Page MenuHome GnuPG

gnupg 2.1.1 regression: keyring_get_keyblock: read error: Invalid packet
Closed, ResolvedPublic

Description

An update to gnupg 2.1.1 causes me and some other users (see link to the
ArchLinux bugtracker) to be unable to use our keyring. Example:

gpg --list-secret-keys -vvvvvv:
gpg: using character set 'iso-8859-1'
gpg: using PGP trust model
gpg: key abc: accepted as trusted key
gpg: key def: accepted as trusted key
gpg: packet(6) with obsolete version 3
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring

I could narrow down the issue to change 94a5442. Reverting it allows me to use
the keyring again.

I assume the cause of this issue is some old version key in the keyring, but I
think this shouldn't render the whole keyring unusable.

Please tell me if I can provide any further useful information.

Details

External Link
https://bugs.archlinux.org/task/43173
Version
2.1.1

Event Timeline

bevan set External Link to https://bugs.archlinux.org/task/43173.Dec 21 2014, 2:27 PM
bevan set Version to 2.1.1.
bevan added projects: Arch, gnupg, Bug Report.
bevan added a subscriber: bevan.

I would be helpful if you could provide an example keyring and a list of keys
which have a secret key. As an alternative I like to know:

  • Are you using the keybox or the keyring format (commonly ".kbx" or ".gpg").
  • Is the version 3 key the first, inbetween, or the last key in the key storage?

Just noticed: It is a keyring. So first question already answered.

I can send my keyring to you but I would not like to make it public. Is a private
mail with a download link ok?

Reducing priority from critical to urgent since there is now a workaround known:

  • move .gnupg to .gnupg.old
  • gpg --import .gnupg.old/pubring.gpg
  • gpg --import .gnupg.old/secring.gpg
  • cp .gnupg.old/trustdb.gpg .gnupg

Also using a version with 94a5442 reverted and importing a new key seems to fix
this issue for me also when 94a5442 is applied again afterwards.

I can send you both versions of the keyring, a defect and a working one.

bevan lowered the priority of this task from Unbreak Now! to High.Dec 23 2014, 11:24 AM

Yes, please send by private mail. You might already know my key:

pub dsa2048/F2AD85AC1E42B367 2007-12-31 [expires: 2018-12-31]

Key fingerprint = 8061 5870 F5BA D690 3336  86D0 F2AD 85AC 1E42 B367

uid [ full ] Werner Koch <wk@gnupg.org>

werner lowered the priority of this task from High to Normal.Jan 2 2015, 5:17 PM
bevan claimed this task.

This issue seems to be gone with gnupg 2.1.2. Thanks for the fix :)