From Tavis Ormandy on gnupg-devel:
Hello, I noticed that if there are two opaque identical public subkey
packets, but one is truncated, gpg crashes on import in gcry_mpi_cmp()
I just did this to repro:
$ gpgcompose --public-key taviso --public-subkey taviso \
--user-id anything --public-subkey taviso \ | perl -p -e 's/(\xb9..\x04....)\x01/\1\xff/g' \ | head -c -1 | gpg --import
gpg: premature eof while reading rest of packet
gpg: signal Segmentation fault caught ... exiting
That ugly horrible regex is:
\xb9 : Find old-style public-subkey with 2 byte length
.. : skip over the length bytes
\x04 : looking for version 4
.... : skip over the timestamp
\x01 : change the algorithm so it's not recognized by gcry_mpi_cmp.
Then piping it into head to truncate the last packet.
I think it should work on any RSA public key, e.g. just replace
the --public-subkey taviso with the id, 4B092E28 works.