Mailing List Archive: GnuPG: users

GPG self signature missing error

Index | Next | Previous | View Threaded

rahul.raviz at gmail

Nov 23, 2009, 4:17 AM

Post #1 of 5 (848 views)
Permalink

GPG self signature missing error

Hi All,

I have GNUPG versions 1.2 and 1.4 installed on two servers A and B
respectively.

I got a gpg key from a client, i imported it on Server B with out any error
messages and I am able to encrypt and decrypt data.

but on server A iam getting many errors.

/usr/local/bin/gpg --homedir /root/.gnupg --import client_name.pkr
gpg: key DFEB876D: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg: w/o user IDs: 1

then i tried

usr/local/bin/gpg --homedir /root/.gnupg --allow-non-selfsigned-uid --import
client_name.pkr

this time it worked..

but when i try to encrypt the data it is giving me an error

usr/local/bin/gpg --homedir /root/.gnupg --output a.txt.gpg "gpg_key"
--encrypt a.txt

gpg: missing self-signature

i don know why it is behaving like this.. bcoz on B i have no such issues.

is this bcoz of the version differences? is there anyother command to solve
this error. or do i need to upgrade the gpg version on A? please advice.

--
View this message in context: http://old.nabble.com/GPG-self-signature-missing-error-tp26477035p26477035.html
Sent from the GnuPG - User mailing list archive at Nabble.com.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

christoph.anton.mitterer at physik

Nov 23, 2009, 4:25 AM

Post #2 of 5 (776 views)
Permalink

Re: GPG self signature missing error [In reply to]

You simply should not use such a key (without signed UIDs),.. except you
really really know what you're doing.
The key is probably damaged, or it might be even an attack.

Cheers,
Chris.

Attachments:

smime.p7s (3.31 KB)

rahul.raviz at gmail

Nov 23, 2009, 4:27 AM

Post #3 of 5 (774 views)
Permalink

Re: GPG self signature missing error [In reply to]

then could you plz explain why it is not giving me any error on server B
that has a gpg version 1.4?

2009/11/23 Christoph Anton Mitterer <
christoph.anton.mitterer [at] physik>

> You simply should not use such a key (without signed UIDs),.. except you
> really really know what you're doing.
> The key is probably damaged, or it might be even an attack.
>
> Cheers,
> Chris.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users [at] gnupg
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>

--
Thanks,
Regards,
Rahul R
Mob: 09008030921

christoph.anton.mitterer at physik

Nov 23, 2009, 4:33 AM

Post #4 of 5 (782 views)
Permalink

Re: GPG self signature missing error [In reply to]

On Mon, 2009-11-23 at 17:57 +0530, Rahul R wrote:
> then could you plz explain why it is not giving me any error on server
> B that has a gpg version 1.4?
I'm not sure, but it's likely that the older version did simply not
check for this.

Using a key with UIDs that are not signed by that key is dangerous, as
anybody could have attached such an UID to the respective key.
I could for example take your publich key, which has about the following
layout:
public key packet
UID packed
signature on the UID packet

...strip of the UID and signature packet and add my own (evil) UID. But
I cannot forge the signature on the UID, well not easily at least ;)

Cheers,
Chris.

Attachments:

smime.p7s (3.31 KB)

dkg at fifthhorseman

Nov 23, 2009, 6:02 AM

Post #5 of 5 (779 views)
Permalink

Re: GPG self signature missing error [In reply to]

On 11/23/2009 07:17 AM, kuttuani wrote:
> I have GNUPG versions 1.2 and 1.4 installed on two servers A and B
> respectively.
>
> I got a gpg key from a client, i imported it on Server B with out any error
> messages and I am able to encrypt and decrypt data.
>
> but on server A iam getting many errors.
>
> /usr/local/bin/gpg --homedir /root/.gnupg --import client_name.pkr
> gpg: key DFEB876D: no valid user IDs

This key is not available from the public keyserver network, so i can't
see what its actual self-signatures look like. Is it possible that its
only self-sigs were made by an algorithm unsupported by gpg 1.2?

i'm not sure which algorithms were introduced between 1.2 and 1.4, but
that would be useful information for this question.

--dkg

Attachments:

signature.asc (0.87 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads