Bug 205080 - cannot import bill stearns key with rpm --import
Summary: cannot import bill stearns key with rpm --import
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Panu Matilainen
QA Contact:
URL:
Whiteboard:
: 205081 220448 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-09-03 21:36 UTC by John Holder
Modified: 2008-01-25 17:27 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-25 17:27:15 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
this is the copy of the key I am working with (2.19 KB, text/plain)
2006-09-03 21:36 UTC, John Holder 		no flags Details
Dump of the pubkey (5.08 KB, text/plain)
2006-09-03 21:47 UTC, Jeff Johnson 		no flags Details
View All

Description John Holder 2006-09-03 21:36:03 UTC 
Description of problem:
When I try to import bill stearns' key (0xf322929d) which I got from this 
webpage: http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0xF322929D

All I see is the message 'error: stearns-key.txt: import failed.'.  Adding -vv 
does not get any extra useful information.  

I can import this same key into gpg without any problem.  Exporting the key 
from gpg with: gpg --armor --export > foo.key
and then trying to import foo.key does not work either.

Version-Release number of selected component (if applicable):
rpm --version
RPM version 4.4.2


How reproducible:


Steps to Reproduce:
1. rpm --import stearns-key.txt
2.
3.
  
Actual results:
error: stearns-key.txt: import failed.

Expected results:
success message

Additional info:
attaching offending key
Comment 1 John Holder 2006-09-03 21:36:04 UTC 
Created attachment 135468 [details]
this is the copy of the key I am working with
Comment 2 Jeff Johnson 2006-09-03 21:47:54 UTC 
Created attachment 135470 [details]
Dump of the pubkey

A dump of the PGP packets in the pubkey.
Comment 3 Jeff Johnson 2006-09-03 21:55:26 UTC 
The keyid is being set inappropriately, the command
    rpm --import stearns
mis-identifies the keyid as 0x1b912a8c rather than
0xf322929d.

The cause of the bug is that there are v4 certification signatures on a v3 pubkey.

The simplest work around is to import the pubkey into gpg,
and edit out the certification signatures, leaving only the original
pubkey.

Off to fix the root problem ...
Comment 4 Jeff Johnson 2006-09-03 22:00:05 UTC 
In fact, the last packet is what is unusual about Bill Stearns' pubkey:
V4 Signature(2) DSA(17) SHA1(2) Positive certification of a User ID and Public Key(19)
    signature creation time(2) Sun May  5 22:56:21 2002(0x3cd5f0d5)
    issuer key ID(16) 826ba3aa1b912a8c
 signhash16 1190
     r = [ 157]: 1a5d9c7b37d43ada64465ebad22cbfe83e0bf4d4
     s = [ 159]: 6cba2ee7ffa55cffb754dab82816b72a4d36b383

Lose that packet (by editing with gpg) and the rest of the pubkey can probably be used as is
(untested).
Comment 5 Paul Nasrat 2006-09-04 11:00:49 UTC 
*** Bug 205081 has been marked as a duplicate of this bug. ***
Comment 6 Jeff Johnson 2006-09-04 18:48:37 UTC 
Actually the problem is more fundamental, the last 8 bytes of the RSA modulus are the V3 pubkey keyid,
and that cannot be corrected by editing the pubkey. Apologies for my confusion.

Fixed in rpm cvs, will be in rpm-4.4.7. Thanks for reporting.

UPSTREAM
Comment 7 Red Hat Bugzilla 2007-08-21 05:25:27 UTC 
User pnasrat's account has been closed
Comment 8 Panu Matilainen 2007-08-22 06:29:43 UTC 
Reassigning to owner after bugzilla made a mess, sorry about the noise...
Comment 9 Panu Matilainen 2007-10-25 11:22:10 UTC 
Moving to devel, FC5 is EOL...
Comment 10 Panu Matilainen 2007-10-25 11:24:06 UTC 
*** Bug 220448 has been marked as a duplicate of this bug. ***
Comment 11 Panu Matilainen 2008-01-25 17:26:57 UTC 
Fixed in 4.4.2.3-0.1.rc1 in rawhide (finally). Thanks to Jeff for the fix.
Note You need to log in before you can comment on or make changes to this bug.