Fixed regression in OpenPGP secret key export.

The protection used in the exported key used a different iteration count than given in the S2K field. Thus all OpenPGP keys exported from GnuPG 2.1-beta can't be imported again. Given that the actual secret key material is kept in private-keys-v1.d/ the can be re-exported with this fixed version.
2025-07-03 22:56:33 +02:00 · 2011-04-26 20:33:46 +02:00 · 2011-04-26 20:33:46 +02:00 · 817f07173c
commit 817f07173c
parent 5da12674ea
7 changed files with 53 additions and 6 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,8 @@
+2011-04-26  Werner Koch  <wk@g10code.com>
+
+	* export.c (transfer_format_to_openpgp): Do not apply
+	encode_s2k_iterations to S2K_COUNT.
+
 2011-04-25  Werner Koch  <wk@g10code.com>

 	* delkey.c (do_delete_key): Mark classify_user_id for use with
--- a/g10/export.c
+++ b/g10/export.c
@ -626,10 +626,9 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
    }

  /* Do some sanity checks.  */
-  if (s2k_count <= 1024)
+  if (s2k_count > 255)
    {
-      /* The count must be larger so that encode_s2k_iterations does
-         not fall into a backward compatibility mode.  */
+      /* We expect an already encoded S2K count.  */
      err = gpg_error (GPG_ERR_INV_DATA);
      goto leave;
    }
@ -682,7 +681,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
  ski->s2k.hash_algo = s2k_algo;
  assert (sizeof ski->s2k.salt == sizeof s2k_salt);
  memcpy (ski->s2k.salt, s2k_salt, sizeof s2k_salt);
-  ski->s2k.count = encode_s2k_iterations (s2k_count);
+  ski->s2k.count = s2k_count;
  assert (ivlen <= sizeof ski->iv);
  memcpy (ski->iv, iv, ivlen);
  ski->ivlen = ivlen;