Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsupported: "Unsupported key version 47" #344

Open
Ziris85 opened this issue Apr 13, 2024 · 1 comment
Open

Unsupported: "Unsupported key version 47" #344

Ziris85 opened this issue Apr 13, 2024 · 1 comment
Labels
question

Comments

@Ziris85
Copy link

Ziris85 commented Apr 13, 2024

Hello! I've been attempting to set up a simple function for doing signature verification with this crate, and have been struggling a bit with it. I'm presently just testing with the Ubuntu archive key and doing verification with the Release files. However, my current method for attempting to define a PublicKey struct seems to be complaining about the version. Right now I'm doing:

pub fn verify_gpg_signature(public_key: &[u8], original_file: &str, signature: &[u8]) -> Result<(), String> {
    // Parse the public key
    let public_key = PublicKey::from_slice(pgp::types::Version::New, public_key).map_err(|e| format!("Error parsing public key: {}", e))?;

This is being passed as:

verify_gpg_signature(b"/home/me/Downloads/ubuntu-keyring-2018-archive.gpg", ...

Running my function fails to parse it with a weird version number:

Error parsing public key: Unsupported: "Unsupported key version 47"

I'm not sure where it's getting that version from? According to this, it's version 4:

file ~/Downloads/ubuntu-keyring-2018-archive.gpg
/home/me/Downloads/ubuntu-keyring-2018-archive.gpg: OpenPGP Public Key Version 4, Created Mon Sep 17 15:01:46 2018, RSA (Encrypt or Sign, 4096 bits); User ID; Signature; OpenPGP Certificate

Maybe I'm passing the file to the function in the wrong way? I would appreciate any guidance here! Thank you!
@hko-s
Copy link
Contributor

hko-s commented Apr 13, 2024

I think you're using pgp::packet::PublicKey? If so, this fails because that is the wrong type for the data you're trying to load. In OpenPGP, the term "key" is very overloaded. This text is an attempt to clarify terms, a bit:

https://openpgp.dev/book/certificates.html#layers-of-keys-in-openpgp

The data you're attempting to load is point 3 in this list (an "OpenPGP certificate"), while PublicKey is for point 2 (a "component key", that is: a "primary" or an individual "subkey").

You probably want to load the "certificate" data into a pgp::composed::signed_key::SignedPublicKey.

(However, note that rpgp is a low level library. While it's doing an excellent job at what it does, it's generally tricky to work with OpenPGP objects at a low level. For example: in a general case, with a certificate that has many subkeys, some of which may be revoked, it's non-trivial to find out which are actually valid for verifying a data signature.
I'm experimenting on a higher level wrapper around rpgp, see: https://crates.io/crates/rpgpie, which will hopefully make operations such as data signature verification easy and safe to perform. However, for now the rpgpie API is still far from stabilized, or well documented)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dignifiedquire @Ziris85 @hko-s