Bug 205080

Summary: cannot import bill stearns key with rpm --import
Product: [Fedora] Fedora Reporter: John Holder <trs-rbeat>
Component: rpmAssignee: Panu Matilainen <pmatilai>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: felix.schwarz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-25 17:27:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
this is the copy of the key I am working with
none
Dump of the pubkey none

Description John Holder 2006-09-03 21:36:03 UTC 
Description of problem:
When I try to import bill stearns' key (0xf322929d) which I got from this 
webpage: http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0xF322929D

All I see is the message 'error: stearns-key.txt: import failed.'.  Adding -vv 
does not get any extra useful information.  

I can import this same key into gpg without any problem.  Exporting the key 
from gpg with: gpg --armor --export > foo.key
and then trying to import foo.key does not work either.

Version-Release number of selected component (if applicable):
rpm --version
RPM version 4.4.2


How reproducible:


Steps to Reproduce:
1. rpm --import stearns-key.txt
2.
3.
  
Actual results:
error: stearns-key.txt: import failed.

Expected results:
success message

Additional info:
attaching offending key
Comment 1 John Holder 2006-09-03 21:36:04 UTC 
Created attachment 135468 [details]
this is the copy of the key I am working with
Comment 2 Jeff Johnson 2006-09-03 21:47:54 UTC 
Created attachment 135470 [details]
Dump of the pubkey

A dump of the PGP packets in the pubkey.
Comment 3 Jeff Johnson 2006-09-03 21:55:26 UTC 
The keyid is being set inappropriately, the command
    rpm --import stearns
mis-identifies the keyid as 0x1b912a8c rather than
0xf322929d.

The cause of the bug is that there are v4 certification signatures on a v3 pubkey.

The simplest work around is to import the pubkey into gpg,
and edit out the certification signatures, leaving only the original
pubkey.

Off to fix the root problem ...
Comment 4 Jeff Johnson 2006-09-03 22:00:05 UTC 
In fact, the last packet is what is unusual about Bill Stearns' pubkey:
V4 Signature(2) DSA(17) SHA1(2) Positive certification of a User ID and Public Key(19)
    signature creation time(2) Sun May  5 22:56:21 2002(0x3cd5f0d5)
    issuer key ID(16) 826ba3aa1b912a8c
 signhash16 1190
     r = [ 157]: 1a5d9c7b37d43ada64465ebad22cbfe83e0bf4d4
     s = [ 159]: 6cba2ee7ffa55cffb754dab82816b72a4d36b383

Lose that packet (by editing with gpg) and the rest of the pubkey can probably be used as is
(untested).
Comment 5 Paul Nasrat 2006-09-04 11:00:49 UTC 
*** Bug 205081 has been marked as a duplicate of this bug. ***
Comment 6 Jeff Johnson 2006-09-04 18:48:37 UTC 
Actually the problem is more fundamental, the last 8 bytes of the RSA modulus are the V3 pubkey keyid,
and that cannot be corrected by editing the pubkey. Apologies for my confusion.

Fixed in rpm cvs, will be in rpm-4.4.7. Thanks for reporting.

UPSTREAM
Comment 7 Red Hat Bugzilla 2007-08-21 05:25:27 UTC 
User pnasrat's account has been closed
Comment 8 Panu Matilainen 2007-08-22 06:29:43 UTC 
Reassigning to owner after bugzilla made a mess, sorry about the noise...
Comment 9 Panu Matilainen 2007-10-25 11:22:10 UTC 
Moving to devel, FC5 is EOL...
Comment 10 Panu Matilainen 2007-10-25 11:24:06 UTC 
*** Bug 220448 has been marked as a duplicate of this bug. ***
Comment 11 Panu Matilainen 2008-01-25 17:26:57 UTC 
Fixed in 4.4.2.3-0.1.rc1 in rawhide (finally). Thanks to Jeff for the fix.