[Pkg-gnupg-maint] Bug#749335: Oldstable GnuPG no longer capable of using large keys
Lance Hathaway
qhltx at yahoo.com
Mon May 26 14:00:10 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package: gnupg
Version: 1.4.10-4+squeeze4
X-Debbugs-CC: intrigeri at debian.org
First-time bug reporter here, so my apologies in advance if I've left
something out or committed any faux pas.
I use TAILS to help safeguard my master GPG keypairs, of which I have
two. The first (for general use) is a 4096-bit key. The second (for
long-term identity) is a 16384-bit key.
Up to and including TAILS 0.22, I was able to use both keys with stock
GnuPG. From TAILS 0.22.1 onwards, I can only use the smaller key.
Attempting to sign other keys with the larger key causes GnuPG to
immediately die with an "out of secure memory" message, as also
reported in bug #739424. (Though that bug is filed against a different
version.)
I have verified that the old versions of GnuPG in TAILS 0.22 continue
to work correctly. I copied the GnuPG executable out of TAILS 0.22 and
into TAILS 1.0, and ran both executables against the larger key. The
version shipped with 1.0 dies as described, but the imported version
from 0.22 works correctly.
The changelog from TAILS 0.22 to 0.22.1 includes the update to GnuPG
described in DSA-2821-1, but nothing more. Since both versions of
GnuPG report themselves as 1.4.10, I am assuming that TAILS is
tracking Debian oldstable, and I have therefore filed this bug against
that version.
-Lance
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQIcBAEBCgAGBQJTg0jnAAoJEECmBqfoBgXnxlAP/2GvKizXzG/kTZGmg68YUsxL
0/eZGbSK5nQ/EP+ez8qc9hiUPceJ+PBBXErSoEm2EXSUaPPCauIr9Xuh5upEVBI2
rTw0kt3LzKpxdQqbxUJ/m0Zr+hyd+QCdRA7AejNLbp1q7jrjmYdGRKFJqSWP5e7Y
CKS7QwMt0ctI0fHfB7s4lO8wZ2l1g2XhmSV318jukSyGFJpJKyIzRqPdx6NQ9Mx6
C99LHhWjBdneJP24d/w/KTwK2Ct2CNc4iY8Oln0gVsh4IAktDrtW4h3wz04pXp8Y
cUyqVuYE9eExVBD/Im9GCeXWLPZ02UaQFRQFt2Y60vqYLPhDGqPCVUz00ztecdPi
ptL0fyDKd/F6nuAwBqlMHqcCqqTo7sv218K8lmfoR0rZ6FhblQONffNwiWa1MNCE
0/+Sw7f84SRNjJUsz4I+Q54e03lMusmdXX3oNKIYhwVZlYns/fDq0Eg1hWWx3DMF
8vi8UT9stTt7ncnDymENiDONKtW+cVLNO8TjybDT6VTpMDYWkJIh/R9lWadXbpB4
h43D/9/otgVzPflASw7wI/888URi4WscmLeNB2hEjxw5wYhjKcWbRpFVPHE+Kwde
tXVlZO1hMMAtS/5oG/A3EW3WFErWO/d6NZSvgalJ0qkNj90Nqu5FTXSXZyW7PjfA
NOyW8JUJQeYfT3uWpDqU
=Ognd
-----END PGP SIGNATURE-----
More information about the Pkg-gnupg-maint
mailing list