"gpg --check-trustdb" fails with a keyring which worked before gnupg was updated to 1.4.2-r2, with: gpg: mpi larger than indicated length (2 bytes) gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring Unfortunately, there's not enough diagnostics, even with --debug-all, to determine which key causes the problem, but it's actually a known gnupg bug. One of the gnupg developers has provided a fix. Reproducible: Always Steps to Reproduce: 1. gpg --check-trustdb or gpg --list-keys 2. 3. Actual Results: [many fine keys, then:] gpg: mpi larger than indicated length (2 bytes) gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring Expected Results: Listed all of the keys. David Shaw has provided a patch: http://marc.theaimsgroup.com/?l=gnupg-devel&m=112554412404623&w=2 There's an attachment there, patching gnupg-1.4.2/mpi/mpicoder.c (but without the path information) to fix this problem. After munging that into an ebuild, I now have a gpg which works.
interesting how its not in the cvs. grr - still looking.
debian unstable uses same patch. added to gnupg-1.4.2-r3. Thanks Phil
Phil I'm assuming this was a new bug in 1.4.2 that didn't exist in 1.4.1?
Correct; had 1.4.1 installed until 2005-11-23. Under 1.4.1, some keys would be refused as part of --recv-key, with a similar error, but everything which made it past that check onto my public keyring would be fine. Thanks for the prompt fix.
I had pretty much the same problem with 1.4.2-r2: gpg: mpi larger than indicated length (2 bytes) gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring I confirm it wasn't there in 1.4.1, and that upgrading to 1.4.2-r3 resolved the problem admirably :)