-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/openpgp: tag byte does not have MSB set but gpg decrypts it #29082
Comments
On the Helm project: (helm/helm#2843) I think they @technosophos found a potential cause. There is a new keyring format for gnupg 2.1: https://gnupg.org/faq/whats-new-in-2.1.html#keybox |
Following up here, I was getting this error due to using ReadKeyRing when I should have been using ReadArmoredKeyRing. The key format has changed though, so it may be that as well. |
I don't think @jmataa and I have the same issue, while the error is the same, from my sample code, the error you get would be at:
but in my case it is at
And note that using the same code and key I can decrypt many other files just fine, but this one vendor sends me these files that cause issues. But I'm still getting into the details of the pgp format so maybe I'm missing something |
@FiloSottile I found the problem! a keyring can be in two formats, binary or armored, and we have two functions to read each, The pgp file we get from this one company, is also armored, where all the previous files from other companies we have been getting were in binary format. But, we don't have a Right now I create a This works for our use case and maybe you would want to close this ticket, but, would you be ok accepting a CL that:
Thanks. |
It also took some hours (!) for me to figure out, I have to export the secret key to the old format.. |
Why not have |
+1 |
Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed. If this is a security issue, please email [email protected] and we will assess it and provide a fix. If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here. If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one. |
golang/go#29082 (comment) however it looks like https://jedisct1.github.io/minisign/ and http s://github.com/jedisct1/go-minisign work
Internal openpgp implementation without gpg1 installed now fails due to golang/go#29082, and that's unlikely going to be addressed ever, because x/crypto/openpgp has been deprecated as stated in golang/go#44226. While aptly can still be used on legacy environments, marking the dependency inbetween and declare the obsolete status instead. Signed-off-by: You-Sheng Yang <[email protected]>
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
We use this function to decrypt files we get from different companies, only files from one company fail, all others decrypt fine.
What did you expect to see?
No error and a decrypted zip file, which is what the command line gpg does
What did you see instead?
the error:
tag byte does not have MSB set
More details.
I brought this up on the mailing list
https://groups.google.com/d/topic/golang-nuts/-bBXt-0nVT4/discussion
but I'll paste more details here:
Part of the verbose output from gpg when it decrypts it is:
The text was updated successfully, but these errors were encountered: