Change Details

On Fedora 29, it is possible to use batch file to generate El Gamal key as follows: # cat bob-ELG-2048.batch Key-Type: ELG Key-Length: 2048 Name-Real: bob-ELG-2048 Name-Email: bob-ELG-2048@foo.bar Expire-Date: 0 Passphrase: password %commit # gpg2 --trust-model always --homedir /tmp/.gnupg --gen-key --batch bob-ELG-2048.batch gpg: directory '/root/.gnupg' created gpg: keybox '/root/.gnupg/pubring.kbx' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: directory '/root/.gnupg/openpgp-revocs.d' created gpg: error reading rest of packet: Invalid argument gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/D02E65C1D80D0B08DF3311BB16D7ACB5E62DE782.rev' Even though this key generation fails and exits with non-zero and gnupg2 then keep reporting issues when using keys: # gpg2 --homedir .gnupg --list-keys gpg: checking the trustdb gpg: error reading rest of packet: Invalid argument gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: error reading rest of packet: Invalid argument /root/.gnupg/pubring.kbx ------------------------ pub elg2048 2019-01-21 [CE] D02E65C1D80D0B08DF3311BB16D7ACB5E62DE782 uid [ultimate] bob-ELG-2048 <bob-ELG-2048@foo.bar> Apparently, ELG key should only be creatd as a sub-key connected with some primary key using --full-gen-key. Therefore gpg2 should better fail when --gen-key is used with ELG key type so that it does not end up with "a half-key" in the key database.

On Fedora 29, it is possible to use batch file to generate El Gamal key as follows: ``` # cat bob-ELG-2048.batch Key-Type: ELG Key-Length: 2048 Name-Real: bob-ELG-2048 Name-Email: bob-ELG-2048@foo.bar Expire-Date: 0 Passphrase: password %commit # gpg2 --trust-model always --homedir /tmp/.gnupg --gen-key --batch bob-ELG-2048.batch gpg: directory '/root/.gnupg' created gpg: keybox '/root/.gnupg/pubring.kbx' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: directory '/root/.gnupg/openpgp-revocs.d' created gpg: error reading rest of packet: Invalid argument gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/D02E65C1D80D0B08DF3311BB16D7ACB5E62DE782.rev' ``` Even though this key generation fails and exits with non-zero and gnupg2 then keep reporting issues when using keys: ``` # gpg2 --homedir .gnupg --list-keys gpg: checking the trustdb gpg: error reading rest of packet: Invalid argument gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: error reading rest of packet: Invalid argument /root/.gnupg/pubring.kbx ------------------------ pub elg2048 2019-01-21 [CE] D02E65C1D80D0B08DF3311BB16D7ACB5E62DE782 uid [ultimate] bob-ELG-2048 <bob-ELG-2048@foo.bar> ``` Apparently, ELG key should only be creatd as a sub-key connected with some primary key using --full-gen-key. Therefore gpg2 should better fail when --gen-key is used with ELG key type so that it does not end up with "a half-key" in the key database.

On Fedora 29, it is possible to use batch file to generate El Gamal key as follows: ``` # cat bob-ELG-2048.batch Key-Type: ELG Key-Length: 2048 Name-Real: bob-ELG-2048 Name-Email: bob-ELG-2048@foo.bar Expire-Date: 0 Passphrase: password %commit # gpg2 --trust-model always --homedir /tmp/.gnupg --gen-key --batch bob-ELG-2048.batch gpg: directory '/root/.gnupg' created gpg: keybox '/root/.gnupg/pubring.kbx' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: directory '/root/.gnupg/openpgp-revocs.d' created gpg: error reading rest of packet: Invalid argument gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/D02E65C1D80D0B08DF3311BB16D7ACB5E62DE782.rev' ``` Even though this key generation fails and exits with non-zero and gnupg2 then keep reporting issues when using keys: ``` # gpg2 --homedir .gnupg --list-keys gpg: checking the trustdb gpg: error reading rest of packet: Invalid argument gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: error reading rest of packet: Invalid argument /root/.gnupg/pubring.kbx ------------------------ pub elg2048 2019-01-21 [CE] D02E65C1D80D0B08DF3311BB16D7ACB5E62DE782 uid [ultimate] bob-ELG-2048 <bob-ELG-2048@foo.bar> ``` Apparently, ELG key should only be creatd as a sub-key connected with some primary key using --full-gen-key. Therefore gpg2 should better fail when --gen-key is used with ELG key type so that it does not end up with "a half-key" in the key database.