Hi,
Not just sign-only Curve 448 subkey, gpg will fail after any subkey
(RSA/ECC [S]/[E]/[A]/[C]) is created when a keypair is generated with Curve
448.
When gpg fails, how can I recover keys?
This is so important.
This bug will destroy keydb, it is a "big" issue.
_____________________________________
On Thu, Aug 26, 2021 at 4:25 AM NIIBE Yutaka <gni...@fsij.org> wrote:
> Hello,
>
> Thank you for your report.
>
> William Holmes wrote:
> > gpg failed after I created a second sign-only Curve 448 key.
>
> Please use --quick-add-key instead, while I'm fixing the bug.
>
> My changes of following commits were not enough.
>
> 2b50f942672d9a2c325a818f21f69d3ee69255d3
> 36355394d865f5760075e62267d70f7a7d5dd671
>
> I think that something like this will be needed to apply.
>
> Please note that 448 keys are not yet standardized as OpenPGP. So,
> format for key, signature, encrypted data may be changed in future.
>
> diff --git a/g10/keygen.c b/g10/keygen.c
> index 239e7aca1..cb6487ea3 100644
> --- a/g10/keygen.c
> +++ b/g10/keygen.c
> @@ -5879,7 +5879,12 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t
> keyblock, const char *algostr,
> else if (algo == PUBKEY_ALGO_ECDSA
> || algo == PUBKEY_ALGO_EDDSA
> || algo == PUBKEY_ALGO_ECDH)
> - curve = ask_curve (&algo, NULL, NULL);
> + {
> + curve = ask_curve (&algo, NULL, NULL);
> +
> + if (curve && (!strcmp (curve, "X448") || !strcmp (curve,
> "Ed448")))
> + keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY;
> + }
> else
> nbits = ask_keysize (algo, 0);
>
> --
>
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
