Open nitz opened 3 weeks ago
I just re-built a key with the legacy ID, and still received the error, though talking about it's packet ID this time:
- ERROR key generation error: Unknown signature subpacket: 34 (error 905)
It seems keybase can't handle any preferred AEAD cryptosuite subpacket.
At least with the latest release copy of Gpg4Win I've got on this machine, generating a key using all default settings with GPG there, it creates a key that includes a subpacket with ID 0x22
, and is thus unusable with keybase.
Symptom
Attempting to import my PGP key via
keybase pgp select
produces the following error:Attempting to import via
keybase pgp import
with the key in ASCII armor directly does prompt for the passphrase to unlock the secret key, but then produces:Expected Behavior
As the subpacket for
Preferred AEAD Ciphersuites
is to indicated a preference, it shouldn't have any bearing on whether or not I'm able to import it into keybase.Underlying Issue
I believe the issue lies with the modern definition of the "Preferred AEAD Ciphersuites" subpacket ID. As late as version 04 (2021-5-2) of the crypto-refresh draft, the ID used for Preferred AEAD was
34
(0x22
), where it was marked asReserved (Preferred AEAD Algorithms)
. However, as of [version 5]() (2022-03-07) and later, the ID for that subpacket type was moved to39
(0x27
) and namedPreferred AEAD Ciphersuites
. The type left at0x22
was (and remains) simply left as reserved.It seems even the current source for gpg is still using the older id, while some implementations like bouncycastle have already moved on to the newer ID, which explains discrepancies depending on where keys may be generated.
Other Bits
I've produced a key which contains the subpacket with that ID here for testing, should it be needed.
The key's fingerprint is
0F34 43BE 35CD 231D 7507 7D95 CD7D 2614 07B1 896F
and passphrase istest key please ignore
.