Bug 205080 - cannot import bill stearns key with rpm --import
cannot import bill stearns key with rpm --import
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Panu Matilainen
:
: 205081 220448 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-03 17:36 EDT by John Holder
Modified: 2008-01-25 12:27 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-25 12:27:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
this is the copy of the key I am working with (2.19 KB, text/plain)
2006-09-03 17:36 EDT, John Holder
no flags Details
Dump of the pubkey (5.08 KB, text/plain)
2006-09-03 17:47 EDT, Jeff Johnson
no flags Details

  None (edit)
Description John Holder 2006-09-03 17:36:03 EDT
Description of problem:
When I try to import bill stearns' key (0xf322929d) which I got from this 
webpage: http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0xF322929D

All I see is the message 'error: stearns-key.txt: import failed.'.  Adding -vv 
does not get any extra useful information.  

I can import this same key into gpg without any problem.  Exporting the key 
from gpg with: gpg --armor --export > foo.key
and then trying to import foo.key does not work either.

Version-Release number of selected component (if applicable):
rpm --version
RPM version 4.4.2


How reproducible:


Steps to Reproduce:
1. rpm --import stearns-key.txt
2.
3.
  
Actual results:
error: stearns-key.txt: import failed.

Expected results:
success message

Additional info:
attaching offending key
Comment 1 John Holder 2006-09-03 17:36:04 EDT
Created attachment 135468 [details]
this is the copy of the key I am working with
Comment 2 Jeff Johnson 2006-09-03 17:47:54 EDT
Created attachment 135470 [details]
Dump of the pubkey

A dump of the PGP packets in the pubkey.
Comment 3 Jeff Johnson 2006-09-03 17:55:26 EDT
The keyid is being set inappropriately, the command
    rpm --import stearns
mis-identifies the keyid as 0x1b912a8c rather than
0xf322929d.

The cause of the bug is that there are v4 certification signatures on a v3 pubkey.

The simplest work around is to import the pubkey into gpg,
and edit out the certification signatures, leaving only the original
pubkey.

Off to fix the root problem ...
Comment 4 Jeff Johnson 2006-09-03 18:00:05 EDT
In fact, the last packet is what is unusual about Bill Stearns' pubkey:
V4 Signature(2) DSA(17) SHA1(2) Positive certification of a User ID and Public Key(19)
    signature creation time(2) Sun May  5 22:56:21 2002(0x3cd5f0d5)
    issuer key ID(16) 826ba3aa1b912a8c
 signhash16 1190
     r = [ 157]: 1a5d9c7b37d43ada64465ebad22cbfe83e0bf4d4
     s = [ 159]: 6cba2ee7ffa55cffb754dab82816b72a4d36b383

Lose that packet (by editing with gpg) and the rest of the pubkey can probably be used as is
(untested).
Comment 5 Paul Nasrat 2006-09-04 07:00:49 EDT
*** Bug 205081 has been marked as a duplicate of this bug. ***
Comment 6 Jeff Johnson 2006-09-04 14:48:37 EDT
Actually the problem is more fundamental, the last 8 bytes of the RSA modulus are the V3 pubkey keyid,
and that cannot be corrected by editing the pubkey. Apologies for my confusion.

Fixed in rpm cvs, will be in rpm-4.4.7. Thanks for reporting.

UPSTREAM
Comment 7 Red Hat Bugzilla 2007-08-21 01:25:27 EDT
User pnasrat@redhat.com's account has been closed
Comment 8 Panu Matilainen 2007-08-22 02:29:43 EDT
Reassigning to owner after bugzilla made a mess, sorry about the noise...
Comment 9 Panu Matilainen 2007-10-25 07:22:10 EDT
Moving to devel, FC5 is EOL...
Comment 10 Panu Matilainen 2007-10-25 07:24:06 EDT
*** Bug 220448 has been marked as a duplicate of this bug. ***
Comment 11 Panu Matilainen 2008-01-25 12:26:57 EST
Fixed in 4.4.2.3-0.1.rc1 in rawhide (finally). Thanks to Jeff for the fix.

Note You need to log in before you can comment on or make changes to this bug.