Page MenuHome GnuPG

Import problem due to disabled brainpool curves
Closed, WontfixPublic


RedHat and Fedora disable the Brainpool curves in Libgcrypt. This is not anticipated by GnuPG and cuases and wrror when writing the key. We need to compute the keygrip so that we can quickly search for keys by keygrip. Without support for the curves, this is not possible.

What we need to do:

  • Detect missing curves and don't import such keys or subkeys
  • Improve Libgcrypt's config output to print supported curves. This will help us to to evaluate such problems in the future.

Event Timeline

I would add "Provide a verbose message of why the key cannot be imported".

So with rjh example I would expect something like:

[rjh@localhost ~]$ gpg --import Downloads/keys.asc
gpg: key 1DCBDC01B44427C7: public key "Robert J. Hansen <>" imported
gpg: This version of GnuPG does not support brainpool P-512 keys
gpg: kbx: error computing keygrip.
gpg: import from 'Downloads/keys.asc' failed: unsupported key type

Or, if gnupg doesn't even know its name (e.g. it's a new algorithm), identify it by its algo id.

Right now, it would result in "your key is broken" support requests, which in the end happen to be "you are using a version of GnuPG too old, it's about time you update it!" (your distro crippled your copy is just a variant of this).

The error message should point along the direction that the key is (probably) fine, but their client support is not. A more verbose libgcrypt output would help for expert debugging, but if aunt Tilly needs to go so low-level, we are already in the wrong path.

werner claimed this task.

This will not be fixed. Brainpool is a standard feature of Libgcrypt and thus this is a bug in the used Libgcrypt installation. Note that although I recently fixed a new regression test for this case, I do not think that it is a good idea to add extra code for a broken Libgcrypt.