Problems with --export-secret-subkeys and deleted subkeys

Michael Roth mroth at nessie.de
Sun Sep 12 18:30:35 CEST 2004 

Hello list,

I have an odd problem. I created a DSA primary key, with two subkeys on 
it, a DSA sign only and a RSA encrypt only subkey:


/home/mroth/.gnupg-test/pubring.gpg
-----------------------------------
pub  1024D/19A47D04 2004-09-12 GnuPG Test
sub  1024D/01D44C96 2004-09-12 [expires: 2004-09-26]
sub  1024R/A2F45B3E 2004-09-12 [expires: 2004-09-26]


Then I fiddled with --export-secret-subkeys and deleted one subkey from 
the secret key to get the following secret keyring:


/home/mroth/.gnupg-test/secring.gpg
-----------------------------------
sec# 1024D/19A47D04 2004-09-12 GnuPG Test
ssb  1024D/01D44C96 2004-09-12


The secret subkey of the RSA encryption subkey is deleted in the secret 
keyring and the primary secret key is scrambled.

Now, it should possible, to sign some data with the DSA subkey:

# gpg-test -v -s --local-user 0x01D44C96! file.txt

But I get the following output:


gpg: no secret subkey for public subkey A2F45B3E - ignoring
gpg: skipped `0x01D44C96!': unusable secret key
gpg: signing failed: unusable secret key


But that's wrong. 0x01D44C96 should be useable, because the secret 
subkey is available and it isn't the scrambled primary secret key. I can 
verify this by using --edit-key to delete the RSA public subkey from the 
public keyring:


/home/mroth/.gnupg-test/pubring.gpg
-----------------------------------
pub  1024D/19A47D04 2004-09-12 GnuPG Test
sub  1024D/01D44C96 2004-09-12 [expires: 2004-09-26]


The secret keyring is still unchanged:


/home/mroth/.gnupg-test/secring.gpg
-----------------------------------
sec# 1024D/19A47D04 2004-09-12 GnuPG Test
ssb  1024D/01D44C96 2004-09-12


Now, if I try the command from above:

# gpg-test -v -s --local-user 0x01D44C96! file.txt

All will work fine and I get:


gpg: using secondary key 01D44C96 instead of primary key 19A47D04

You need a passphrase to unlock the secret key for
user: "GnuPG Test"
gpg: using secondary key 01D44C96 instead of primary key 19A47D04
1024-bit DSA key, ID 01D44C96, created 2004-09-12 (main key ID 19A47D04)

gpg: writing to `file.txt.gpg'
gpg: DSA signature from: "01D44C96 GnuPG Test"


So, the problem is, if there is a subkey on the public keyring 
presented, which doesn't have a corresponding secret subkey on an 
scrambled primary key, gnupg somehow fails.

I tried to find the error in getkey.c function 
premerge_public_with_secret(), but had no success, maybe I'm just to 
stupid... :-\

I used gnupg 1.2.5 for these tests, but I guess the problem is also 
presented in 1.2.6.

Any idea, where I should search the failure? Any hints or pointers?


cu

Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 222 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20040912/438afd63/signature.bin

More information about the Gnupg-devel mailing list