Page MenuHome GnuPG

Issue better error message for invalid OpenPGP RSA keys
Open, NormalPublic

Description

During testing of RNP's OpenSSL backend got to the case when GnuPG randomly generated invalid RSA signatures.
Further debugging showed that P and Q didn't meet the rule P < Q (yielding invalid U).
RNP worked with such keys, and my guess is libgcrypt utilizes U in calculations, while OpenSSL doesn't.

While it's okay to behave incorrectly on an invalid secret key, confusing things here are:

  • import of invalid secret key without any warning
  • randomly erroring signing: it may happen on 2nd sign operation or succeed for 100 calls.

Sample secret key and some helper scripts attached.

Details

Version
2.3.1

Event Timeline

werner triaged this task as Normal priority.Mon, Oct 11, 5:45 PM
werner edited projects, added Feature Request, gnupg (gpg23); removed Bug Report.
werner added a subscriber: werner.

OpenPGP requires the P < U property and gpg does also. In some parts of the GnuPG we re-calculate the CRT parameters but not in these code paths. Right, a better error message would be appropriate. I'll turn this into a feature request.

werner renamed this task from GnuPG randomly generates invalid RSA signatures if secret key has P > Q. to Issue better error message for invalid OpenPGP RSA keys.Mon, Oct 11, 5:45 PM
werner added a project: OpenPGP.