Re: Gnupg or keyserver bug?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Gnupg or keyserver bug?

Jason Harris
On Fri, Jun 17, 2005 at 11:25:43AM +0200, Kevin Bube wrote:

> yesterday I encountered a gpg error while I tried to import a key from a
> keyserver. This is the first key where I saw this.
>
> ,----
> | kevin@leibnitz:~/tmp $ gpg --keyserver blackhole.pca.dfn.de --homedir /tmp --recv-key EAE8EB6A
> | gpg: keyring `/tmp/secring.gpg' created
> | gpg: keyring `/tmp/pubring.gpg' created
> | gpg: requesting key EAE8EB6A from hkp server blackhole.pca.dfn.de
> |
> | gpg: Ohhhh jeeee: mpi crosses packet border
> | secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
> | Aborted
blackhole.pca.dfn.de needs to be upgraded to the latest version of SKS.

> However if I use another keyserver this works:
>
> ,----
> | kevin@leibnitz:~/tmp $ gpg --keyserver subkeys.pgp.net --homedir /tmp --recv-key EAE8EB6A

> Is this a GnuPG problem or one of the keyserver?

Development versions of GPG may be able to import this key with the bad
subkey packet, which is attached.  It should hash to:

  %esha1sum 000467-014.public_subkey
  95f35324cb36b57265f37c85860001af0045fa68     1040  000467-014.public_subkey

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

000467-014.public_subkey (1K) Download Attachment
attachment1 (318 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Gnupg or keyserver bug?

Kevin Bube
Jason Harris <[hidden email]> writes:

> blackhole.pca.dfn.de needs to be upgraded to the latest version of SKS.

Ah, okay. So it's a server problem then.

Thanks,

Kevin

--
publickey 2048R/0AFDFB19: http://www.icbm.de/~bube/publickey.asc
fingerprint: 542B 1378 04AA AF1F 572E  78BF 1BF5 5C71 0AFD FB19

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (490 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: Gnupg or keyserver bug?

Olaf Gellert
In reply to this post by Jason Harris
Jason Harris wrote:

> On Fri, Jun 17, 2005 at 11:25:43AM +0200, Kevin Bube wrote:
>
>>yesterday I encountered a gpg error while I tried to import a key from a
>>keyserver. This is the first key where I saw this.
>>
>>,----
>>| kevin@leibnitz:~/tmp $ gpg --keyserver blackhole.pca.dfn.de --homedir /tmp --recv-key EAE8EB6A
>>| gpg: keyring `/tmp/secring.gpg' created
>>| gpg: keyring `/tmp/pubring.gpg' created
>>| gpg: requesting key EAE8EB6A from hkp server blackhole.pca.dfn.de
>>|
>>| gpg: Ohhhh jeeee: mpi crosses packet border
>>| secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
>>| Aborted
>
> blackhole.pca.dfn.de needs to be upgraded to the latest version of SKS.

Well, I upgraded the keyserver to a recent (CVS) version.
But the error still occurs. So? Maybe something that
is stored in the database (I did not erase the database
while upgrading the server)?

Thanx for an answer, Olaf

--
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           [hidden email]

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet



_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: Gnupg or keyserver bug?

Jason Harris
On Mon, Aug 01, 2005 at 12:09:28PM +0200, Olaf Gellert wrote:
> Jason Harris wrote:
> > On Fri, Jun 17, 2005 at 11:25:43AM +0200, Kevin Bube wrote:

> >>yesterday I encountered a gpg error while I tried to import a key from a
> >>keyserver. This is the first key where I saw this.

> >>| kevin@leibnitz:~/tmp $ gpg --keyserver blackhole.pca.dfn.de --homedir /tmp --recv-key EAE8EB6A

> >>| gpg: Ohhhh jeeee: mpi crosses packet border

> > blackhole.pca.dfn.de needs to be upgraded to the latest version of SKS.
>
> Well, I upgraded the keyserver to a recent (CVS) version.
> But the error still occurs. So? Maybe something that
> is stored in the database (I did not erase the database
> while upgrading the server)?

Indeed, although with GPG 1.4.2 the error messages are more descriptive:

  gpg: mpi larger than indicated length (517 bytes)
  gpg: mpi larger than indicated length (0 bytes)
  gpg: read_block: read error: invalid packet

Move ./KDB/meta out of the way and run "sks cleandb" with no other
processes accessing the dbs.

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: Gnupg or keyserver bug?

Olaf Gellert
Hi again,

Jason Harris wrote:
>Olaf Gellert wrote:
>>Well, I upgraded the keyserver to a recent (CVS) version.
>>But the error still occurs. So? Maybe something that
>>is stored in the database (I did not erase the database
>>while upgrading the server)?
>
> Indeed, although with GPG 1.4.2 the error messages are more descriptive:

> Move ./KDB/meta out of the way and run "sks cleandb" with no other
> processes accessing the dbs.
>

I did this but unfortunately it did not change
anything. Some more ideas besides creating the
DB from a recent dump?

What happens with the key, it sounds as if some
index pointer of a subpacket is wrong (pointing
behind the subpacket). ???

Cheers, Olaf

--
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           [hidden email]

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet



_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: Gnupg or keyserver bug?

Jason Harris
In reply to this post by Olaf Gellert
On Mon, Aug 01, 2005 at 12:09:28PM +0200, Olaf Gellert wrote:
> Jason Harris wrote:

> > blackhole.pca.dfn.de needs to be upgraded to the latest version of SKS.
>
> Well, I upgraded the keyserver to a recent (CVS) version.

Doh!  CVS?  You should be using tla.  Your stats page:

  http://blackhole.pca.dfn.de:11371/pks/lookup?op=stats

says you're still running 1.0.7.

> But the error still occurs. So? Maybe something that

Naturally.  It was fixed either in the 1.0.9 release or sometime later.
For quick instructions on tla, see:

  Date: Wed, 20 Oct 2004 14:55:49 -0400
  From: Jason Harris <[hidden email]>
  To: [hidden email]
  Subject: Re: [Sks-devel] 1.0.8 patches
  Message-ID: <[hidden email]>

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: Gnupg or keyserver bug?

Olaf Gellert
Jason Harris wrote:
> On Mon, Aug 01, 2005 at 12:09:28PM +0200, Olaf Gellert wrote:
>>Jason Harris wrote:
>
>>>blackhole.pca.dfn.de needs to be upgraded to the latest version of SKS.
>>Well, I upgraded the keyserver to a recent (CVS) version.
>
> Doh!  CVS?  You should be using tla.  Your stats page:

Heck! Would be great if the available documentation
would refer to the actual ways on where to get SKS...
If I did not overlook something, there is no hint on

http://www.nongnu.org/sks/
http://savannah.nongnu.org/projects/sks/
http://documentation.penguin.de/cgi-bin/twiki/view/SKSKeyserver/

>   http://blackhole.pca.dfn.de:11371/pks/lookup?op=stats
>
> says you're still running 1.0.7.

No wonder. Seems to be more an issue of outdated
documentation. I thought we had left the old ages
of the Horowitz keyserver were it was necessary to
access the full archive of the mailing list to get
a recent version of the sources... ;-)

Consequently I just added a "Getting SKS" page to
the Wiki...

Well, another try... Thanx Jason

Olaf

--
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           [hidden email]

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet



_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel