Unusual incompatibility with PGP6 PhotoID's
Open, LowPublic

Description

It appears that GPG is unable to import PGP6 keys so long as the picture you add for a PhotoID ends up being larger than 8KiB (actually it's not exactly 8KiB but a lil over that yet within the 8Kib range) after PGP6's done re-encoding it.

The error reads as follows: "partial length invalid for packet type 17"

The interesting part is that taking a regular PGP6 key (generated from PGP6 itself) and adding the PhotoID directly from GPG, causes no problem whatsoever no matter the size of the picture.

Such a behavior would prompt me to believe this is an issue related to some of the guesswork done on the PGP6 PhotoID format years ago (assuming the GPG team didn't have access to PGP6's source code) which possibly assumed a safe, upper limit for this data given that most PhotoID's seldom appear to grow beyond 4KiB under normal circumstances.

As you can already tell, this is virtually inconsequential because the only way to get a PhotoID this big with PGP6 is to start with a random noise picture which obviously isn't going to happen naturally.

Attached I'm leaving 2 private keys for testing (the password for both of them is "12345678" without the ""). They're exactly a 100% the same except for a few bytes, the bytes that account for the missing pixel row in the importable (working) key.

I can't even think of anything that's less of a priority than this, but I'm reporting it just for the sake of correctness, if nothing else.

Tested on 32-Bit WinXP SP3 with 2.1.23.

Best regards.

Details

Version
2.1.23
Kelbom68 created this task.Aug 27 2017, 7:04 PM
werner triaged this task as Low priority.Aug 27 2017, 9:04 PM
werner added projects: gnupg, OpenPGP.
werner added a subscriber: werner.

IIRC, rfc2440 did not forbid partial length encoding for key-material so gpg could use that. rfc4880 limits partial length encoding to non-key-material which causes this error message.

Actually there was no need for guesswork despite that we never looked at the PGP source code. Derek Atkins of PGP has always been kind enough to answer our questions. As you somehow suggest, I give this bug a low priority. Thanks for reporting.