[Rpm-maint] [rpm-software-management/rpm] Give error message for failed PGP key import (PR #2097)

Neal H. Walfield notifications at github.com
Wed Jun 29 08:53:42 UTC 2022


Even if subkeys aren't used, there can still be multiple signatures.

Here is `567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51` (Red Hat, Inc. (release key 2) <security at redhat.com>):

```
$ sq keyserver -s hkps://keyserver.ubuntu.com get '567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51' | sq packet dump
Public-Key Packet, new CTB, 525 bytes
    Version: 4
    Creation time: 2009-10-22 11:59:55 UTC
    Pk algo: RSA
    Pk size: 4096 bits
    Fingerprint: 567E347AD0044ADE55BA8A5F199E2F91FD431D51
    KeyID: 199E2F91FD431D51
  
User ID Packet, new CTB, 51 bytes
    Value: Red Hat, Inc. (release key 2) <security at redhat.com>
  
Signature Packet, new CTB, 589 bytes
    Version: 4
    Type: PositiveCertification
    Pk algo: RSA
    Hash algo: SHA1
    Hashed area:
      Signature creation time: 2009-10-22 11:59:55 UTC
      Key flags: CS
      Symmetric algo preferences: AES256, AES192, AES128, CAST5, TripleDES
      Hash preferences: SHA1, SHA256, RipeMD
      Compression preferences: Zlib, BZip2, Zip
      Features: MDC
      Keyserver preferences: no modify
    Unhashed area:
      Issuer: 199E2F91FD431D51
      Issuer Fingerprint: 567E347AD0044ADE55BA8A5F199E2F91FD431D51
    Digest prefix: 6CE9
    Level: 0 (signature over data)
  
Signature Packet, new CTB, 563 bytes
    Version: 4
    Type: GenericCertification
    Pk algo: RSA
    Hash algo: SHA512
    Hashed area:
      Issuer Fingerprint: E99661DB6683EA305704ED3A4B5C7470051BB332
      Signature creation time: 2022-05-13 07:27:46 UTC
    Unhashed area:
      Issuer: 4B5C7470051BB332
    Digest prefix: B07C
    Level: 0 (signature over data)
  
Signature Packet, new CTB, 156 bytes
    Version: 4
    Type: GenericCertification
    Pk algo: RSA
    Hash algo: SHA1
    Hashed area:
      Signature creation time: 2010-08-10 08:57:09 UTC
    Unhashed area:
      Issuer: EEAD4CFD49A563D9
    Digest prefix: A30F
    Level: 0 (signature over data)
```

There are three signature packets on the User ID packet, two of them use SHA-1.  Note: an OpenPGP certificate is not valid without at least one valid self signature.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2097#issuecomment-1169710523
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/2097/c1169710523 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220629/37e95abf/attachment.html>


More information about the Rpm-maint mailing list