Bug 2148640

Summary: Curve 448 export/import fails
Product: [Fedora] Fedora Reporter: Frank Büttner <bugzilla>
Component: gnupg2Assignee: Jakub Jelen <jjelen>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 38CC: bcl, crypto-team, jjelen, tm
Target Milestone: ---Keywords: Triaged
Target Release: ---Flags: fedora-admin-xmlrpc: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: gnupg2-2.4.0-2.fc38 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-03-03 11:35:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Frank Büttner 2022-11-26 16:31:01 UTC 
Description of problem:
Creating an key pair with the curve 448 looks like working. But the import/export fails.

Version-Release number of selected component (if applicable):
gnupg2-2.3.4-2.fc35.x86_64

How reproducible:
every time

Steps to Reproduce:
1. create an curve 448 key pair on system a
2. export the key on system a
3. try to import it on system b

Actual results:
Only the public key is imported an the private one are ignored with the error about an invalid key.

Expected results:
That both key's are imported.

Additional info:
Both systems are running on fedora 35 with all updates.
Import message:

gpg: key E0A2F105A79BACD5: public key "FOO" imported
gpg: key E0A2F105A79BACD5/E0A2F105A79BACD5: error sending to agent: Bad secret key
gpg: key E0A2F105A79BACD5/FBDC19AB07E17007: error sending to agent: Bad secret key
gpg: error reading '/tmp/bla.text': Bad secret key
gpg: import from '/tmp/bla.text' failed: Bad secret key
gpg: Total number processed: 0
gpg:               imported: 1
gpg:       secret keys read: 1
Comment 1 Jakub Jelen 2022-11-29 16:08:10 UTC 
Just tested with Fedora 37, which has gnupg2-2.3.8-1.fc37.x86_64 and it looks like I am getting the same error. Let me investigate the issue further
Comment 2 Jakub Jelen 2022-11-30 16:30:15 UTC 
I was not able to get much further so I opened an upstream bug with the information I was able to collect so far: https://dev.gnupg.org/T6294
Comment 3 Jakub Jelen 2022-12-01 09:18:57 UTC 
The upstream issue is resolved. Do you need to backport the fix to some specific Fedora version or is it ok to wait for the next upstream release?
Comment 4 Frank Büttner 2022-12-01 09:23:19 UTC 
Thanks, no for me it will be ok ti wait for the next upstream release.
I found the problem only at the testing stage for the 448 as an replacement for 25519.
Comment 5 Ben Cotton 2023-02-07 15:09:09 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 38 development cycle.
Changing version to 38.
Comment 6 Jakub Jelen 2023-03-03 11:35:28 UTC 
This should be fixed in rawhide and Fedora 38 now as it has the 2.4.0 version.