Page MenuHome GnuPG

Failure to export secret key (Can't encode length=518 in a 2 byte header!)
Closed, ResolvedPublic

Description

I've reproduced this two times in a row with the settings outlined below.
If I generate the secret key with gnupg1 and import it into gnupg2.1 i can
export an RSA1024 bit key.

To reproduce:

(kf5) aheinecke@esus ~> export GNUPGHOME=$(mktemp -d)
(kf5) aheinecke@esus ~> gpg2 --expert --full-gen-key
gpg (GnuPG) 2.1.12-beta124; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: keybox '/tmp/tmp.DuNSaNFkRy/pubring.kbx' created
Please select what kind of key you want:

 (1) RSA and RSA (default)
 (2) DSA and Elgamal
 (3) DSA (sign only)
 (4) RSA (sign only)
 (7) DSA (set your own capabilities)
 (8) RSA (set your own capabilities)
 (9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)

Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want for the subkey? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.

   0 = key does not expire
<n>  = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years

Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Test 1024 bit 3
Email address: foo@example.com
Comment:
You selected this USER-ID:

    "Test 1024 bit 3 <foo@example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /tmp/tmp.DuNSaNFkRy/trustdb.gpg: trustdb created
gpg: key A48E7304 marked as ultimately trusted
gpg: directory '/tmp/tmp.DuNSaNFkRy/openpgp-revocs.d' created
gpg: revocation certificate stored as
'/tmp/tmp.DuNSaNFkRy/openpgp-revocs.d/EB18299EED1CDC4F34C8F5CC4916D4F4A48E7304.rev'
public and secret key created and signed.

gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: PGP
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub rsa1024/A48E7304 2016-04-05 [S]

Key fingerprint = EB18 299E ED1C DC4F 34C8  F5CC 4916 D4F4 A48E 7304

uid [ultimate] Test 1024 bit 3 <foo@example.com>
sub rsa1024/8098ABFB 2016-04-05 []

(kf5) aheinecke@esus ~> gpg2 --export-secret-key
EB18299EED1CDC4F34C8F5CC4916D4F4A48E7304
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: Ohhhh jeeee: Can't encode length=518 in a 2 byte header!
[1] 20101 abort gpg2 --export-secret-key
EB18299EED1CDC4F34C8F5CC4916D4F4A48E7304

Details

Version
master

Event Timeline

Fixed in 02cf135.

What happens is that the header length is taken from the public key in the
keyring. For the 1024 bit RSA key it happens that the public key is encoded
into an packet of length 141 bytes, a length that can be encoded in one byte.
The secret key however is significantly larger.

I see no benefit in using the stored length, and the fix is letting
write_header2 figure out the required length on its own.