search

keybase / client

Keybase Go Library, Client, Service, OS X, iOS, Android, Electron
BSD 3-Clause "New" or "Revised" License
8.9k stars 1.23k forks source link

Error on adding GPG key #22458

Closed sbrunner closed 4 years ago

sbrunner commented 4 years ago

I get this error:

▶ ERROR key generation error: no valid primary key self-signature or key(s) have expired (Signature failure in packet 1: rejecting insecure hash SHA1 (b39fc793d1d6a94c)) (error 905)

That what should I do? Generate a new key or update my key? If I should generate a new key how is working the migration of my GPG key for my other usages?

my log id: a527426b1ad7a1fd1844631c

zapu commented 4 years ago

Unfortunately I couldn't find any "official" or acclaimed guide on how to migrate from SHA1 in existing PGP keys. If anyone has one, please share.

Depending how familiar you are with gpg tool, I had some success to re-sign my keys with the following procedure. But your mileage may vary. If you use key-servers, adding new non-SHA1 signatures and uploading the key again will likely make both signatures show up for anyone fetching that key.

Disclaimer: I have a limited knowledge of what might break if you do this and other people already have your public key. Also if my real keys where at stake here, I would backup my secret keys beforehand.

Here's a key that I started with:

» gpg --export --armor | pgpdump
Old: Public Key Packet(tag 6)(51 bytes)
    Ver 4 - new
    Public key creation time - Mon Feb 10 16:15:44 CET 2020
    Pub alg - EdDSA Edwards-curve Digital Signature Algorithm(pub 22)
    Unknown public key(pub 22)
Old: User ID Packet(tag 13)(11 bytes)
    User ID - test 7206f9
Old: Signature Packet(tag 2)(139 bytes)
    Ver 4 - new
    Sig type - Positive certification of a User ID and Public Key packet(0x13).
    Pub alg - EdDSA Edwards-curve Digital Signature Algorithm(pub 22)
    Hash alg - SHA1(hash 2)
    (...)
Old: Public Subkey Packet(tag 14)(56 bytes)
    Ver 4 - new
    Public key creation time - Mon Feb 10 16:15:44 CET 2020
    Pub alg - Reserved for Elliptic Curve(pub 18)
    Unknown public key(pub 18)
Old: Signature Packet(tag 2)(120 bytes)
    Ver 4 - new
    Sig type - Subkey Binding Signature(0x18).
    Pub alg - EdDSA Edwards-curve Digital Signature Algorithm(pub 22)
    Hash alg - SHA1(hash 2)
    (...)

Notice the signatures with Hash alg - SHA1(hash 2).

Now, to update them:

# edit key but force SHA512 for certification.
 » gpg --cert-digest-algo SHA512 --expert --edit-key test
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  ed25519/E41EE13410C7420F
     created: 2020-02-10  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb  cv25519/9E088966F847ADDA
     created: 2020-02-10  expires: never       usage: E   
[ultimate] (1). test 7206f9

# sign user ids.
gpg> sign
"test 7206f9" was already signed by key E41EE13410C7420F
Do you want to sign it again anyway? (y/N) y

(...)

Are you sure that you want to sign this key with your
key "test 7206f9" (E41EE13410C7420F)

This will be a self-signature.

Really sign? (y/N) y

# clean old user id signature
gpg> clean
User ID "test 7206f9": 1 signature removed

sec  ed25519/E41EE13410C7420F
     created: 2020-02-10  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb  cv25519/9E088966F847ADDA
     created: 2020-02-10  expires: never       usage: E   
[ultimate] (1). test 7206f9

# switch to subkey 1
gpg> key 1

sec  ed25519/E41EE13410C7420F
     created: 2020-02-10  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb* cv25519/9E088966F847ADDA
     created: 2020-02-10  expires: never       usage: E   
[ultimate] (1). test 7206f9

# change expiration which generates a new subkey signature
gpg> expire
Changing expiration time for a subkey.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 4y
Key expires at pią, 9 lut 2024, 16:16:34 CET
Is this correct? (y/N) y

sec  ed25519/E41EE13410C7420F
     created: 2020-02-10  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb* cv25519/9E088966F847ADDA
     created: 2020-02-10  expires: 2024-02-09  usage: E   
[ultimate] (1). test 7206f9

gpg> save

The key afterwards:

» gpg --export --armor | pgpdump
Old: Public Key Packet(tag 6)(51 bytes)
    Ver 4 - new
    Public key creation time - Mon Feb 10 16:15:44 CET 2020
    Pub alg - EdDSA Edwards-curve Digital Signature Algorithm(pub 22)
    Unknown public key(pub 22)
Old: User ID Packet(tag 13)(11 bytes)
    User ID - test 7206f9
Old: Signature Packet(tag 2)(139 bytes)
    Ver 4 - new
    Sig type - Positive certification of a User ID and Public Key packet(0x13).
    Pub alg - EdDSA Edwards-curve Digital Signature Algorithm(pub 22)
    Hash alg - SHA512(hash 10)
    (...)
Old: Public Subkey Packet(tag 14)(56 bytes)
    Ver 4 - new
    Public key creation time - Mon Feb 10 16:15:44 CET 2020
    Pub alg - Reserved for Elliptic Curve(pub 18)
    Unknown public key(pub 18)
Old: Signature Packet(tag 2)(126 bytes)
    Ver 4 - new
    Sig type - Subkey Binding Signature(0x18).
    Pub alg - EdDSA Edwards-curve Digital Signature Algorithm(pub 22)
    Hash alg - SHA512(hash 10)
    (...)
sbrunner commented 4 years ago

I just try this but it steal don't work:

Old: Public Key Packet(tag 6)(418 bytes)
        Ver 4 - new
        Public key creation time - Thu Nov 10 14:14:31 CET 2005
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        DSA p(1024 bits) - ...
        DSA q(160 bits) - ...
        DSA g(1024 bits) - ...
        DSA y(1023 bits) - ...
Old: User ID Packet(tag 13)(46 bytes)
        User ID - Stéphane Brunner <stephane.brunner@gmail.com>
Old: Signature Packet(tag 2)(115 bytes)
        Ver 4 - new
        Sig type - Positive certification of a User ID and Public Key packet(0x13).
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA512(hash 10)
        Hashed Sub: key flags(sub 27)(1 bytes)
                Flag - This key may be used to certify other keys
                Flag - This key may be used to sign data
        Hashed Sub: features(sub 30)(1 bytes)
                Flag - Modification detection (packets 18 and 19)
        Hashed Sub: key server preferences(sub 23)(1 bytes)
                Flag - No-modify
        Hashed Sub: unknown(sub 33)(21 bytes)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Mon Feb 10 17:19:17 CET 2020
        Hashed Sub: preferred symmetric algorithms(sub 11)(2 bytes)
                Sym alg - AES with 256-bit key(sym 9)
                Sym alg - Twofish with 256-bit key(sym 10)
        Hashed Sub: preferred hash algorithms(sub 21)(1 bytes)
                Hash alg - SHA512(hash 10)
        Hashed Sub: preferred compression algorithms(sub 22)(4 bytes)
                Comp alg - ZLIB <RFC1950>(comp 2)
                Comp alg - BZip2(comp 3)
                Comp alg - ZIP <RFC1951>(comp 1)
                Comp alg - Uncompressed(comp 0)
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0xB39FC793D1D6A94C
        Hash left 2 bytes - 6b 3e 
        DSA r(159 bits) - ...
        DSA s(159 bits) - ...
                -> hash(DSA q bits)
Old: User ID Packet(tag 13)(51 bytes)
        User ID - Stéphane Brunner <stephane.brunner@camptocamp.com>
Old: Signature Packet(tag 2)(115 bytes)
        Ver 4 - new
        Sig type - Positive certification of a User ID and Public Key packet(0x13).
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA512(hash 10)
        Hashed Sub: key flags(sub 27)(1 bytes)
                Flag - This key may be used to certify other keys
                Flag - This key may be used to sign data
        Hashed Sub: features(sub 30)(1 bytes)
                Flag - Modification detection (packets 18 and 19)
        Hashed Sub: key server preferences(sub 23)(1 bytes)
                Flag - No-modify
        Hashed Sub: unknown(sub 33)(21 bytes)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Mon Feb 10 17:19:17 CET 2020
        Hashed Sub: preferred symmetric algorithms(sub 11)(2 bytes)
                Sym alg - AES with 256-bit key(sym 9)
                Sym alg - Twofish with 256-bit key(sym 10)
        Hashed Sub: preferred hash algorithms(sub 21)(1 bytes)
                Hash alg - SHA512(hash 10)
        Hashed Sub: preferred compression algorithms(sub 22)(4 bytes)
                Comp alg - ZLIB <RFC1950>(comp 2)
                Comp alg - BZip2(comp 3)
                Comp alg - ZIP <RFC1951>(comp 1)
                Comp alg - Uncompressed(comp 0)
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0xB39FC793D1D6A94C
        Hash left 2 bytes - e5 42 
        DSA r(159 bits) - ...
        DSA s(160 bits) - ...
                -> hash(DSA q bits)
New: User Attribute Packet(tag 17)(4097 bytes)
        Sub: image attribute(sub 1)(4094 bytes)
                Image encoding - JPEG(enc 1)
                Image data(4078 bytes)
Old: Signature Packet(tag 2)(115 bytes)
        Ver 4 - new
        Sig type - Positive certification of a User ID and Public Key packet(0x13).
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA512(hash 10)
        Hashed Sub: key flags(sub 27)(1 bytes)
                Flag - This key may be used to certify other keys
                Flag - This key may be used to sign data
        Hashed Sub: features(sub 30)(1 bytes)
                Flag - Modification detection (packets 18 and 19)
        Hashed Sub: key server preferences(sub 23)(1 bytes)
                Flag - No-modify
        Hashed Sub: unknown(sub 33)(21 bytes)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Mon Feb 10 17:19:17 CET 2020
        Hashed Sub: preferred symmetric algorithms(sub 11)(2 bytes)
                Sym alg - AES with 256-bit key(sym 9)
                Sym alg - Twofish with 256-bit key(sym 10)
        Hashed Sub: preferred hash algorithms(sub 21)(1 bytes)
                Hash alg - SHA512(hash 10)
        Hashed Sub: preferred compression algorithms(sub 22)(4 bytes)
                Comp alg - ZLIB <RFC1950>(comp 2)
                Comp alg - BZip2(comp 3)
                Comp alg - ZIP <RFC1951>(comp 1)
                Comp alg - Uncompressed(comp 0)
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0xB39FC793D1D6A94C
        Hash left 2 bytes - e7 13 
        DSA r(157 bits) - ...
        DSA s(159 bits) - ...
                -> hash(DSA q bits)
Old: Public Subkey Packet(tag 14)(525 bytes)
        Ver 4 - new
        Public key creation time - Thu Nov 10 14:14:39 CET 2005
        Pub alg - ElGamal Encrypt-Only(pub 16)
        ElGamal p(2048 bits) - ...
        ElGamal g(3 bits) - ...
        ElGamal y(2046 bits) - ...
Old: Signature Packet(tag 2)(96 bytes)
        Ver 4 - new
        Sig type - Subkey Binding Signature(0x18).
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA512(hash 10)
        Hashed Sub: key flags(sub 27)(1 bytes)
                Flag - This key may be used to encrypt communications
                Flag - This key may be used to encrypt storage
        Hashed Sub: unknown(sub 33)(21 bytes)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Mon Feb 10 17:12:56 CET 2020
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0xB39FC793D1D6A94C
        Hash left 2 bytes - a2 df 
        DSA r(160 bits) - ...
        DSA s(160 bits) - ...
                -> hash(DSA q bits)
Old: Public Key Packet(tag 6)(141 bytes)
        Ver 4 - new
        Public key creation time - Sat Jul 10 17:02:40 CEST 2010
        Pub alg - RSA Encrypt or Sign(pub 1)
        RSA n(1024 bits) - ...
        RSA e(17 bits) - ...
Old: User ID Packet(tag 13)(47 bytes)
        User ID - Launchpad Free exFAT file system implementation
Old: Signature Packet(tag 2)(182 bytes)
        Ver 4 - new
        Sig type - Positive certification of a User ID and Public Key packet(0x13).
        Pub alg - RSA Encrypt or Sign(pub 1)
        Hash alg - SHA1(hash 2)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Sat Jul 10 17:02:40 CEST 2010
        Hashed Sub: key flags(sub 27)(1 bytes)
                Flag - This key may be used to certify other keys
                Flag - This key may be used to sign data
        Hashed Sub: preferred symmetric algorithms(sub 11)(5 bytes)
                Sym alg - AES with 256-bit key(sym 9)
                Sym alg - AES with 192-bit key(sym 8)
                Sym alg - AES with 128-bit key(sym 7)
                Sym alg - CAST5(sym 3)
                Sym alg - Triple-DES(sym 2)
        Hashed Sub: preferred hash algorithms(sub 21)(3 bytes)
                Hash alg - SHA1(hash 2)
                Hash alg - SHA256(hash 8)
                Hash alg - RIPEMD160(hash 3)
        Hashed Sub: preferred compression algorithms(sub 22)(3 bytes)
                Comp alg - ZLIB <RFC1950>(comp 2)
                Comp alg - BZip2(comp 3)
                Comp alg - ZIP <RFC1951>(comp 1)
        Hashed Sub: features(sub 30)(1 bytes)
                Flag - Modification detection (packets 18 and 19)
        Hashed Sub: key server preferences(sub 23)(1 bytes)
                Flag - No-modify
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0x4DF9B28CA252A784
        Hash left 2 bytes - 64 c8 
        RSA m^d mod n(1023 bits) - ...
                -> PKCS-1
Old: Public Key Packet(tag 6)(525 bytes)
        Ver 4 - new
        Public key creation time - Mon Feb 22 13:29:07 CET 2016
        Pub alg - RSA Encrypt or Sign(pub 1)
        RSA n(4096 bits) - ...
        RSA e(17 bits) - ...
...

keybase pgp select => ▶ ERROR key generation error: bad signature: rejecting insecure hash SHA1 (error 1002)

zapu commented 4 years ago

that's a different error, so we have progress: gpg tries to make a SHA1 sig when making a reverse-signature for Keybase. What's your gpg --version? Do you have anything in ~/.gnupg/gpg.conf ?

sbrunner commented 4 years ago

Thanks :-) => gpg --version

gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/sbrunner/.gnupg
Algorithmes pris en charge :
Clef publique : RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Chiffrement : IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256,
              TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256
Hachage : SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression : Non compressé, ZIP, ZLIB, BZIP2

~/.gnupg/gpg.conf

keyserver hkp://keys.gnupg.net
use-agent
cert-digest-algo SHA512

weak-digest SHA1
personal-digest-preferences SHA512,SHA384,SHA256,SHA224
default-preference-list SHA512,SHA384,SHA256,SHA224,AES256,AES192,AES,CAST5,3DES,BZIP2,ZIP,ZLIB,Uncompressed
zapu commented 4 years ago

Your config looks good. I think the issue is still with the key. Can you try setpref command while in gpg --edit-key ?

sbrunner commented 4 years ago

setpref:

Set preference list to:
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: BZIP2, ZIP, ZLIB, Uncompressed
     Features: MDC, Keyserver no-modify
zapu commented 4 years ago

after you do that and save, is it accepted by Keybase then?

sbrunner commented 4 years ago

No, same error :-/

keybase pgp select
You are selecting a PGP key from your local GnuPG keychain, and
will publish a statement signed with this key to make it part of
your Keybase.io identity.

Note that GnuPG will prompt you to perform this signature.

You can also import the secret key to *local*, *encrypted* Keybase
keyring, enabling decryption and signing with the Keybase client.
To do that, use "--import" flag.

Learn more: keybase pgp help select

#    Algo    Key Id             Created   UserId
=    ====    ======             =======   ======
1    1024D   B39FC793D1D6A94C             Stéphane Brunner <stephane.brunner@gmail.com>, Stéphane Brunner <stephane.brunner@camptocamp.com>
Choose a key: 1
▶ ERROR key generation error: bad signature: rejecting insecure hash SHA1 (error 1002)
zapu commented 4 years ago

can you show the result of gpg --export --armor | pgpdump again? I think one of the subkeys is still signed using SHA1 and has SHA1 as preferred hash algo.

you might need to do this

# switch to subkey 2
gpg> key 2

(...)

# change expiration which generates a new subkey signature
gpg> expire

in gpg --expert --edit-key if that's the case and there really is a subkey 2 with bad params

sbrunner commented 4 years ago

I change the expire again on all subkeys, then keybase pgp select:

You are selecting a PGP key from your local GnuPG keychain, and
will publish a statement signed with this key to make it part of
your Keybase.io identity.

Note that GnuPG will prompt you to perform this signature.

You can also import the secret key to *local*, *encrypted* Keybase
keyring, enabling decryption and signing with the Keybase client.
To do that, use "--import" flag.

Learn more: keybase pgp help select

#    Algo    Key Id             Created   UserId
=    ====    ======             =======   ======
1    1024D   B39FC793D1D6A94C             Stéphane Brunner <stephane.brunner@camptocamp.com>, Stéphane Brunner <stephane.brunner@gmail.com>
2    3072R   30C9B913FD42EF13             The CI <geospatial-list@camptocamp.com>
3    3072R   C931A371FD5DC508             Camptocamp <geospatial-bot@camptocamp.com>
Choose a key: 1
▶ ERROR key generation error: bad signature: rejecting insecure hash SHA1 (error 1002)

gpg --export --armor B39FC793D1D6A94C | pgpdump:

Old: Public Key Packet(tag 6)(418 bytes)
        Ver 4 - new
        Public key creation time - Thu Nov 10 14:14:31 CET 2005
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        DSA p(1024 bits) - ...
        DSA q(160 bits) - ...
        DSA g(1024 bits) - ...
        DSA y(1023 bits) - ...
Old: User ID Packet(tag 13)(51 bytes)
        User ID - Stéphane Brunner <stephane.brunner@camptocamp.com>
Old: Signature Packet(tag 2)(127 bytes)
        Ver 4 - new
        Sig type - Positive certification of a User ID and Public Key packet(0x13).
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA512(hash 10)
        Hashed Sub: key flags(sub 27)(1 bytes)
                Flag - This key may be used to certify other keys
                Flag - This key may be used to sign data
        Hashed Sub: features(sub 30)(1 bytes)
                Flag - Modification detection (packets 18 and 19)
        Hashed Sub: key server preferences(sub 23)(1 bytes)
                Flag - No-modify
        Hashed Sub: preferred symmetric algorithms(sub 11)(5 bytes)
                Sym alg - AES with 256-bit key(sym 9)
                Sym alg - AES with 192-bit key(sym 8)
                Sym alg - AES with 128-bit key(sym 7)
                Sym alg - CAST5(sym 3)
                Sym alg - Triple-DES(sym 2)
        Hashed Sub: preferred hash algorithms(sub 21)(4 bytes)
                Hash alg - SHA512(hash 10)
                Hash alg - SHA384(hash 9)
                Hash alg - SHA256(hash 8)
                Hash alg - SHA224(hash 11)
        Hashed Sub: preferred compression algorithms(sub 22)(4 bytes)
                Comp alg - BZip2(comp 3)
                Comp alg - ZIP <RFC1951>(comp 1)
                Comp alg - ZLIB <RFC1950>(comp 2)
                Comp alg - Uncompressed(comp 0)
        Hashed Sub: unknown(sub 33)(21 bytes)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Tue Feb 11 09:05:46 CET 2020
        Hashed Sub: key expiration time(sub 9)(4 bytes)
                Time - Sat Feb 10 09:05:46 CET 2024
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0xB39FC793D1D6A94C
        Hash left 2 bytes - 16 b0 
        DSA r(160 bits) - ...
        DSA s(157 bits) - ...
                -> hash(DSA q bits)
Old: User ID Packet(tag 13)(46 bytes)
        User ID - Stéphane Brunner <stephane.brunner@gmail.com>
Old: Signature Packet(tag 2)(127 bytes)
        Ver 4 - new
        Sig type - Positive certification of a User ID and Public Key packet(0x13).
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA512(hash 10)
        Hashed Sub: key flags(sub 27)(1 bytes)
                Flag - This key may be used to certify other keys
                Flag - This key may be used to sign data
        Hashed Sub: features(sub 30)(1 bytes)
                Flag - Modification detection (packets 18 and 19)
        Hashed Sub: key server preferences(sub 23)(1 bytes)
                Flag - No-modify
        Hashed Sub: preferred symmetric algorithms(sub 11)(5 bytes)
                Sym alg - AES with 256-bit key(sym 9)
                Sym alg - AES with 192-bit key(sym 8)
                Sym alg - AES with 128-bit key(sym 7)
                Sym alg - CAST5(sym 3)
                Sym alg - Triple-DES(sym 2)
        Hashed Sub: preferred hash algorithms(sub 21)(4 bytes)
                Hash alg - SHA512(hash 10)
                Hash alg - SHA384(hash 9)
                Hash alg - SHA256(hash 8)
                Hash alg - SHA224(hash 11)
        Hashed Sub: preferred compression algorithms(sub 22)(4 bytes)
                Comp alg - BZip2(comp 3)
                Comp alg - ZIP <RFC1951>(comp 1)
                Comp alg - ZLIB <RFC1950>(comp 2)
                Comp alg - Uncompressed(comp 0)
        Hashed Sub: unknown(sub 33)(21 bytes)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Tue Feb 11 09:05:46 CET 2020
        Hashed Sub: key expiration time(sub 9)(4 bytes)
                Time - Sat Feb 10 09:05:46 CET 2024
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0xB39FC793D1D6A94C
        Hash left 2 bytes - b9 9b 
        DSA r(159 bits) - ...
        DSA s(159 bits) - ...
                -> hash(DSA q bits)
New: User Attribute Packet(tag 17)(4097 bytes)
        Sub: image attribute(sub 1)(4094 bytes)
                Image encoding - JPEG(enc 1)
                Image data(4078 bytes)
Old: Signature Packet(tag 2)(127 bytes)
        Ver 4 - new
        Sig type - Positive certification of a User ID and Public Key packet(0x13).
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA512(hash 10)
        Hashed Sub: key flags(sub 27)(1 bytes)
                Flag - This key may be used to certify other keys
                Flag - This key may be used to sign data
        Hashed Sub: features(sub 30)(1 bytes)
                Flag - Modification detection (packets 18 and 19)
        Hashed Sub: key server preferences(sub 23)(1 bytes)
                Flag - No-modify
        Hashed Sub: preferred symmetric algorithms(sub 11)(5 bytes)
                Sym alg - AES with 256-bit key(sym 9)
                Sym alg - AES with 192-bit key(sym 8)
                Sym alg - AES with 128-bit key(sym 7)
                Sym alg - CAST5(sym 3)
                Sym alg - Triple-DES(sym 2)
        Hashed Sub: preferred hash algorithms(sub 21)(4 bytes)
                Hash alg - SHA512(hash 10)
                Hash alg - SHA384(hash 9)
                Hash alg - SHA256(hash 8)
                Hash alg - SHA224(hash 11)
        Hashed Sub: preferred compression algorithms(sub 22)(4 bytes)
                Comp alg - BZip2(comp 3)
                Comp alg - ZIP <RFC1951>(comp 1)
                Comp alg - ZLIB <RFC1950>(comp 2)
                Comp alg - Uncompressed(comp 0)
        Hashed Sub: unknown(sub 33)(21 bytes)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Tue Feb 11 09:05:46 CET 2020
        Hashed Sub: key expiration time(sub 9)(4 bytes)
                Time - Sat Feb 10 09:05:46 CET 2024
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0xB39FC793D1D6A94C
        Hash left 2 bytes - 45 de 
        DSA r(159 bits) - ...
        DSA s(159 bits) - ...
                -> hash(DSA q bits)
Old: Public Subkey Packet(tag 14)(525 bytes)
        Ver 4 - new
        Public key creation time - Thu Nov 10 14:14:39 CET 2005
        Pub alg - ElGamal Encrypt-Only(pub 16)
        ElGamal p(2048 bits) - ...
        ElGamal g(3 bits) - ...
        ElGamal y(2046 bits) - ...
Old: Signature Packet(tag 2)(102 bytes)
        Ver 4 - new
        Sig type - Subkey Binding Signature(0x18).
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA512(hash 10)
        Hashed Sub: key flags(sub 27)(1 bytes)
                Flag - This key may be used to encrypt communications
                Flag - This key may be used to encrypt storage
        Hashed Sub: unknown(sub 33)(21 bytes)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Tue Feb 11 09:06:06 CET 2020
        Hashed Sub: key expiration time(sub 9)(4 bytes)
                Time - Sat Feb 10 09:06:06 CET 2024
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0xB39FC793D1D6A94C
        Hash left 2 bytes - c9 40 
        DSA r(159 bits) - ...
        DSA s(159 bits) - ...
                -> hash(DSA q bits)
zapu commented 4 years ago

Interesting. Can you also try to add digest-algo SHA512 to your gpg.conf?

sbrunner commented 4 years ago

Done and success :-) Many thanks :-)