: got=0 rc=-1 gpg: DBG: C:\\cygwin\\home\\Paul\\exportZPGPTest.bin: close handle 00D8 gpg: DBG: fd_cache_close (C:\\cygwin\\home\\Paul\\exportZPGPTest.bin) new slot created gpg: DBG: iobuf-1.0: underflow: eof gpg: DBG: iobuf-1.1: underflow: got=150 rc=0 gpg: DBG: iobuf-1.1: underflow: req=8192 gpg: DBG: armor-filter: control: 3 gpg: DBG: iobuf-1.0: underflow: eof (due to filter eof) gpg: DBG: iobuf-1.1: underflow: got=0 rc=-1 gpg: DBG: armor-filter: control: 2 gpg: DBG: iobuf-1.1: pop in underflow (!len) gpg: DBG: iobuf chain: 1.0 `[none]' filter_eof=0 start=489 len=489 gpg: DBG: iobuf-1.0: underflow: eof DBG: rsa_verify data:+01ff \ DBG: \ DBG: ff003031300d06096086480165030402010500042007 \ DBG: 3d952c71b2d7c2c945c60f828f087e1d517774f84fe30825f18709659466e7 DBG: rsa_verify sig:+4b51361220fd95fd2a927d40e18408a37d3a2dcad3394afe71e2236181f612a6 \ DBG: 0e425b0cd93c7f0d1039717a86a054f5900519266fd23c09d40944ff9c8ae8e8 \ DBG: 1e40d9aa7e22447503625f7fdb825abb49e4aef939d58ff3678b338c6bcfa8ef \ DBG: 41e5eac439d49a94483e5d923590895b8e6f3b6ae00c5f0c0d5a9dc47cbb8e46 DBG: rsa_verify n:+e2bcdf54bea85f021949eb68eb5641d829b2020d76e6ec224fe41fc5da38ffd5 \ DBG: fc8bd703ae7c2af04155a5896756d5c91fcf9d1fb45c83d74fbeeb1369423e15 \ DBG: 32b26af4d47e354b6761db4a9244bfc7e017c8568ada52e399bd14f3c53e6a6a \ DBG:
Re: Cannot encrypt to reenabled key after migration
Title: Re: Cannot encrypt to reenabled key after migration Hi Am Mittwoch, 12. April 2017, 13:45:09 schreiben Sie: Hey folks, I have a keypair that was created with gpg 1.4.20 and currently is disabled. I installed gpg 2.1.20 and tried to enable this key, but get the following error: \>gpg --edit-key testkey gpg (GnuPG) 2.1.20; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: starting migration from earlier GnuPG versions gpg: porting secret keys from '.../gnupgHome/secring.gpg' to gpg-agent gpg: key C4EE06ABF10675C4: secret key imported gpg: migration succeeded gpg: checking the trustdb gpg: waiting for file '.../gnupgHome/pubring.gpg' to become accessible ... gpg: waiting for file '.../gnupgHome/pubring.gpg' to become accessible ... gpg: waiting for file '.../gnupgHome/pubring.gpg' to become accessible ... gpg: waiting for file '.../gnupgHome/pubring.gpg' to become accessible ... Yes, exactly same problem on Windows 7 - 32bit Version. I swichted back to GnuPG 2.1.19 - and there this problem doesn't exist. -- Regards Martin mailto:msch...@gmail.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
