View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001455||Main CAcert Website||GPG/PGP||public||2019-01-09 01:10||2020-10-31 13:25|
|Product Version||2015 Q3|
|Summary||0001455: CAcert cannot recognize or sign GPG/PGP keys with EdDSA public keys|
|Description||I finally created a new keypair with the newest version of GnuPG, and I used the EdDSA algorithm. However, CAcert cannot parse it. While it uploaded successfully, it's been stuck on "pending" for a while. Additionally, the expiration date shows as "0000-00-00 00:00:00."|
|Steps To Reproduce||1. Create a new EdDSA key with the command: gpg --full-generate-key|
2. Upload it to CAcert in hopes of getting it signed.
|Additional Information||I have not tested this with ECDSA, ECDH, or ElGamal keys. However, I'd wager that support for those newer types are also lacking.|
I tagged this as minor/normal but as the new version of GnuPG trickles out, this may turn into a major/high issue.
|Tags||No tags attached.|
||It's just a wild guess, but I assume that the version of GPG which is installed on the signer is a bit too old to know the new algorithms, does this sound plausible?|
||That's probably it. Support for ECDH, ECDSA, and EdDSA keys were added in GnuPG 2.1.|
||I stumbled upon this bug today, too. A fresh GPG key with Elliptic Curves cannot be signed, it is pending forever. A RSA key does work.|
Signing "RSA key does work."
I wonder if that is still true, though.
I just signed my RSA key today, and when checking the signature in GPGWin it comes back as "Invalid digest Algorithm" where it should say who signed it.
|2019-01-09 01:10||colincogle||New Issue|
|2019-01-09 15:48||Ted||Note Added: 0005731|
|2019-01-09 17:39||colincogle||Note Added: 0005732|
|2019-12-03 07:51||SaT||Note Added: 0005856|
|2020-10-31 13:25||NoSubstitute||Note Added: 0005914|
|2020-10-31 13:25||NoSubstitute||File Added: 2020-10-31 142414-CAcert_signed_GPG_key-Invalid_digest_algorithm.png|