Quantcast

[2.1.19] --list-secret-keys not # marking unavailable subkeys?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[2.1.19] --list-secret-keys not # marking unavailable subkeys?

Danielle McLean
Hi, I'm using GnuPG 2.1.19 on a Mac with a smartcard (a YubiKey NEO)
holding my regularly-used subkeys - some of my keys are actually in my
secret keyring, but others are only stubs. When I run gpg --card-status,
each secret key is correctly marked with # when it's unavailable or >
when it's stored on my smartcard. For example:

$ gpg --card-status | sed -n '/General key info/,$p'

General key info..: sub  rsa2048/3844A6973C6058F1 2017-04-05 Danielle
McLean <[hidden email]>
sec#  rsa4096/27D076D2ACA7BABE  created: 2017-04-03  expires: never
ssb#  rsa4096/5A5D2D1AFF12EEC5  created: 2017-04-04  expires: 2018-04-04
ssb#  rsa4096/D2081794136A2F3E  created: 2017-04-04  expires: 2018-04-04
ssb>  rsa2048/3844A6973C6058F1  created: 2017-04-05  expires: 2018-04-05
                                card-no: 0006 05312011
ssb   rsa2048/9D50913E336B08C1  created: 2017-04-05  expires: 2018-04-05
ssb>  rsa2048/9EC155D34F33D648  created: 2017-04-05  expires: 2018-04-05
                                card-no: 0006 05312011

The above information is correct - I have the subkeys 3C6058F1 and
4F33D648 stored on my smartcard,
the subkey 336B08C1 stored in my secret keyring, and the other secret
keys aren't available. However, when I run gpg --list-secret-keys, the #
marker doesn't appear on unavailable subkeys:

$ gpg -K ACA7BABE
sec#  rsa4096 2017-04-03 [C]
      83F3DCEC98D522B6A38AF5D927D076D2ACA7BABE
uid           [ultimate] Danielle McLean <[hidden email]>
ssb   rsa4096 2017-04-04 [S] [expires: 2018-04-04]
ssb   rsa4096 2017-04-04 [A] [expires: 2018-04-04]
ssb>  rsa2048 2017-04-05 [S] [expires: 2018-04-05]
ssb   rsa2048 2017-04-05 [E] [expires: 2018-04-05]
ssb>  rsa2048 2017-04-05 [A] [expires: 2018-04-05]

It's very confusing, as it seems to indicate my secret keyring contains
keys that it definitely doesn't. Why the inconsistency? Can I somehow
reconfigure GnuPG so that the --list-secret-keys output includes the
missing information?

Thanks!


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [2.1.19] --list-secret-keys not # marking unavailable subkeys?

Werner Koch
Hi!

On Thu,  6 Apr 2017 14:21, [hidden email] said:

> It's very confusing, as it seems to indicate my secret keyring contains
> keys that it definitely doesn't. Why the inconsistency? Can I somehow

Good catch. Thanks.

There is a stupid bug in the code:

--8<---------------cut here---------------start------------->8---
               if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
                 secret = serialno? 3 : 1;
               else
-                secret = '2';  /* Key not found.  */
+                secret = 2;  /* Key not found.  */
--8<---------------cut here---------------end--------------->8---

I just pushed a fix to the repo.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

attachment0 (233 bytes) Download Attachment
Loading...