kbpgp cannot process key file, pgp tools can

[chrisegner]

Hi,

I'm really only familiar with PGP at a conceptual level, so forgive me if this is off-base. I'm in a situation where I've been given a standard key file (containing 11 packets, three of which are public keys) used to verify signed strings. When I call:

kbpgp.KeyManager.import_from_armored_pgp({armored: SIGNING_PUBLIC_KEY}, function (err, keyManager) {
  console.log('err', err);
});

I get [Error: cannot have 2 primary keys].

I am able to process the file without complaint using MacGPG. Using that, I was able to extract the three individual keys and successfully verify the signature with one of them.

I've tried to read RFC 4880 (https://tools.ietf.org/html/rfc4880) to determine code the issue belongs to, either GnuPG v1.4.11 (GNU/Linux) which generated the key or kbpgp (2.0.62), but wasn't able to pin the error message to a relevant section of the RFC.

Please let me know what information would be most helpful. I'm trying to get permission to share the key file. In the mean time, I added some debugging statements in KeyBlock.prototype._extract_keys. See the attached extract_keys.redacted.txt. I looks like packet 5 is the problem (in conflict with packet 0?). According to pgpdump:

Packet 0
Old: Public Key Packet(tag 6)(525 bytes)
        Ver 4 - new
        Public key creation time - Wed Sep  7 09:45:39 PDT 2011
        Pub alg - RSA Encrypt or Sign(pub 1)
        RSA n(4096 bits) - ...
        RSA e(17 bits) - ...

and

5
Old: Public Key Packet(tag 6)(141 bytes)
        Ver 4 - new
        Public key creation time - Thu Sep 29 09:48:55 PDT 2011
        Pub alg - RSA Encrypt or Sign(pub 1)
        RSA n(1024 bits) - ...
        RSA e(17 bits) - ...

[maxtaco]

kbpgp wants one primary key at a time. can you just export them one at a time?

[chrisegner]

That's the workaround I'm using now, but it's a manual step and does not allow me to use the official key file, which is may get updated as keys are rotated. Is the single primary key a kbpgp restriction or an openpgp restriction?

[maxtaco]

it was a simplification we used when building the library. it's possible to expand the interface, but's not currently on our roadmap. we'd accept PRs though!

On Tue, Jan 10, 2017 at 8:37 PM, chrisegner notifications@github.com wrote:

That's the workaround I'm using now, but it's a manual step and does not allow me to use the official key file, which is may get updated as keys are rotated. Is the single primary key a kbpgp restriction or an openpgp restriction?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/keybase/kbpgp/issues/128#issuecomment-271753163, or mute the thread https://github.com/notifications/unsubscribe-auth/AA05__fwP1hWADUM62ihplSh7YDz6bVuks5rRDJngaJpZM4LgFx0 .