keybase
Remove AEAD flag
Unfortunately, this is not working for me.
I modified my public key as @markdascher suggested.
% gpg --edit-key B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B [... do the thing ...] % gpg --edit-key B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B [...] gpg> showpref [ultimate] (1). Philip Paeps <[email protected]> Cipher: AES256, AES192, AES, 3DES AEAD: Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify [ultimate] (2) Philip Paeps <[email protected]> Cipher: AES256, AES192, AES, 3DES AEAD: Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modifyI verified that the AEAD prefs were actually gone by comparing the output of
gpg --list-packetsbefore and after:% diff -u pubkey.asc.txt pubkey-no-aead.asc.txt --- pubkey.asc.txt 2021-06-23 13:02:50.000000000 +0800 +++ pubkey-no-aead.asc.txt 2021-06-23 13:18:58.000000000 +0800 @@ -5,39 +5,37 @@ keyid: BB6D8A14AFE7D96B :user ID packet: "Philip Paeps <[email protected]>" :signature packet: algo 22, keyid BB6D8A14AFE7D96B - version 4, created 1621924124, md5len 0, sigclass 0x13 - digest algo 10, begin of digest 91 fe + version 4, created 1624424244, md5len 0, sigclass 0x13 + digest algo 10, begin of digest 13 22 hashed subpkt 27 len 1 (key flags: 03) hashed subpkt 9 len 4 (key expires after 2y37d5h32m) + hashed subpkt 23 len 1 (keyserver preferences: 80) + hashed subpkt 25 len 1 (primary user ID) + hashed subpkt 33 len 21 (issuer fpr v4 B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B) + hashed subpkt 2 len 4 (sig created 2021-06-23) hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2) - hashed subpkt 34 len 2 (pref-aead-algos: 2 1) hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) - hashed subpkt 30 len 1 (features: 07) - hashed subpkt 23 len 1 (keyserver preferences: 80) - hashed subpkt 33 len 21 (issuer fpr v4 B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B) - hashed subpkt 2 len 4 (sig created 2021-05-25) - hashed subpkt 25 len 1 (primary user ID) + hashed subpkt 30 len 1 (features: 05) subpkt 16 len 8 (issuer key ID BB6D8A14AFE7D96B) data: [256 bits] - data: [256 bits] + data: [255 bits] :user ID packet: "Philip Paeps <[email protected]>" :signature packet: algo 22, keyid BB6D8A14AFE7D96B - version 4, created 1621924146, md5len 0, sigclass 0x13 - digest algo 10, begin of digest c7 b2 - hashed subpkt 33 len 21 (issuer fpr v4 B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B) - hashed subpkt 2 len 4 (sig created 2021-05-25) + version 4, created 1624424254, md5len 0, sigclass 0x13 + digest algo 10, begin of digest 8f e8 hashed subpkt 27 len 1 (key flags: 03) hashed subpkt 9 len 4 (key expires after 2y37d5h32m) + hashed subpkt 23 len 1 (keyserver preferences: 80) + hashed subpkt 33 len 21 (issuer fpr v4 B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B) + hashed subpkt 2 len 4 (sig created 2021-06-23) hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2) - hashed subpkt 34 len 2 (pref-aead-algos: 2 1) hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) - hashed subpkt 30 len 1 (features: 07) - hashed subpkt 23 len 1 (keyserver preferences: 80) + hashed subpkt 30 len 1 (features: 05) subpkt 16 len 8 (issuer key ID BB6D8A14AFE7D96B) - data: [253 bits] - data: [255 bits] + data: [256 bits] + data: [256 bits] :public sub key packet: version 4, algo 22, created 1621924204, expires 0 pkey[0]: [80 bits] ed25519 (1.3.6.1.4.1.11591.15.1)Selecting that key from
keybase select pgp --multistill returns the same error:▶ ERROR key generation error: Unknown signature subpacket: 34 (error 905)
Originally posted by @ppaeps in #4025
I don't understand why you're opening a new bug report. Did you try setpref [...] ks-modify no-mdc as suggested later in the bug report you reference? That worked for me a couple of months ago.
sorry if I'm somewhat hijacking this post
@ppaeps I've done the setpref [...] ks-modify no-mdc changes as described in the other issue and still my key has (manually omitted email):
uid [ultimate] Eduardo Barretto <...>
Cipher: AES256, AES192, AES, 3DES
AEAD:
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: AEAD
It seems that I could not remove AEAD from the features part.
And I can confirm that keybase still reports the same error message:
▶ ERROR key generation error: Unknown signature subpacket: 34 (error 905)
Any ideas?
@dodys I tried to explain how I came up with my setpref line in https://github.com/keybase/keybase-issues/issues/4025#issuecomment-1217239909 so it would always be relevant.
Take a look over there. Lots of advice over there and hundreds(?) of people have used that thread to come up with a usable key.
@ppaeps Yes, the setpref command does solve this issue. So many people get hit by this and have to fix it. Wouldn't it be better if it just worked out of the box rather than forcing so many developers to do something pretty obscure?
I don't think Keybase developers care about OpenPGP. I haven't looked at the code. I can't judge how difficul it would be to fix.
@dodys I tried to explain how I came up with my
setprefline in #4025 (comment) so it would always be relevant.Take a look over there. Lots of advice over there and hundreds(?) of people have used that thread to come up with a usable key.
that still doesn't seem to help, even though my key does not show aead in the preferences anymore, I still get the same error message. My key is on a yubikey, and by the looks of the many open issues, it seems keybase and yubikey don't work well together as reported in #4073
You may want to check if this is now fixed via https://github.com/keybase/kbpgp/pull/223
