Page MenuHome GnuPG

Bad self-signatures and missing subkey usage flags when creating ECDSA/Ed25519 keys in batch mode
Open, LowPublic

Description

Using the unattended key generation process with the primary key being an ECDSA with the Ed25519 curve I get reports of bad signatures and the subkeys added to the primary key do not list any usage flags in the key listing outputs.

I can reproduce this on openSUSE Leap (kernel 4.4.104-39-default), Kubuntu (kernel 4.10.0-42-generic), and Fermi Linux [An Enterprise Linux spin] (kernel 3.10.0-693.5.2.el7.x86_64). In all cases I have the current, as of 2018-01-19, versions installed from the tarballs, along with the latest versions of any dependencies from the distro's respective repos. The Fermi and Kubuntu distros are all fresh and unused installs (except for updates) that I installed the tarballs into. I kept a log for each program/library build on Fermi and Kubuntu. I created a script to follow the same steps on all three distros and recorded the results. All the keys were created in a disposable directory and were scrubbed, so the data in the reports is safe, as far a I understand it.

The problem only occurs when the key is created in batch mode, and only for Ed25519 curves, but it happens for any subkey of any algo of the key, batch mode or otherwise. Batch mode creation of an NIST p256 key works as expected, and a manual (normal) process of creating an Ed25519 key does not have the same problem.

GnuPG 2.2.4
Libgpg-error 1.27
Libgcrypt 1.8.2
Libksba 1.3.5
Libassuan 2.5.1
ntbTLS 0.1.2
nPth 1.5
Pinentry 1.1.0

The attached file{F255226} includes the config files and complete commands to reproduce the bug as well as the output from those commands. The logs from the noted installs are not attached, but can be provided if useful.

I am willing to recompile/reinstall the libraries or program with any debugging, tracing you might need for a deeper look if so desired.

I am also willing to install/test any patches if it will be helpful.

Details

Version
GnuPG v2.2.4/libgcrypt v1.8.2

Event Timeline

werner triaged this task as Normal priority.Jan 22 2018, 10:38 AM
werner added a project: gnupg (gpg22).
werner added a subscriber: werner.

You can't use the curve Ed25519 with ECDSA; you need to use EdDSA, The error checking when using the parameter file does not catch all errors. It should do this of course.

Anyway, I would recommend to use

gpg --batch --status-fd 2 --passphrase abc --quick-gen-key 'my user id'  ed25519

to create the key. (Use --yes if you want to create a key with the same user id already in your keyring.)

werner lowered the priority of this task from Normal to Low.Aug 29 2018, 2:57 PM