I found a mistake for the calculation of KEYBOX_FLAG_CREATED_AT:
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index 6fb99cac6..0b1da0a24 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -163,7 +163,7 @@ _keybox_get_flag_location (const unsigned char *buffer, size_t length, break; case KEYBOX_FLAG_CREATED_AT: *flag_size = 4; - *flag_off += 1+2+4+4+4; + *flag_off += 1+1+2+4+4; break; case KEYBOX_FLAG_SIG_INFO: *flag_size = siginfolen * nsigs;
The impact of this mistake is only for gpgsm which uses ephemeral blob, because access with KEYBOX_FLAG_CREATED_AT is only with ephemeral blob.
When compressing the keybox file, ephemeral blob might be removed wrongly or might be skipped wrongly.
It's not severe issue.