Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proofmode is generating OpenPGP keys with deprecated RSA public key packets #65

b1rger opened this issue Nov 6, 2019 · 1 comment


Copy link

b1rger commented Nov 6, 2019

Hi, while doing some statistics on the keys on the keyservers, I stumbled upon roughly 3000 keys with the UserID All those keys are public keys with an RSA Sign-Only Public-Key packet. According to RFC4880 such keys should not be generated:

There are algorithm types for RSA Sign-Only, and RSA Encrypt-Only keys. These types are deprecated. The "key flags" subpacket in a signature is a much better way to express the same idea, and generalizes it to all algorithms. An implementation SHOULD NOT create such a key, but MAY interpret it.

I think the problem is in
where the constants RSA_SIGN and RSA_ENCRYPT are being used instead of RSA_GENERAL.

Copy link

n8fr8 commented Nov 11, 2019

Excellent find, thanks!

@n8fr8 n8fr8 self-assigned this Nov 11, 2019
@n8fr8 n8fr8 added the bug label Nov 11, 2019
@n8fr8 n8fr8 added this to the January Sprint A milestone Jan 3, 2020
@n8fr8 n8fr8 closed this as completed in 8e9bcbe Jan 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

2 participants