Change Details

I generated a key using Scallion with a chosen 32-bit key ID of 0x00000000. GPG breaks slightly, when trust for the key is set to 'ultimate': =============== $ export GNUPGHOME=$HOME/gpgkey0 $ mkdir $HOME/gpgkey0 $ gpg --import keys-00000000.asc gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg: keybox '/home/steven/gpgkey0/pubring.kbx' created gpg: /home/steven/gpgkey0/trustdb.gpg: trustdb created gpg: key 245A210A00000000: public key "key test <keytest@example.com>" imported gpg: key 245A210A00000000: "key test <keytest@example.com>" not changed gpg: key 245A210A00000000: secret key imported gpg: Total number processed: 2 gpg: imported: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 $ gpg --edit-key 245A210A00000000 gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: unknown validity: unknown [ unknown] (1). key test <keytest@example.com> gpg> trust sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: unknown validity: unknown [ unknown] (1). key test <keytest@example.com> Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: ultimate validity: unknown [ unknown] (1). key test <keytest@example.com> Please note that the shown key validity is not necessarily correct unless you restart the program. gpg> save Key not changed so no update needed. $ gpg --list-keys gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg: keydb_search failed: Invalid value gpg: Oops: keyid_from_fingerprint: no pubkey gpg: checking the trustdb gpg: public key of ultimately trusted key 0000000000000000 not found gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u /home/steven/gpgkey0/pubring.kbx -------------------------------- pub rsa4096 2016-09-18 [SCEA] 2B14EC5AAD9A9ADBBBAA7478245A210A00000000 uid [ unknown] key test <keytest@example.com> $ gpg --debug-level guru --edit-key 2B14EC5AAD9A9ADBBBAA7478245A210A00000000 gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing cardio ipc clock lookup extprog gpg: DBG: [not enabled in the source] start gpg: DBG: [not enabled in the source] keydb_new gpg: DBG: [not enabled in the source] keydb_search enter gpg: DBG: keydb_search: 1 search descriptions: gpg: DBG: keydb_search 0: FPR20: '2B14 EC5A AD9A 9ADB BBAA 7478 245A 210A 0000 0000' gpg: DBG: keydb_search: searching keybox (resource 0 of 1) gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Success gpg: DBG: [not enabled in the source] keydb_search leave (found) gpg: DBG: [not enabled in the source] keydb_get_keybock enter gpg: DBG: parse_packet(iob=1): type=6 length=526 (parse.keydb.c.1173) gpg: DBG: parse_packet(iob=1): type=13 length=30 (parse.keydb.c.1173) gpg: DBG: parse_packet(iob=1): type=2 length=569 (parse.keydb.c.1173) gpg: DBG: iobuf-1.0: underflow: buffer size: 1133; still buffered: 0 => space for 1133 bytes gpg: DBG: [not enabled in the source] keydb_get_keyblock leave gpg: DBG: finish_lookup: checking key 00000000 (all)(req_usage=0) gpg: DBG: using key 00000000 gpg: DBG: public key 245A210A00000000: timestamp: 2016-09-18 02:56:33 (1474167393) gpg: DBG: user id: key test <keytest@example.com> [ snipped ] Secret key is available. gpg: DBG: [not enabled in the source] keydb_new gpg: DBG: [not enabled in the source] keydb_search enter gpg: DBG: keydb_search: 1 search descriptions: gpg: DBG: keydb_search 0: FPR16: '2B14EC5AAD9A9ADBBBAA7478245A210A' gpg: DBG: keydb_search: searching keybox (resource 0 of 1) gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Invalid value gpg: DBG: [not enabled in the source] keydb_search leave (not found) gpg: keydb_search failed: Invalid value gpg: Oops: keyid_from_fingerprint: no pubkey gpg: DBG: get_keygrip for public key gpg: DBG: keygrip= 7C 3F D1 21 A9 BF 67 3D B2 18 02 B5 B4 9B CF 96 5D D6 1E 18 gpg: DBG: chan_4 -> KEYINFO 7C3FD121A9BF673DB21802B5B49BCF965DD61E18 gpg: DBG: chan_4 <- S KEYINFO 7C3FD121A9BF673DB21802B5B49BCF965DD61E18 D - - - P - - - gpg: DBG: chan_4 <- OK sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: ultimate validity: unknown [ unknown] (1). key test <keytest@example.com> =============== Note that it tries to search with an FPR16 instead of FPR20. Doing this prevents it from breaking: $ git diff -U4 diff --git a/g10/trustdb.c b/g10/trustdb.c index f5b4008..a79df3f 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -267,15 +267,19 @@ verify_own_keys(void) byte *fpr = rec.r.trust.fingerprint; int fprlen; u32 kid[2]; +#if 0 /* Problem: We do only use fingerprints in the trustdb but * we need the keyID here to indetify the key; we can only * use that ugly hack to distinguish between 16 and 20 * butes fpr - it does not work always so we better change * the whole validation code to only work with * fingerprints */ fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20; +#else + fprlen = 20; +#endif keyid_from_fingerprint (fpr, fprlen, kid); if (!add_utk (kid)) log_info(_("key %s occurs more than once in the trustdb\n"), keystr(kid)); I'm not certain under what circumstances we would legitimately see a 16-byte fingerprint in the trustdb. I've attached the key in question: key 0x00000000, password for key is "Testing0"

I generated a key using Scallion with a chosen 32-bit key ID of 0x00000000. GPG breaks slightly, when trust for the key is set to 'ultimate': ``` $ export GNUPGHOME=$HOME/gpgkey0 $ mkdir $HOME/gpgkey0 $ gpg --import keys-00000000.asc gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg: keybox '/home/steven/gpgkey0/pubring.kbx' created gpg: /home/steven/gpgkey0/trustdb.gpg: trustdb created gpg: key 245A210A00000000: public key "key test <keytest@example.com>" imported gpg: key 245A210A00000000: "key test <keytest@example.com>" not changed gpg: key 245A210A00000000: secret key imported gpg: Total number processed: 2 gpg: imported: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 $ gpg --edit-key 245A210A00000000 gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: unknown validity: unknown [ unknown] (1). key test <keytest@example.com> gpg> trust sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: unknown validity: unknown [ unknown] (1). key test <keytest@example.com> Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: ultimate validity: unknown [ unknown] (1). key test <keytest@example.com> Please note that the shown key validity is not necessarily correct unless you restart the program. gpg> save Key not changed so no update needed. $ gpg --list-keys gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg: keydb_search failed: Invalid value gpg: Oops: keyid_from_fingerprint: no pubkey gpg: checking the trustdb gpg: public key of ultimately trusted key 0000000000000000 not found gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u /home/steven/gpgkey0/pubring.kbx -------------------------------- pub rsa4096 2016-09-18 [SCEA] 2B14EC5AAD9A9ADBBBAA7478245A210A00000000 uid [ unknown] key test <keytest@example.com> $ gpg --debug-level guru --edit-key 2B14EC5AAD9A9ADBBBAA7478245A210A00000000 gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing cardio ipc clock lookup extprog gpg: DBG: [not enabled in the source] start gpg: DBG: [not enabled in the source] keydb_new gpg: DBG: [not enabled in the source] keydb_search enter gpg: DBG: keydb_search: 1 search descriptions: gpg: DBG: keydb_search 0: FPR20: '2B14 EC5A AD9A 9ADB BBAA 7478 245A 210A 0000 0000' gpg: DBG: keydb_search: searching keybox (resource 0 of 1) gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Success gpg: DBG: [not enabled in the source] keydb_search leave (found) gpg: DBG: [not enabled in the source] keydb_get_keybock enter gpg: DBG: parse_packet(iob=1): type=6 length=526 (parse.keydb.c.1173) gpg: DBG: parse_packet(iob=1): type=13 length=30 (parse.keydb.c.1173) gpg: DBG: parse_packet(iob=1): type=2 length=569 (parse.keydb.c.1173) gpg: DBG: iobuf-1.0: underflow: buffer size: 1133; still buffered: 0 => space for 1133 bytes gpg: DBG: [not enabled in the source] keydb_get_keyblock leave gpg: DBG: finish_lookup: checking key 00000000 (all)(req_usage=0) gpg: DBG: using key 00000000 gpg: DBG: public key 245A210A00000000: timestamp: 2016-09-18 02:56:33 (1474167393) gpg: DBG: user id: key test <keytest@example.com> [ snipped ] Secret key is available. gpg: DBG: [not enabled in the source] keydb_new gpg: DBG: [not enabled in the source] keydb_search enter gpg: DBG: keydb_search: 1 search descriptions: gpg: DBG: keydb_search 0: FPR16: '2B14EC5AAD9A9ADBBBAA7478245A210A' gpg: DBG: keydb_search: searching keybox (resource 0 of 1) gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Invalid value gpg: DBG: [not enabled in the source] keydb_search leave (not found) gpg: keydb_search failed: Invalid value gpg: Oops: keyid_from_fingerprint: no pubkey gpg: DBG: get_keygrip for public key gpg: DBG: keygrip= 7C 3F D1 21 A9 BF 67 3D B2 18 02 B5 B4 9B CF 96 5D D6 1E 18 gpg: DBG: chan_4 -> KEYINFO 7C3FD121A9BF673DB21802B5B49BCF965DD61E18 gpg: DBG: chan_4 <- S KEYINFO 7C3FD121A9BF673DB21802B5B49BCF965DD61E18 D - - - P - - - gpg: DBG: chan_4 <- OK sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: ultimate validity: unknown [ unknown] (1). key test <keytest@example.com> ``` Note that it tries to search with an FPR16 instead of FPR20. Doing this prevents it from breaking: ``` $ git diff -U4 diff --git a/g10/trustdb.c b/g10/trustdb.c index f5b4008..a79df3f 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -267,15 +267,19 @@ verify_own_keys(void) byte *fpr = rec.r.trust.fingerprint; int fprlen; u32 kid[2]; +#if 0 /* Problem: We do only use fingerprints in the trustdb but * we need the keyID here to indetify the key; we can only * use that ugly hack to distinguish between 16 and 20 * butes fpr - it does not work always so we better change * the whole validation code to only work with * fingerprints */ fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20; +#else + fprlen = 20; +#endif keyid_from_fingerprint (fpr, fprlen, kid); if (!add_utk (kid)) log_info(_("key %s occurs more than once in the trustdb\n"), keystr(kid)); ``` I'm not certain under what circumstances we would legitimately see a 16-byte fingerprint in the trustdb. I've attached the key in question: key 0x00000000, password for key is "Testing0"

I generated a key using Scallion with a chosen 32-bit key ID of 0x00000000. GPG breaks slightly, when trust for the key is set to 'ultimate': =============== ``` $ export GNUPGHOME=$HOME/gpgkey0 $ mkdir $HOME/gpgkey0 $ gpg --import keys-00000000.asc gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg: keybox '/home/steven/gpgkey0/pubring.kbx' created gpg: /home/steven/gpgkey0/trustdb.gpg: trustdb created gpg: key 245A210A00000000: public key "key test <keytest@example.com>" imported gpg: key 245A210A00000000: "key test <keytest@example.com>" not changed gpg: key 245A210A00000000: secret key imported gpg: Total number processed: 2 gpg: imported: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 $ gpg --edit-key 245A210A00000000 gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: unknown validity: unknown [ unknown] (1). key test <keytest@example.com> gpg> trust sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: unknown validity: unknown [ unknown] (1). key test <keytest@example.com> Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: ultimate validity: unknown [ unknown] (1). key test <keytest@example.com> Please note that the shown key validity is not necessarily correct unless you restart the program. gpg> save Key not changed so no update needed. $ gpg --list-keys gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg: keydb_search failed: Invalid value gpg: Oops: keyid_from_fingerprint: no pubkey gpg: checking the trustdb gpg: public key of ultimately trusted key 0000000000000000 not found gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u /home/steven/gpgkey0/pubring.kbx -------------------------------- pub rsa4096 2016-09-18 [SCEA] 2B14EC5AAD9A9ADBBBAA7478245A210A00000000 uid [ unknown] key test <keytest@example.com> $ gpg --debug-level guru --edit-key 2B14EC5AAD9A9ADBBBAA7478245A210A00000000 gpg: WARNING: unsafe permissions on homedir '/home/steven/gpgkey0' gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing cardio ipc clock lookup extprog gpg: DBG: [not enabled in the source] start gpg: DBG: [not enabled in the source] keydb_new gpg: DBG: [not enabled in the source] keydb_search enter gpg: DBG: keydb_search: 1 search descriptions: gpg: DBG: keydb_search 0: FPR20: '2B14 EC5A AD9A 9ADB BBAA 7478 245A 210A 0000 0000' gpg: DBG: keydb_search: searching keybox (resource 0 of 1) gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Success gpg: DBG: [not enabled in the source] keydb_search leave (found) gpg: DBG: [not enabled in the source] keydb_get_keybock enter gpg: DBG: parse_packet(iob=1): type=6 length=526 (parse.keydb.c.1173) gpg: DBG: parse_packet(iob=1): type=13 length=30 (parse.keydb.c.1173) gpg: DBG: parse_packet(iob=1): type=2 length=569 (parse.keydb.c.1173) gpg: DBG: iobuf-1.0: underflow: buffer size: 1133; still buffered: 0 => space for 1133 bytes gpg: DBG: [not enabled in the source] keydb_get_keyblock leave gpg: DBG: finish_lookup: checking key 00000000 (all)(req_usage=0) gpg: DBG: using key 00000000 gpg: DBG: public key 245A210A00000000: timestamp: 2016-09-18 02:56:33 (1474167393) gpg: DBG: user id: key test <keytest@example.com> [ snipped ] Secret key is available. gpg: DBG: [not enabled in the source] keydb_new gpg: DBG: [not enabled in the source] keydb_search enter gpg: DBG: keydb_search: 1 search descriptions: gpg: DBG: keydb_search 0: FPR16: '2B14EC5AAD9A9ADBBBAA7478245A210A' gpg: DBG: keydb_search: searching keybox (resource 0 of 1) gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Invalid value gpg: DBG: [not enabled in the source] keydb_search leave (not found) gpg: keydb_search failed: Invalid value gpg: Oops: keyid_from_fingerprint: no pubkey gpg: DBG: get_keygrip for public key gpg: DBG: keygrip= 7C 3F D1 21 A9 BF 67 3D B2 18 02 B5 B4 9B CF 96 5D D6 1E 18 gpg: DBG: chan_4 -> KEYINFO 7C3FD121A9BF673DB21802B5B49BCF965DD61E18 gpg: DBG: chan_4 <- S KEYINFO 7C3FD121A9BF673DB21802B5B49BCF965DD61E18 D - - - P - - - gpg: DBG: chan_4 <- OK sec rsa4096/245A210A00000000 created: 2016-09-18 expires: never usage: SCEA trust: ultimate validity: unknown [ unknown] (1). key test <keytest@example.com> =============== ``` Note that it tries to search with an FPR16 instead of FPR20. Doing this prevents it from breaking: ``` $ git diff -U4 diff --git a/g10/trustdb.c b/g10/trustdb.c index f5b4008..a79df3f 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -267,15 +267,19 @@ verify_own_keys(void) byte *fpr = rec.r.trust.fingerprint; int fprlen; u32 kid[2]; +#if 0 /* Problem: We do only use fingerprints in the trustdb but * we need the keyID here to indetify the key; we can only * use that ugly hack to distinguish between 16 and 20 * butes fpr - it does not work always so we better change * the whole validation code to only work with * fingerprints */ fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20; +#else + fprlen = 20; +#endif keyid_from_fingerprint (fpr, fprlen, kid); if (!add_utk (kid)) log_info(_("key %s occurs more than once in the trustdb\n"), keystr(kid)); ``` I'm not certain under what circumstances we would legitimately see a 16-byte fingerprint in the trustdb. I've attached the key in question: key 0x00000000, password for key is "Testing0"