Page MenuHome GnuPG
Create Task
Maniphest T1793

gnupg 2.1.1 regression: keyring_get_keyblock: read error: Invalid packet
Closed, ResolvedPublic
Actions

Description

An update to gnupg 2.1.1 causes me and some other users (see link to the
ArchLinux bugtracker) to be unable to use our keyring. Example:

gpg --list-secret-keys -vvvvvv:
gpg: using character set 'iso-8859-1'
gpg: using PGP trust model
gpg: key abc: accepted as trusted key
gpg: key def: accepted as trusted key
gpg: packet(6) with obsolete version 3
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring

I could narrow down the issue to change 94a5442. Reverting it allows me to use
the keyring again.

I assume the cause of this issue is some old version key in the keyring, but I
think this shouldn't render the whole keyring unusable.

Please tell me if I can provide any further useful information.

Details

External Link
https://bugs.archlinux.org/task/43173
Version
2.1.1

Related Objects

Event Timeline

bevan set External Link to https://bugs.archlinux.org/task/43173.Dec 21 2014, 2:27 PM
bevan set Version to 2.1.1.
bevan added projects: Arch, gnupg, Bug Report.
bevan added a subscriber: bevan.
werner added a subscriber: werner.Dec 22 2014, 3:00 PM

I would be helpful if you could provide an example keyring and a list of keys
which have a secret key. As an alternative I like to know:

  • Are you using the keybox or the keyring format (commonly ".kbx" or ".gpg").
  • Is the version 3 key the first, inbetween, or the last key in the key storage?
werner added a comment.Dec 22 2014, 3:00 PM

Just noticed: It is a keyring. So first question already answered.

bevan added a comment.Dec 22 2014, 5:14 PM

I can send my keyring to you but I would not like to make it public. Is a private
mail with a download link ok?

bevan added a comment.Dec 23 2014, 11:24 AM

Reducing priority from critical to urgent since there is now a workaround known:

  • move .gnupg to .gnupg.old
  • gpg --import .gnupg.old/pubring.gpg
  • gpg --import .gnupg.old/secring.gpg
  • cp .gnupg.old/trustdb.gpg .gnupg

Also using a version with 94a5442 reverted and importing a new key seems to fix
this issue for me also when 94a5442 is applied again afterwards.

I can send you both versions of the keyring, a defect and a working one.

bevan lowered the priority of this task from Unbreak Now! to High.Dec 23 2014, 11:24 AM
werner added a comment.Dec 23 2014, 12:11 PM

Yes, please send by private mail. You might already know my key:

pub dsa2048/F2AD85AC1E42B367 2007-12-31 [expires: 2018-12-31]

Key fingerprint = 8061 5870 F5BA D690 3336  86D0 F2AD 85AC 1E42 B367

uid [ full ] Werner Koch <wk@gnupg.org>

werner lowered the priority of this task from High to Normal.Jan 2 2015, 5:17 PM
werner mentioned this in T1802: broken keyring on 2.1.1.Mar 30 2017, 7:14 PM
bevan closed this task as Resolved.Feb 24 2015, 11:43 AM
bevan claimed this task.

This issue seems to be gone with gnupg 2.1.2. Thanks for the fix :)