Any word on the bug?

David Shaw dshaw at
Wed Jun 25 07:31:02 CEST 2003

Hash: SHA1

On Tue, Jun 24, 2003 at 11:10:45PM -0500, Robert J. Hansen wrote:
> >Which bug is this?  If you are referring to the validity information
> >being strange in --list-secret-keys listings, then the answer is yes.
> >You may not like the result though - the fix is to not show validity
> >in secret key listings.
> That'd be the one.  The problem is it's manifesting in more ways than 
> just that now.  For instance (all active email addies obscured with 
> leetspeak and/or pork products):

This is not the same problem.  The original problem was that misleading
validity information was being shown in secret key listings.  This is
a straightforward "public key doesn't match secret key" problem.

> =====
> [rjh at numbers rjh]$ gpg --list-key rjh at
> pub  1024D/2CBE2E25 2002-05-02 Robert J. Hansen <rjh at>
> uid                            Robert J. Hansen <c0rt4n4 at>
> sub  3072g/7926E4DD 2002-05-02
> =====
> Okay, so I've got a valid primary UID of rjh at  Now let's 
> try to sign using it:
> =====
> [rjh at numbers rjh]$ gpg -u rjh at --sign foo.txt
> gpg: skipped `rjh at': secret key not available
> gpg: signing failed: secret key not available
> =====
> Hey, that ain't right.  Let's take a look at what UIDs are attached to 
> the secret key.
> =====
> [rjh at numbers rjh]$ gpg --list-secret-keys
> /home/rjh/.gnupg/secring.gpg
> ----------------------------
> sec  1024D/2CBE2E25 2002-05-02 Robert J. Hansen <rjhansen at>
> ssb  3072g/7926E4DD 2002-05-02
> =====
> ... Apparently, GnuPG doesn't recognize that (a) my UID is 
> revoked and should no longer be used, or (b) that I have a 
> email address which is now my primary UID.

With regards to (a), this is not how user ID selection works.  It
doesn't matter if a given user ID is revoked or expired since this is
only a tag to identify the key and a validity relationship.  Obviously
there is no validity relationship with a revoked user ID, but you have
ultimate validity (it's your own key).  So this is your key, and
(presumably!) your revocation, and it isn't GnuPG's business to tell
you you can't use it any longer.  Someone ELSE using your key
(i.e. via -r) is a different story: they'll be shown the "untrusted
key" warning since by definition, there is no trust carried on a
revoked user ID.

With regards to (b), you do have the new primary user ID on your
public key.  Since you don't have it on your secret key, it isn't
going to work via -u.  I'm not quite sure how you got to where you are
since GnuPG always adds new user IDs to both the public and secret
keys.  Do you have more than one GnuPG installation that you use?
They're out of sync.

Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at


More information about the Gnupg-devel mailing list