Skip to content

sqop verify can't handle multiple certificates in a CERTS ("Invalid data type")

In the stateless openpgp draft, a KEY stream contains exactly one OpenPGP secret key, a CERTS stream contains 0 or more OpenPGP certificates.

However, sqop verify fails when presented with a CERTS stream with more than one certificate in it:

echo test > test.txt
for x in alice bob; do
  sqop generate-key $x > $x.key 
  sqop extract-cert < $x.key > $x.pgp
done
# make an ASCII-armored "keyring" with both alice and bob:
(sqop dearmor < alice.pgp && sqop dearmor < bob.pgp) | sqop armor > certs.pgp
sqop sign alice.key < test.txt > test.txt.asc
sqop verify test.txt.asc alice.pgp < test.txt
sqop verify test.txt.asc certs.pgp < test.txt

the final command yields:

           Failed to load key from file "certs.pgp"
  because: Invalid data type

note that sqv does treat this CERTS stream as a legitimate keyring:

0 $ sqv test.txt.asc test.txt --keyring certs.pgp
FBE0129DD3AF9F7DC198B5BF532C64E65C1B38AE
0 $
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information