> + Bad Signature: > + Version: 4 > + Type: SubkeyBinding > + Pk algo: RSA > + Hash algo: SHA256 > + Hashed area: > + Signature creation time: 2025-02-25 05:18:24 UTC > (critical) > + Issuer: 39CB544D6527CF60 > + Nicolas Pitre <n...@fluxnic.net> > (UNAUTHENTICATED) > + Notation: s...@notations.sequoia-pgp.org > + 00000000 1a 30 59 f3 ea fd 72 88 a3 2b 5e a5 > 1b e2 43 bd > + 00000010 89 d8 f6 37 92 11 28 a5 50 8d b1 af > c8 e9 16 48 > + Key flags: S > + Embedded signature: (critical) > + Version: 4 > + Type: PrimaryKeyBinding > + Pk algo: RSA > + Hash algo: SHA256 > + Hashed area: > + Signature creation time: 2025-02-25 > 05:18:24 UTC (critical) > + Issuer: 7F4A62820BF463B7 > + Nicolas Pitre <n...@fluxnic.net> > (UNAUTHENTICATED) > + Notation: s...@notations.sequoia-pgp.org > + 00000000 d8 bd 36 7c ef bd c5 da 85 b8 > f7 02 5d 3b 81 28 > + 00000010 1b b8 e1 68 40 15 89 ec b5 8b > f0 eb d4 bb b0 f4 > + Issuer Fingerprint: > E582CAEAF7CBA7AA04344A927F4A62820BF463B7 > + Nicolas Pitre <n...@fluxnic.net> > (UNAUTHENTICATED) > + Digest prefix: 4CA6 > + Level: 0 (signature over data) > + Digest prefix: DB75 > + Level: 0 (signature over data)
It does look like only this signature is getting corrupted; replacing that one in the hokey output with the original packet makes `sq inspect` happier. My suspicion is that something is horribly wrong with the reserialization of the hashed embedded signature subpacket.
