keybase-issues Unknown signature subpacket: 33, GnuPG 2.1.15

I am currently migrating to a new GPG key, so I wanted to revoking my proofs and then attach my new key.

My system now by default uses GnuPG 2 (version 2.1.15, to be exact). Trying to revoke the proofs spits out the error message "Unknown signature subpacket: 33". That I could fix by replacing "gpg" by "gpg1", i.e. by using the old GnuPG version.

However, adding my new key, created with GnuPG 2, does not work either, with the error message "Unknown signature subpacket: 33". And there, creating the armored export with gpg1 doesn't help either. So now I'm stuck with an empty keybase identity at the moment.

Nov 16 '16 18:11 DrMcCoy

Experiencing this same error message with a new PGP key. I've run into this on the web and again while uploading the key from the OSX terminal. "▶ ERROR key generation error: Unknown signature subpacket: 33 (error 905)"

Nov 21 '16 03:11 eriqnelson

Does anyone happen to know what Signature subpacket 33 is? I can't find any mention of it in the RFCs

Nov 21 '16 11:11 maxtaco

It looks like it might be IssuerFingerprint: http://gnupg-devel.gnupg.narkive.com/Z0EFUBU7/issuer-fingerprint-was-vanity-keys This is the only mention I could find on any of the relevant lists, but it also doesn't say whether it got implemented.

Nov 21 '16 15:11 skwerlman

Yeah the same error code occurs when sending signed encrypted messages to people (on their end) it doesnt happen when I send it without signing. I'm also using GnuPG for the encrypting

Nov 22 '16 11:11 ixt

Have the same problem. This is my keystructure:

pub ed25519 2016-05-31 [C] [expires: 2021-05-30] F36846C4A7DEFD55F492069C19B013CF06A4BEEF uid [ unknown] Meno Abels sub ed25519 2016-05-31 [A] [expires: 2021-05-30] sub rsa4096 2016-05-31 [SEA] [expires: 2021-05-30] sub rsa4096 2016-06-06 [SE] [expires: 2021-06-05] sub rsa4096 2016-06-06 [SE] [expires: 2021-06-05]

I only have access to my subkeys which are stored in a ccid(yubikey). My masterkey is offline stored.

Nov 22 '16 16:11 mabels

Also have this issue.

Yubikey

$ gpg --version
gpg (GnuPG) 2.1.15
libgcrypt 1.7.3-beta
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/hahanope/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

$ uname -a
Linux sw-20160601-01 4.8.0-1-amd64 #1 SMP Debian 4.8.5-1 (2016-10-28) x86_64 GNU/Linux # This is stretch.

Cannot perform any operations; I found this initially trying to do a "follow" command, but the keybase client also can't be set up for the same reason.

Seems to have started recently. I don't remember it being a problem a couple of weeks ago.

Nov 25 '16 08:11 andrewhowdencom

Confirmed, line 118 of common/openpgpdefs.h as of GnuPG 2.1.16 :

SIGSUBPKT_ISSUER_FPR = 33, /* EXPERIMENTAL: Issuer fingerprint. */

In release terms, this first appeared in GnuPG 2.1.14.

Nov 25 '16 20:11 keisisqrl

I'm also experiencing this issue. Would like for this to be fixed so I can use keybase. At the moment I'm not able to do that. gpg (GnuPG) 2.1.16 libgcrypt 1.7.3

kernel 4.8.11

Dec 03 '16 17:12 gnuself

I am having the same issue with my key.

▶ INFO Bundle unlocked: 7502F475E7B6CCB9 ▶ ERROR key generation error: bad signature: Unknown signature subpacket: 33 (error 1002)

Dec 05 '16 16:12 K0HAX

Ok we will hopefully get to it soon.

On Mon, Dec 5, 2016 at 10:47 AM Michael Englehorn [email protected] wrote:

I am having the same issue with my key.

▶ INFO Bundle unlocked: 7502F475E7B6CCB9 ▶ ERROR key generation error: bad signature: Unknown signature subpacket: 33 (error 1002)

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/keybase/keybase-issues/issues/2668#issuecomment-264907023, or mute the thread https://github.com/notifications/unsubscribe-auth/AA05_4L2KS0cds5pnOKbPql_W7woXHuNks5rFEAogaJpZM4K0Qdh .

Dec 05 '16 16:12 maxtaco

I also have this issue :( gpg (GnuPG) 2.1.16 libgcrypt 1.7.3-beta

Dec 05 '16 22:12 tmarble

One year later, I have the same error when trying to import private key generated by gpg.

$ gpg --version gpg (GnuPG) 2.2.3 libgcrypt 1.8.1

Is this project still being developed?

Dec 10 '17 17:12 jetibest

@jetibest it works for me at the minute with follow/unfollow operations:

gpg (GnuPG) 2.2.2
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/__USER_NAME__/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Dec 11 '17 11:12 andrewhowdencom

We fixed this issue a while ago. @jetibest what exactly isn't working?

Dec 11 '17 13:12 maxtaco

@maxtaco I am now using javascript to generate the keypair, but I also made other radical changes to my code. Therefore it's hard to reproduce, but I'm sure it was my own mistake. However, the given error message could still wrong imo.

Dec 11 '17 17:12 jetibest

OK, i'm pretty sure this works for people using the Website and the Go client. If there are STR this bug, we can look further into it. And yes, the project is still being maintained, you'll see that our Github projects are very active

Dec 11 '17 17:12 maxtaco

@maxtaco Well, I think I know what is the problem. have just faced that.

None of the readers above mentioned new versions of gpg of use ECC instead of RSA.
The armor format of ED25519 looks different than RSA.
Welcome to help, if you need.

limakzi@46b15d13-2c92-47da-b05f-d93463d2f875 ~ % gpg --version
gpg (GnuPG) 2.3.1
libgcrypt 1.9.3
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/limakzi/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
limakzi@46b15d13-2c92-47da-b05f-d93463d2f875 ~ %

---------------------------------
sec   ed25519 2021-05-22 [SC] [expires: 2022-05-22]
      8C76B93043D07153E499BCC1615DED8F22BF73D1
uid           [ultimate] Kamil zabielski <[email protected]>
ssb   cv25519 2021-05-22 [E] [expires: 2022-05-22]

limakzi@46b15d13-2c92-47da-b05f-d93463d2f875 ~ % gpg --full-gen-key 
gpg (GnuPG) 2.3.1; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)
  (14) Existing key from card
Your selection?

It seems to be identical to https://github.com/keybase/keybase-issues/issues/4025.

May 22 '21 09:05 limakzi

You may want to check if this is now fixed via https://github.com/keybase/kbpgp/pull/223

Sep 17 '25 16:09 fleish