[pkg-gnupg-maint] Bug#1104589: gpg: When selecting Ed448, GnuPG creates non-standard artifacts
Justus Winter
justus at sequoia-pgp.org
Fri May 2 14:49:48 BST 2025
Package: gpg
Version: 2.4.7-17
Severity: normal
Dear Maintainer,
when creating an Ed448 key, GnuPG creates a non-standard artifact:
% gpg-g10code --openpgp --full-generate-key --expert
gpg (GnuPG) 2.4.7; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: keybox '/tmp/tmp.t7nGQHV7BS/pubring.kbx' created
Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
(14) Existing key from card
Your selection?
Please select which elliptic curve you want:
(1) Curve 25519 *default*
(2) Curve 448
(3) NIST P-256
(4) NIST P-384
(5) NIST P-521
(6) Brainpool P-256
(7) Brainpool P-384
(8) Brainpool P-512
(9) secp256k1
Your selection? 2
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 7d
Key expires at Fri 09 May 2025 03:43:18 PM CEST
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: est
Email address: test at example.org
Comment:
You selected this USER-ID:
"est () <test at example.org>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /tmp/tmp.t7nGQHV7BS/trustdb.gpg: trustdb created
gpg: directory '/tmp/tmp.t7nGQHV7BS/openpgp-revocs.d' created
gpg: revocation certificate stored as '/tmp/tmp.t7nGQHV7BS/openpgp-revocs.d/CCDF4024BC9F8B35B2AB8FB361C775D527132AA42C6BFD782866701096506615.rev'
public and secret key created and signed.
pub ed448 2025-05-02 [SC] [expires: 2025-05-09]
CCDF4024BC9F8B35B2AB8FB361C775D527132AA42C6BFD782866701096506615
uid est (\x04) <test at example.org>
sub cv448 2025-05-02 [E] [expires: 2025-05-09]
% gpg-g10code --export | sq packet dump --hex
Unknown or Unsupported Packet, old CTB, 2 header bytes + 73 bytes
Tag: Public-Key Packet
Error: Malformed packet: unknown version
00000000 98 CTB
00000001 49 length
00000002 05 version
00000003 68 14 cc 03 16 00 00 00 3f 03 2b 65 71 h.......?.+eq
00000010 01 c8 fc ed d7 a2 50 e9 5e 6b 40 bb 0a 95 ba 61 ......P.^k at ....a
00000020 ca bf 2a 03 ff 42 63 cf 84 e8 48 95 42 0d f0 01 ..*..Bc...H.B...
00000030 1a 90 3b 21 58 45 db 31 2a 3a 69 9b 15 f7 d5 b8 ..;!XE.1*:i.....
00000040 1e c7 01 94 59 2f 8a 21 d9 8f 00 ....Y/.!...
User ID Packet, old CTB, 2 header bytes + 26 bytes
Value: "est (\u{4}) <test at example.org>"
00000000 b4 CTB
00000001 1a length
00000002 65 73 74 20 28 04 29 20 3c 74 65 73 74 40 value
00000010 65 78 61 6d 70 6c 65 2e 6f 72 67 3e
Unknown or Unsupported Packet, old CTB, 2 header bytes + 202 bytes
Tag: Signature Packet
Error: Malformed packet: unknown version
00000000 88 CTB
00000001 ca length
00000002 05 version
00000003 13 16 0a 00 4a 22 21 05 cc df 40 24 bc ....J"!...@$.
00000010 9f 8b 35 b2 ab 8f b3 61 c7 75 d5 27 13 2a a4 2c ..5....a.u.'.*.,
00000020 6b fd 78 28 66 70 10 96 50 66 15 05 02 68 14 cc k.x(fp..Pf...h..
00000030 03 02 1b 03 05 09 00 09 3a 80 05 0b 09 08 07 02 ........:.......
00000040 06 15 0a 09 08 0b 02 04 16 02 03 01 02 1e 01 02 ................
00000050 17 80 00 00 68 62 01 c7 67 3a 5e d5 09 d0 d5 c6 ....hb..g:^.....
00000060 28 c8 cc d2 19 45 fe bf 0f 94 4a 0c c0 ef 7e 49 (....E....J...~I
00000070 0a d6 f3 43 8c 7f dd 22 cc 71 09 bd a3 96 b7 97 ...C..".q......
00000080 90 d5 f8 12 71 2a bd 89 45 8a b0 81 c0 fa 1f 07 ....q*..E.......
00000090 80 01 c5 14 55 98 37 47 11 49 f3 97 c6 d9 30 22 ....U.7G.I....0"
000000a0 cc cc 89 8b ae 10 a3 2f de 6a 69 44 3e 35 0d ed ......./.jiD>5..
000000b0 e9 e7 4d 8d 7c 4c 26 02 4c df 17 86 88 f7 56 01 ..M.|L&.L.....V.
000000c0 10 26 01 28 91 01 0e 83 51 3e 18 00 .&.(....Q>..
Unknown or Unsupported Packet, old CTB, 2 header bytes + 76 bytes
Tag: Public-Subkey Packet
Error: Malformed packet: unknown version
00000000 b8 CTB
00000001 4c length
00000002 05 version
00000003 68 14 cc 03 12 00 00 00 42 03 2b 65 6f h.......B.+eo
00000010 01 c0 c3 a9 44 64 2e 58 d1 4a e3 57 ca 96 64 fc ....Dd.X.J.W..d.
00000020 a5 26 ba fd 8a 8f 75 90 89 b1 1a be 2b de 57 f9 .&....u.....+.W.
00000030 d4 d8 1e d0 d9 3c 83 10 fc 6d cb d6 35 52 7c 03 .....<...m..5R|.
00000040 ad 01 82 42 de 7e f8 3f 02 28 03 01 0a 09 ...B.~.?.(....
Unknown or Unsupported Packet, old CTB, 2 header bytes + 178 bytes
Tag: Signature Packet
Error: Malformed packet: unknown version
00000000 88 CTB
00000001 b2 length
00000002 05 version
00000003 18 16 0a 00 32 22 21 05 cc df 40 24 bc ....2"!...@$.
00000010 9f 8b 35 b2 ab 8f b3 61 c7 75 d5 27 13 2a a4 2c ..5....a.u.'.*.,
00000020 6b fd 78 28 66 70 10 96 50 66 15 05 02 68 14 cc k.x(fp..Pf...h..
00000030 03 02 1b 0c 05 09 00 09 3a 80 00 00 77 f4 01 c8 ........:...w...
00000040 bb 08 31 76 94 e9 c6 d3 11 6e 50 a0 e4 48 dd b7 ..1v.....nP..H..
00000050 2d 83 1e 4d 23 f3 b7 ee b5 94 bf 41 c2 d4 88 07 -..M#......A....
00000060 3e 7b 5a 00 a3 3b 00 aa 29 94 ee 54 0a 46 46 3c >{Z..;..)..T.FF<
00000070 6e c1 92 ae 2a 68 2e e6 80 01 c7 4b 41 f5 50 73 n...*h.....KA.Ps
00000080 49 46 c2 dc f0 d3 30 d9 3a f7 8f cc 36 bf 9e 0c IF....0.:...6...
00000090 ac d1 8a 07 9c 44 34 35 c1 85 3b ce 90 18 02 94 .....D45..;.....
000000a0 48 55 09 88 c7 5f dc c7 d2 4d e9 63 e9 8e 64 0a HU..._...M.c..d.
000000b0 a1 6a 06 00 .j..
Best,
Justus
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: arm64 (aarch64)
Kernel: Linux 6.12.20-arm64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gpg depends on:
ii gpgconf 2.4.7-17
ii init-system-helpers 1.68
ii libassuan9 3.0.2-2
ii libbz2-1.0 1.0.8-6
ii libc6 2.41-7
ii libgcrypt20 1.11.0-7
ii libgpg-error0 1.51-4
ii libksba8 1.6.7-2+b1
ii libnpth0t64 1.8-3
ii libreadline8t64 8.2-6
ii libsqlite3-0 3.46.1-3
ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
Versions of packages gpg recommends:
ii gnupg 2.4.7-17
gpg suggests no packages.
-- no debconf information
More information about the pkg-gnupg-maint
mailing list