keybase
ERROR key generation error: Unknown signature subpacket: 34 (error 905), gpg (GnuPG) 2.3.1 libgcrypt 1.9.3
While importing pgp key, the command below is generating this error:
keybase pgp select
Please refer to line number: 120 common/openpgpdefs.h as of gnupg-2.3.1
SIGSUBPKT_PREF_AEAD = 34, /* Preferred AEAD algorithms. */
Does Keybase not support Ed25519 OpenPGP keys?
I get this error when trying to add a new public key. I don't understand why the error message mentions "key generation". I don't need Keybase to generate a key. I need it to spit out a statement for me to sign.
Same issue here when attempting to import ed25519 OpenPGP generated key using keybase pgp select --import
I managed to workaround this issue by removing the preferred AEAD algorithms from the public key. Not sure if there's an better way to do it, but the setpref subcommand of gpg --edit-key works. You basically have to run showpref, then copy the whole list except for AEADs (and Uncompressed/Features, which are both implied) into a new setpref command, like this:
% gpg --edit-key mykey
gpg> showpref
[ultimate] (1). mykey
Cipher: AES256, AES192, AES, 3DES
AEAD: OCB, EAX
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, AEAD, Keyserver no-modify
gpg> setpref AES256 AES192 AES 3DES SHA512 SHA384 SHA256 SHA224 SHA1 ZLIB BZIP2 ZIP
Set preference list to:
Cipher: AES256, AES192, AES, 3DES
AEAD:
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
Really update the preferences? (y/N) y
Unfortunately, this is not working for me.
I modified my public key as @markdascher suggested.
% gpg --edit-key B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B
[... do the thing ...]
% gpg --edit-key B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B
[...]
gpg> showpref
[ultimate] (1). Philip Paeps <[email protected]>
Cipher: AES256, AES192, AES, 3DES
AEAD:
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
[ultimate] (2) Philip Paeps <[email protected]>
Cipher: AES256, AES192, AES, 3DES
AEAD:
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
I verified that the AEAD prefs were actually gone by comparing the output of gpg --list-packets before and after:
% diff -u pubkey.asc.txt pubkey-no-aead.asc.txt
--- pubkey.asc.txt 2021-06-23 13:02:50.000000000 +0800
+++ pubkey-no-aead.asc.txt 2021-06-23 13:18:58.000000000 +0800
@@ -5,39 +5,37 @@
keyid: BB6D8A14AFE7D96B
:user ID packet: "Philip Paeps <[email protected]>"
:signature packet: algo 22, keyid BB6D8A14AFE7D96B
- version 4, created 1621924124, md5len 0, sigclass 0x13
- digest algo 10, begin of digest 91 fe
+ version 4, created 1624424244, md5len 0, sigclass 0x13
+ digest algo 10, begin of digest 13 22
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 9 len 4 (key expires after 2y37d5h32m)
+ hashed subpkt 23 len 1 (keyserver preferences: 80)
+ hashed subpkt 25 len 1 (primary user ID)
+ hashed subpkt 33 len 21 (issuer fpr v4 B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B)
+ hashed subpkt 2 len 4 (sig created 2021-06-23)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
- hashed subpkt 34 len 2 (pref-aead-algos: 2 1)
hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
- hashed subpkt 30 len 1 (features: 07)
- hashed subpkt 23 len 1 (keyserver preferences: 80)
- hashed subpkt 33 len 21 (issuer fpr v4 B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B)
- hashed subpkt 2 len 4 (sig created 2021-05-25)
- hashed subpkt 25 len 1 (primary user ID)
+ hashed subpkt 30 len 1 (features: 05)
subpkt 16 len 8 (issuer key ID BB6D8A14AFE7D96B)
data: [256 bits]
- data: [256 bits]
+ data: [255 bits]
:user ID packet: "Philip Paeps <[email protected]>"
:signature packet: algo 22, keyid BB6D8A14AFE7D96B
- version 4, created 1621924146, md5len 0, sigclass 0x13
- digest algo 10, begin of digest c7 b2
- hashed subpkt 33 len 21 (issuer fpr v4 B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B)
- hashed subpkt 2 len 4 (sig created 2021-05-25)
+ version 4, created 1624424254, md5len 0, sigclass 0x13
+ digest algo 10, begin of digest 8f e8
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 9 len 4 (key expires after 2y37d5h32m)
+ hashed subpkt 23 len 1 (keyserver preferences: 80)
+ hashed subpkt 33 len 21 (issuer fpr v4 B851CD3AC248F2ED3E2CC18CBB6D8A14AFE7D96B)
+ hashed subpkt 2 len 4 (sig created 2021-06-23)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
- hashed subpkt 34 len 2 (pref-aead-algos: 2 1)
hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
- hashed subpkt 30 len 1 (features: 07)
- hashed subpkt 23 len 1 (keyserver preferences: 80)
+ hashed subpkt 30 len 1 (features: 05)
subpkt 16 len 8 (issuer key ID BB6D8A14AFE7D96B)
- data: [253 bits]
- data: [255 bits]
+ data: [256 bits]
+ data: [256 bits]
:public sub key packet:
version 4, algo 22, created 1621924204, expires 0
pkey[0]: [80 bits] ed25519 (1.3.6.1.4.1.11591.15.1)
Selecting that key from keybase select pgp --multi still returns the same error:
▶ ERROR key generation error: Unknown signature subpacket: 34 (error 905)
@ppaeps I ran into this just before when I added another uid via adduid using GnuPG on a key generated with Keybase; the answer in your case might be to remove any additional "Features" listed in the preferences. I couldn't find a list of feature switches from a quick google, but for me what worked was to append ks-modify no-mdc to the end of the preference string.
Example:
gpg --expert --edit-key YOURKEYID
gpg> setpref AES AES256 CAST5 3DES SHA256 SHA512 SHA1 RIPEMD160 ZIP ZLIB ks-modify no-mdc
Set preference list to:
Cipher: AES, AES256, CAST5, 3DES
AEAD:
Digest: SHA256, SHA512, SHA1, RIPEMD160
Compression: ZIP, ZLIB, Uncompressed
Really update the preferences? (y/N) y
gpg> save
And then I was able to keybase pgp update.
I have the same issue, but the fix that worked for @ppaeps is not working for me:
To try to fix, I did this:
setpref AES256 AES192 AES 3DES OCB EAX SHA512 SHA384 SHA256 SHA224 SHA1 ZLIB BZIP2 ZIP Uncompressed MDC ks-modify no-mdc
The pref set is accepted, I accept (y), quit and save. Then did keybase pgp update.
Still the same error when I try to select that key for keybase pgp select. It's on a YubiKey that's plugged into the computer.
More info:
gpg> showpref
[ultimate] (1). foobar (batbaz) <[email protected]>
Cipher: AES256, AES192, AES, 3DES
AEAD: OCB, EAX
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: AEAD
gpg>
As a side note, I could not add "AEAD" in the prefs list, for it complained that it is an invalid option. But it always appears under "fetaures". Prior to the set, I had "Keyserver no-modify" (which I don't care about), and after the set, it is gone.
@nottoseethesun You want to remove the AEAD prefs from your list, so your setpref line should read:
setpref AES256 AES192 AES 3DES SHA512 SHA384 SHA256 SHA224 SHA1 ZLIB BZIP2 ZIP Uncompressed ks-modify no-mdc
As I understand it, the Features: line shows up automatically and lists AEAD if any AEAD forms (e.g. OCB, EAX) appear in the cipher preference list. Likewise, it'll list MDC unless ks-modify no-mdc is given, as suggested by @chloeruka.
@nottoseethesun Note that these manipulations shouldn't affect your YubiKey in any way. As I understand it, the preferences are part of the public key and your YubiKey really only cares about private keys. Having said that, it's been a while since I looked closely at OpenPGP.
Before uploading my public key anywhere (either with Keybase or anything else), I always very carefully check with gpg --list-packets what has changed. I like to store my public keys in Git and have this snippet in my .gitconfig:
[diff "asc"]
textconv = "f(){ gpg --list-packets < \"$1\" | grep -v \"^# off=\"; }; f"
The output of that is very slightly more lucid than a big blob of base64. ;-)
I only uploaded public key with the modified cipher preference list to Keybase. Other sources of my public key have the previous preference list (i.e. the defaults as set by GnuPG when I generated the key). So far, this doesn't seem to have upset the delicate balance of the universe.
@ppaeps Thanks; got rid of AEAD as you suggested and now this key is working great with Keybase.
Can anyone give a short overview of the implications of changing the default settings as suggested by the current workaround? (Or a link to such documentation---google has pulled up many scattered and incomplete results, but nothing definitive).
I did find a gist that suggests that "reasonably secure defaults" are no-ks-modify and mdc, but I still don't know what these actually do.
@ppaeps I ran into this just before when I added another uid via
adduidusing GnuPG on a key generated with Keybase; the answer in your case might be to remove any additional "Features" listed in the preferences. I couldn't find a list of feature switches from a quick google, but for me what worked was to appendks-modify no-mdcto the end of the preference string.Example:
gpg --expert --edit-key YOURKEYID gpg> setpref AES AES256 CAST5 3DES SHA256 SHA512 SHA1 RIPEMD160 ZIP ZLIB ks-modify no-mdc Set preference list to: Cipher: AES, AES256, CAST5, 3DES AEAD: Digest: SHA256, SHA512, SHA1, RIPEMD160 Compression: ZIP, ZLIB, Uncompressed Really update the preferences? (y/N) y gpg> saveAnd then I was able to
keybase pgp update.
This worked perfectly, thanks dude!
On 2022-02-08 01:38:57 (+0800), Kevin Song wrote:
Can anyone give a short overview of the implications of changing the default settings as suggested by the current workaround? (Or a link to such documentation---google has pulled up many scattered and incomplete results, but nothing definitive).
The ks-modify option controls the No-Modify key server preference
specified in RFC 4880 section
5.2.3.17.
In practice I think it means key servers should reject updates that
are not accompanied by a self-signature. This bit is irrelevant for
Keybase since it needs you to authenticate to update/modify your key.
Keybase doesn't support something like "gpg --send-key" which would
allow arbitrary updates to your key.
The no-mdc option will clear the Modification Detection feature flag on the public key. This is in RFC 4880 section 5.2.3.24. Clearing that bit might cause some OpenPGP implementations to mistakenly determine that your OpenPGP implementation doesn't support MDC, an integrity protection mechanism that defies any attempts at a short overview. The practical implication is that you might get encrypted messages without integrity protection bits. If those messages are not also signed, they may have been modified after being encrypted.
Note that if you only clear these bits on the public key you upload to Keybase, they only affect people who get your public key from there. If they subsequently get an update to your key from somewhere else, they may see the mdc and ks-no-modify bits (and the AEAD prefs). Moreover, implementations may decide to use MDC even in the absence of the feature flag on the latest self-signature.
Recent versions of GnuPG will always use MDC if AEAD is not available.
GnuPG has also warned about missing integrity protection for years.
More recent versions of GnuPG will refuse to decrypt by default if there
is no integrity protection.
To summarise the summary, I believe that clearing these bits is probably harmless under most circumstances. You can further mitigate any downsides by only clearing the bits on the copy of the public key you upload to Keybase and providing other ways for people to get your public key (e.g. WKD or other keyservers).
I just wanted to add that I was able to leave MDC in (I did not set no-mdc). From @ppaeps comment, it seemed like it would be nice to check.
I also confirmed that having both OCB and EAX failed, as well as EAX and not OCB. I didn't try OCB only since it seemed unlikely to work.
I also did not try to omit ks-modify
I just had issues with this, AEAD was set to nothing, yet I could see subpkt 34 when I listed out the packets.
My issue was because I renew my keys every 3 months, I have a lot of signatures of my keys. Where one of the older ones might've had AEAD set to something.
To see old signatures, you can run the following
gpg --list-signatures <MY_KEY_ID>
And to remove old signatures, you run this. Which will remove old signatures.
gpg --edit-key <MY_KEY_ID>
gpg> minimize
gpg> save
does anyone have a fix? I've been having this issue for like a year now. How do I fix this?
does anyone have a fix? I've been having this issue for like a year now. How do I fix this?
have any of the above methods worked for you?
[chloeruka] proposed a work around. many comments afterwards are experiences about other options and workarounds. If you need more help, it would be useful to know what you've tried.
I too have observed that Key Pairs created on gpg4win do not work on OpenKeyChain and Key Pairs created on OpenKeyChain do not work on gpg4win.
I understand that in order to be secure there has to be a Robust process to key creation, export, import, encryption, and decryption; however, I am relatively computer literate and I have found this attempt at cross platform file sharing, (Windows to Android and Android to Windows) to be extremely frustratingly difficult. The average Windows and Android user would not even try this again after the problem is fixed. If software developers hope to see their products used by more than a small cadre of coders, there has to be a more streamlined method for sharing keys between pc and smartphone.
Please fix this issue as soon as practicable.
Many thanks.
Ok, this worked for me. This is trying to follow what was specified above.; Thanks for the help, and corrections would be appreciated.
# keybase login
[...]
# gpg -k --keyid-format SHORT
/Users/jcool/.gnupg/pubring.kbx
--------------------------------
pub rsa4096/99999999 2022-01-01 [SC]
[...]
# gpg --edit-key 99999999 # part right after the `rsa9999/` bit
gpg> pref
[ultimate] (1). Joe Cool <[email protected]>
S9 S8 S7 S2 A2 H10 H9 H8 H11 H2 Z2 Z3 Z1 [mdc] [aead] [no-ks-modify]
gpg> showpref
[ultimate] (1). Joe Cool <[email protected]>
Cipher: AES256, AES192, AES, 3DES
AEAD: OCB
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, AEAD, Keyserver no-modify
gpg> setpref AES256 AES192 AES 3DES SHA512 SHA384 SHA256 SHA224 SHA1 ZLIB BZIP2 ZIP Uncompressed mdc no-ks-modify
Set preference list to:
Cipher: AES256, AES192, AES, 3DES
AEAD:
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
Really update the preferences? (y/N) y
gpg> quit
Save changes? (y/N) y
# keybase pgp select --import
- The
prefshows the defaults. No surprise, those are the values used in the current keys. (possibly a little cryptic) - The
setprefvalue to use is the current values with theOCB/AEADvalues removed. - The MDC and
no-ks-modifyare auto added (per thepref) unless you pass in theno-mdcorks-modifyrespectively. - Calling
setprefwith no values will set to the default, probably the value you had before.
Thanks for the help, and corrections would be appreciated.
This worked perfectly on my gpg4win & Windows 11 combo.
Note
You forgot the Uncompressed feature in the Compression list (not sure if it matters or not?), but just adding it between ZIP and mdc worked perfectly fine.
setpref AES256 AES192 AES 3DES SHA512 SHA384 SHA256 SHA224 SHA1 ZLIB BZIP2 ZIP Uncompressed mdc no-ks-modify
Thanks @chloeruka!
Your recommendation worked! Was almost tempted to crash into a wall before reading this!
Ok, this worked for me. This is trying to follow what was specified above.; Thanks for the help, and corrections would be appreciated.
# keybase login [...] # gpg -k --keyid-format SHORT /Users/jcool/.gnupg/pubring.kbx -------------------------------- pub rsa4096/99999999 2022-01-01 [SC] [...] # gpg --edit-key 99999999 # part right after the `rsa9999/` bit gpg> pref [ultimate] (1). Joe Cool <[email protected]> S9 S8 S7 S2 A2 H10 H9 H8 H11 H2 Z2 Z3 Z1 [mdc] [aead] [no-ks-modify] gpg> showpref [ultimate] (1). Joe Cool <[email protected]> Cipher: AES256, AES192, AES, 3DES AEAD: OCB Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, AEAD, Keyserver no-modify gpg> setpref AES256 AES192 AES 3DES SHA512 SHA384 SHA256 SHA224 SHA1 ZLIB BZIP2 ZIP mdc no-ks-modify Set preference list to: Cipher: AES256, AES192, AES, 3DES AEAD: Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify Really update the preferences? (y/N) y gpg> quit Save changes? (y/N) y # keybase pgp select --import
- The
prefshows us the defaults. No surprise, those are the values used in my keys. (possibly a little cryptic)- The
setprefvalue to use is basically the current values, just with none of theAEADvalues.- The MDC and
no-ks-modifyare auto added (per ourpref) unless we pass in theno-mdcorks-modifyrespectively.- just calling
setprefwithout any args will set to the default, probably the value you had before.
can confirm this worked for me, thanks!
For what it's worth: the incantation in my comment in this discussion from 2021-07-27 still works as of 2023-05-08 (and is still required to work around the issue).
I also get ERROR key generation error: Unknown signature subpacket: 34 (error 905) after running keybase pgp select --import. Has this been fixed?
