Bug 1233182
| Summary: | RSA-{E,S} public keys cannot be imported | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Marcel Kolaja <mkolaja> | ||||||
| Component: | gnupg2 | Assignee: | Tomas Mraz <tmraz> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Stefan Kremen <skremen> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 7.1 | CC: | dmoessne, hkario, lmiksik | ||||||
| Target Milestone: | rc | Keywords: | FutureFeature, Patch, Reproducer | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | gnupg2-2.0.22-4.el7 | Doc Type: | Enhancement | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 1405361 (view as bug list) | Environment: | |||||||
| Last Closed: | 2016-11-04 01:30:34 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1203710, 1296594, 1313485 | ||||||||
| Attachments: |
|
||||||||
Using --allow-non-selfsigned-uid works around the issue. You're referencing commits from different upstream branches of gnupg and libgcrypt and they probably would not be easily backportable. Created attachment 1040457 [details]
proposed patch for RHEL 7.1
The attached patch solves the issue.
The patch needs some work - you're duplicating the mapping in the map_pk_openpgp_to_gcry and the individual callers, and there are other places where the map is not called and which you're not patching - such as pubkey_nbits(). This is upstream patch from the 2.0 branch, which on the other hand does not patch the map_pk_openpgp_to_gcry() so it might be incomplete. http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blobdiff;f=g10/misc.c;h=82a13aa9a4e41897aae4b4fe8138504c4cf7cf03;hp=9b7c8ab4e6b75d766d729b4eb87fb23264897f8d;hb=efecbb7a3f0c32ea40db3a050c89f288550b05c2;hpb=dc941bdaec29d2fc60e2bddf85e11568367f531c (In reply to Tomas Mraz from comment #7) > The patch needs some work - you're duplicating the mapping in the > map_pk_openpgp_to_gcry and the individual callers, and there are other > places where the map is not called and which you're not patching - such as > pubkey_nbits(). You seem to be right. Thanks for pointing that out! I have missed that. The reason is that I first followed the approach in the upstream commit 30ec869b8c63f1edcc58110ed20b83b0e77248f8. That made --list-packets working. --import, however, did not work yet, so I have studied where it needs fixing yet and looking at where it keeps failing and what functions are called from there, I have concluded that map_pk_openpgp_to_gcry() is the best place to perform the mapping. While I confirmed that --import works after introducing the mapping in map_pk_openpgp_to_gcry(), I have not checked whether the previously added mappings in pubkey_get_n*() are still necessary. And they do not seem to be necessary, as all pubkey_get_n*() functions call map_pk_openpgp_to_gcry() right after the mapping I have added. I'll fix the patch later today. Created attachment 1040931 [details] proposed patch for RHEL 7.1 This patch addresses the issues mentioned in comment #7. Comment on attachment 1040931 [details]
proposed patch for RHEL 7.1
Yes, this looks OK.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2238.html |
Description of problem: RSA-{E,S} public keys cannot be imported using --import. gpg throws error "no valid user IDs". Using -v gpg says: "unsupported public key algorithm". --list-packets can't handle it either. Version-Release number of selected component (if applicable): 2.0.22-3.el7 How reproducible: always Steps to Reproduce: 1. try to import an RSA-E or RSA-S public key Actual results: the key does not get imported Expected results: the key gets imported Additional info: libgcrypt in RHEL 7 does not support RSA-{E,S}. This has been addressed later in libgcrypt's upstream commit 773e23698218755e9172d2507031a8263c47cc0b. Before that, the issue was addressed in gnupg in upstream commit 30ec869b8c63f1edcc58110ed20b83b0e77248f8.