Petter Reinholdtsen <p...@hungry.com> writes: > [Justus Winter] >> GnuPG no longer tracks OpenPGP, but something they call LibrePGP. If >> you look closely at a certificate created from it, you can see some >> troubling divergences already. For example, this is from one created >> by GnuPG 2.4.4: > > Thank you for the details. I found <URL: https://librepgp.org/ > which > explain their rationale. Seem to be quite a split in world view in > place here.
Yes, that is what the media has dubbed "the SCHISM", e.g. https://lwn.net/Articles/953797/ I played around with GnuPG 2.4.4, and it is easy to accidentally create an out-of-spec cert with it: % gpg --with-colons --list-config version cfg:version:2.4.4 % gpg --quick-generate-key 4...@example.org ed448 gpg: keybox '/tmp/tmp.6fiRMwVdo6/pubring.kbx' created We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /tmp/tmp.6fiRMwVdo6/trustdb.gpg: trustdb created gpg: directory '/tmp/tmp.6fiRMwVdo6/openpgp-revocs.d' created gpg: revocation certificate stored as '/tmp/tmp.6fiRMwVdo6/openpgp-revocs.d/F3AE83A58BD3B8981C8F0AECC5AD7DC02CFAB1F1F14D7998FF87244ADDE1B6C1.rev' public and secret key created and signed. pub ed448 2024-07-25 [SC] [expires: 2027-07-25] F3AE83A58BD3B8981C8F0AECC5AD7DC02CFAB1F1F14D7998FF87244ADDE1B6C1 uid 4...@example.org % gpg --export F3AE83A58BD3B8981C8F0AECC5AD7DC02CFAB1F1F14D7998FF87244ADDE1B6C1 | sq toolbox packet dump --hex Unknown or Unsupported Packet, old CTB, 2 header bytes + 73 bytes Tag: Public-Key Packet Error: Malformed packet: unknown version 00000000 98 CTB 00000001 49 length 00000002 05 version 00000003 66 a1 e8 17 16 00 00 00 3f 03 2b 65 71 f.......?.+eq 00000010 01 c8 f5 1c d3 a4 8b 4a b0 cf a9 b3 2c b7 c6 b6 .......J....,... 00000020 3e 74 46 e4 38 be ed d2 8d ec 48 4b 8e 89 41 b8 >tF.8.....HK..A. 00000030 08 ae 81 5c 0b 0e 5a e7 26 79 59 db 85 0a e6 77 ...\..Z.&yY....w 00000040 de 8f 76 c7 c6 f4 24 3f 5a 7c 00 ..v...$?Z|. User ID Packet, old CTB, 2 header bytes + 23 bytes Value: another-...@example.org 00000000 b4 CTB 00000001 17 length 00000002 61 6e 6f 74 68 65 72 2d 34 34 38 40 65 78 value 00000010 61 6d 70 6c 65 2e 6f 72 67 Unknown or Unsupported Packet, old CTB, 2 header bytes + 205 bytes Tag: Signature Packet Error: Malformed packet: unknown version 00000000 88 CTB 00000001 cd length 00000002 05 version 00000003 13 16 0a 00 4d 22 21 05 e4 8f ab 29 d0 ....M"!....). 00000010 c9 77 1a 30 df 39 20 72 12 22 47 f6 39 e6 6e a4 .w.0.9 r."G.9.n. 00000020 39 d5 8d 1e 24 89 ef ce 47 c0 58 05 02 66 a1 e8 9...$...G.X..f.. 00000030 17 02 1b 03 05 09 05 a3 9a 80 05 0b 09 08 07 02 ................ 00000040 02 22 02 06 15 0a 09 08 0b 02 04 16 02 03 01 02 .".............. 00000050 1e 07 02 17 80 00 00 e5 7b 01 c8 a5 0d 4e 46 0b ........{....NF. 00000060 e3 8c d2 7d 9b 83 33 9a e3 c1 fc 0e 90 8b 73 5c ...}..3.......s\ 00000070 ee b4 41 19 73 ca 8b cc ef e2 59 55 28 f2 39 d4 ..A.s.....YU(.9. 00000080 58 29 fd b8 c4 7e 0f a6 7d 40 b4 2f b7 62 73 26 X)...~..}@./.bs& 00000090 f0 33 09 00 01 c4 0e 55 bc 1d db b6 49 e8 37 c6 .3.....U....I.7. 000000a0 b5 e0 76 51 1b fc 59 2b d1 8c f5 5d 60 fd d5 1b ..vQ..Y+...]`... 000000b0 ca 7e 67 1d 0a de 52 ac f3 f8 85 96 83 5a e7 59 .~g...R......Z.Y 000000c0 0b e7 9e 0e 88 67 04 96 e5 71 cd 31 dd 30 00 .....g...q.1.0. No warning, no opting in, it just created a "v5" primary key and a "v5" signature just because one selected the Ed448 algorithm. Best, Justus
signature.asc
Description: PGP signature
