diff options
| author | Werner Koch <[email protected]> | 2011-04-26 18:33:46 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2011-04-26 18:39:09 +0000 |
| commit | 817f07173cda59565c179bde6c3edcf2508bbc98 (patch) | |
| tree | c6aa504d8e1154f23ebbdc2f544703de21ec962b /agent/cvt-openpgp.c | |
| parent | Fix regression in gpg's mail address parsing. (diff) | |
| download | gnupg-817f07173cda59565c179bde6c3edcf2508bbc98.tar.gz gnupg-817f07173cda59565c179bde6c3edcf2508bbc98.zip | |
Fixed regression in OpenPGP secret key export.
The protection used in the exported key used a different iteration
count than given in the S2K field. Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again. Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
Diffstat (limited to 'agent/cvt-openpgp.c')
| -rw-r--r-- | agent/cvt-openpgp.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 1595a324b..0f3172894 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -1046,7 +1046,10 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, gcry_create_nonce (protect_iv, sizeof protect_iv); gcry_create_nonce (salt, sizeof salt); - s2k_count = get_standard_s2k_count (); + /* We need to use the encoded S2k count. It is not possible to + encode it after it has been used because the encoding procedure + may round the value up. */ + s2k_count = get_standard_s2k_count_rfc4880 (); err = apply_protection (array, npkey, nskey, passphrase, GCRY_CIPHER_AES, protect_iv, sizeof protect_iv, 3, GCRY_MD_SHA1, salt, s2k_count); |