Page MenuHome GnuPG

gpg2 should reject ELG key type when generating keys from batches using --gen-key
Closed, ResolvedPublic

Description

On Fedora 29, it is possible to use batch file to generate El Gamal key as follows:

# cat bob-ELG-2048.batch
Key-Type: ELG
Key-Length: 2048
Name-Real: bob-ELG-2048
Name-Email: bob-ELG-2048@foo.bar
Expire-Date: 0
Passphrase: password
%commit

# gpg2 --trust-model always --homedir /tmp/.gnupg --gen-key --batch bob-ELG-2048.batch
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: error reading rest of packet: Invalid argument
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/D02E65C1D80D0B08DF3311BB16D7ACB5E62DE782.rev'

Even though this key generation fails and exits with non-zero and gnupg2 then keep reporting issues when using keys:

# gpg2 --homedir .gnupg --list-keys
gpg: checking the trustdb
gpg: error reading rest of packet: Invalid argument
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: error reading rest of packet: Invalid argument
/root/.gnupg/pubring.kbx
------------------------
pub   elg2048 2019-01-21 [CE]
      D02E65C1D80D0B08DF3311BB16D7ACB5E62DE782
uid           [ultimate] bob-ELG-2048
<bob-ELG-2048@foo.bar>

Apparently, ELG key should only be creatd as a sub-key connected with some primary key using --full-gen-key. Therefore gpg2 should better fail when --gen-key is used with ELG key type so that it does not end up with "a half-key" in the key database.

Details

Version
gnupg2-2.2.9-1.fc29

Related Objects