[Pkg-gnupg-maint] Large keys and the keybox (was: 2.1.0~beta864 bugfixes)
Werner Koch
wk at gnupg.org
Thu Oct 9 19:09:41 UTC 2014
On Tue, 7 Oct 2014 20:54, dkg at fifthhorseman.net said:
> 0) create a new keyring with gpg2, and use it exclusively with gpg2 for
> a while.
> 1) somehow (accidentally?) use gpg (1.4.x) again -- this creates
> ~/.gnupg/pubring.gpg
> 2) future runs of gpg2 now only look at pubring.gpg and ignore
> pubring.kbx -- the keys you had accumulated in the keybox are no longer
> listed in the output of gpg2 --list-keys
Okay, this should be fixed now. I also also found another problem which
is fixed for now (overlong keys):
2ca90f78 * gpg: Skip overlong keys and a print a warning.
60e21d8b * gpg: Sync keylist output and warning messages.
b6507bb8 * kbx: Fix handling of overlong keys.
ec332d58 * gpg: Take care to use pubring.kbx if it has ever been used.
d8c01d82 * gpg: Change wording of a migration error message.
6be5c4fe * doc: Add missing entry for allow-preset-passphase
27fe067e * Avoid unnecessary library linkage
The largest Key currently allowed are 2 MiB (formerly 1 MB). With this
patch and reducing the limit for testing to 1 MiB I get this on my test
ring:
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: Warning: 4 key(s) skipped due to their large size
Before that a large key stopped the key listing early when using the
keybox. Eventually we may need to add an option to increase the limit,
but we should really keep one to not eat up all memory on small devices.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Pkg-gnupg-maint
mailing list