[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: converting old keys to new MIT PGP 2.5
From: "Pat Farrell" <[email protected]>
> There has been a lot of speculation about the need to create new PGP 2.5
> keys to keep on the mit keyserver.
> [...]
> This surelooks like an 18 month old key with lots of sigs.
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: 2.5
>
> mQBNAiq7mr4AAAECAM9R8OL+Vr5uS85tCCI6caNElBdfobX9/0AKidfp/+D7MRz8
> [...]
> TrWnaA/CfuzIXEblwXnszOx5pP14uKpu3VBzyYZN1xGRe1OwFc9C/578a0XHefGQ
> cfoI1XmZ+TLtwA==
> =K5uB
> -----END PGP PUBLIC KEY BLOCK-----
I get "malformed or obsolete key signature" when I try to signature-check
this key using 2.5. That is exactly what the readme file warned about. PGP
changed its signature format in 2.2 or 2.3 but retained backward compatibility.
2.5 is no longer backwards compatible to signatures created in earlier
versions. Old keys with signatures have been harmed to this extent.
I should add that PGP has always had a policy (one which I don't like) that
compatibility would only be retained across two sub-versions. In other words,
messages and signatures created with 2.5 are only guaranteed to be usable with
2.6 but perhaps not 2.7. So this change might have been made anyway even with-
out the move to RSAREF.
It's also worth noting that the old signature format was a bug. The code
was originally supposed to be PKCS compatible (the format used in RSAREF
and PEM) but late changes broke it; the changes had to do with endian
conversions and the bytes ended up going out in reverse order. This was
not a security bug, just a compatibility problem. This problem was discovered
about a year later and was changed, but backwards compatibility was retained
by having PGP check for both signature formats. So, there has always been
regret about the PGP 2.0 signature format and a desire to abandon it.
Hal