Comments (6)
link2xt
commented on September 21, 2024
I produced another example with gpg as well:
-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEZXN7vhYJKwYBBAHaRw8BAQdAfkr84guRcAVCSK3NpS5vlqXBg04+y28mZ6hu
3MxVfhYAAQDDqxDd75+NfHT2XiXzHRh4nityqdxxHU/piWdHNQLOMg90tBFhbGlj
ZUBleGFtcGxlLm9yZ5xdBGVze74SCisGAQQBl1UBBQEBB0BTktPN/mWzt9XjFitw
i0DBOjVBRh6HyVRZDSNUseJqdAMBCAcAAP9ytIdby2BidflOyD1pIm41Rt7CfNr3
onv3LEpJdLk5eBFniHgEGBYIACAWIQT/KJLR2z/w/tKKh//wqCpjjtD2QAUCZXN7
vgIbDAAKCRDwqCpjjtD2QAdrAP9ZDINPMlx1jQaf9W35gRl893wFgN5o9M4MRirw
9+SwVwEAjJ90DJEWMjSWiGZVnKVnEFdVRsodxqt/Xzo92c6cEQ8=
=h/01
-----END PGP PRIVATE KEY BLOCK-----
I created a new key, ran gpg --edit-key, selected UserID with uid 1 command and deleted the signature with delsig command, then saved the key with save command and exported it. Full process is described here:
The process is described in https://support.delta.chat/t/cannot-import-private-key-from-text-file/2846/6?u=link2xt
from rpgp.
dignifiedquire
commented on September 21, 2024
this shouldn’t panic, but is certainly not a valid key
from rpgp.
link2xt
commented on September 21, 2024
.verify() actually passes, because it only checks that signatures on UserIDs are correct. If there is no signature or no UserID, it is fine.
from rpgp.
hko-s
commented on September 21, 2024
I think the reason for this problem is that, historically, the metadata for the primary key lives on the binding signature of the "primary User ID". The attempt to extract an unsigned KeyDetails involves attempting to gather information from disparate places in the source SignedKeyDetails.
Concretely: the KeyFlags for the primary key are assumed to be on the primary key binding signature Those KeyFlags are the most blatant thing that's missing in your tests, I think.
This kind of operation is very hairy, because OpenPGP certificates/public keys are complex, and it's not very rigorously defined what the semantics of a given set of key, signature and identity packets are supposed to be.
I'm not sure how to proceed with this problem, and wonder what the practical application is - in what context(s) is SignedKeyDetails::as_unsigned used?
from rpgp.
dignifiedquire
commented on September 21, 2024
we should just fail when reading this key, or return an error, I don’t think this is a format rpgp needs to support, just because the rfc is too vague
from rpgp.
dignifiedquire
commented on September 21, 2024
I got convinced that we will need to add proper support for this…
from rpgp.
Related Issues (20)
- feat(armor): write line breaks according to the detected os
- Unsupported: "Unsupported key version 47" HOT 2
- Should add an API to issue third-party certifications (e.g. over a UserId)
- Compilation error in asm-hashes "crate does not support Windows targets" HOT 1
- Message::from_reader_many sometimes fails with "failed reading: armor header: not enough bytes" when reading from pipe HOT 1
- implement reader function for Message that can handle both armored and unarmored input HOT 1
- PQC Support (Draft) HOT 4
- Automatic Forwarding for ECDH Curve25519 OpenPGP messages (Draft)
- Persistent Symmetric Keys in OpenPGP (Draft)
- Implement crypto refresh/v6 Support
- Maybe rename PublicKey/PublicSubkey::sign() to be more expressive
- Support for librepgps AEAD HOT 7
- Improve error message about packet type 20
- Decrypting file with secret key outputs content prefixed with header HOT 2
- Encode Message into raw format HOT 3
- Review checks in composed/signed_key/public
- Extend composed/key/builder tests to do encrypt/decrypt roundtrips with generated keys
- Add benchmarks for v6 keys and messages
- Normalize use of rngs in the tests
- Add fuzz testing HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rpgp.