Werner Koch wk at
Wed Feb 6 14:38:02 CET 2002

On Fri, 1 Feb 2002 17:54:12 +0100, Stephane Corthesy said:

> When enumerating keys: the "secret" attribute is retrieved only if  
> we enumerate secret keys! If we enumerate all keys, the attribute  
> "secret" is always set to 0.

Correct.  This _might_ change in future but you should not rely on
this.  If you want a listing of the secret keys you should list the
secret keys (e.g. for deciding which key to use for signing).  For
most tasks you don't need the secret key.

> I also discovered a strange thing with gpg (1.0.6):
> My PGP key has 2 uids; if I display them with gpg --list-secret-keys  
> or --list-keys, main uid is not the same (swapped).

The UIDs listed with --list-secret-keys are just for convenience.  It
needs a lot of code to keep them in sync with the ones on the public
keyring.  So the latest snapshots don't care anymore about packets on
the secret keyring and instead do some merging with the public key

> About secret keys again: can a subkey be secret without the main key  
> being secret?

You should get away from the need to know wether a key is secret or
not.  The only relevant information is whether a key is capable of
signing or decrypting.  A secret is a secret is a secret :-)
Eventually all secret key[*] handling will be done by gpg-agent and there
will be no way for an application (except for special tools) to cope
with a secret key.

> I'm suspecting two other problems (I need to check again):
> gpgme_op_decrypt(): doesn't return an error if no valid passphrase  
> is given
> gpgme_op_encrypt(): doesn't return an error if no recipient is  
> trusted, but encrypts nothing

Be prepared to get some errors after this has been fixed.

> Thanks for having written all the doc! It's been very helpful, and I  
> could finally document a little bit the ObjC wrapper :-)

That belongs to Marcus of course.


[*] When I talk about a secret key I usually mean the private keys of
a public keypair.  For conventional encryption a passphrase callback
is still needed to automate some applications.

Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus

More information about the Gnupg-devel mailing list