[BUG 1.4 series]: incorrect subkey used for signing

Robin H. Johnson robbat2 at gentoo.org
Mon Jun 26 23:59:04 CEST 2006

Tested & Affected: GnuPG 1.4.3, 1.4.4
gpg/g10 ignores the parameters to select a specific subkey using either the
local-user parameter or the default-key parameter. Both the command line and
config file versions are ignored.

Pay attention to key 3233C22C.
Some emphasis added to the below log.

$ gpg --with-colons --list-keys 0x34884E85
pub:u:1024:17:B27B944E34884E85:2002-08-27:2008-03-09::u:Robin Hugh Johnson <robbat2 at orbis-terrarum.net>::scESCA:
uid:r::::::7F90208ADC2095DC95838B3F185835A4F19888B9::Robin Hugh Johnson <rjohnsob at sfu.ca>:
uid:u::::2005-03-10::73D52E9999BF413B6262A5E075A7F56B63A208FB::Robin Hugh Johnson <robbat2 at users.sourceforge.net>:
uid:u::::2006-06-23::E5E16CADC6D71856034B8B0B7324C6698829DFCB::Robin Hugh Johnson <robbat2 at gentoo.org>:
uid:r::::::D936479E0731BFFFDB888E32B4D00E9665D16C2D::Robin Hugh Johnson <rhj at sfu.ca>:
uid:r::::::610A8F7CE7490D0B3D2CB9F59DFF4271F025B6B9::Robin Hugh Johnson <robbat2 at sfu.ca>:
uid:r::::::F26E4F3C6A3193048F6496AF6B32D256DB58A3BC::Robin Hugh Johnson <robbat2 at hotmail.com>:
uid:r::::::3E1D6342532650216CAF62C2D869EBC6D0266BDD::Robin Hugh Johnson <robin at corasen.com>:
uid:r::::::A3C07032FF409222B9DC368560256423860DF813::Robin Hugh Johnson <robbat2 at net-conex.com>:
uid:u::::2006-06-23::65344CD246D49E07ECDC4E7C1CF138DF203C7950::Robin Hugh Johnson <robbat2 at livejournal.com>:
sub:u:1024:17:3E922C223233C22C:2004-08-29:2008-03-09:::::s: <--- this key should be used

$ gpg --verbose -u 0x3233C22C --output test.sign --armor --textmode --clearsign test.c
gpg: no secret subkey for public subkey FB33B3A4 - ignoring
gpg: no secret subkey for public subkey CC772FC3 - ignoring
gpg: using subkey 66D8F49B instead of primary key 34884E85

You need a passphrase to unlock the secret key for
user: "Robin Hugh Johnson <robbat2 at orbis-terrarum.net>"
gpg: using subkey 66D8F49B instead of primary key 34884E85
2048-bit RSA key, ID 66D8F49B, created 2006-06-23 (main key ID 34884E85)

gpg: gpg-agent is not available in this session
gpg: writing to `test.sign'
gpg: RSA/SHA1 signature from: "66D8F49B Robin Hugh Johnson <robbat2 at orbis-terrarum.net>"

$ gpg --verbose --verify test.sign
gpg: armor header: Hash: SHA1
gpg: armor header: Version: GnuPG v1.4.4 (GNU/Linux)
gpg: armor header: Comment: Robbat2 @ Orbis-Terrarum Networks
gpg: original file name=''
gpg: Signature made Mon Jun 26 14:42:46 2006 PDT using RSA key ID 66D8F49B
gpg: using subkey 66D8F49B instead of primary key 34884E85
gpg: using classic trust model
gpg: Good signature from "Robin Hugh Johnson <robbat2 at orbis-terrarum.net>"
gpg:                 aka "Robin Hugh Johnson <robbat2 at users.sourceforge.net>"
gpg:                 aka "Robin Hugh Johnson <robbat2 at gentoo.org>"
gpg:                 aka "Robin Hugh Johnson <robbat2 at livejournal.com>"
gpg: textmode signature, digest algorithm SHA1

Robin Hugh Johnson
E-Mail     : robbat2 at orbis-terrarum.net
Home Page  : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ#       : 30269588 or 41961639
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 524 bytes
Desc: not available
Url : /pipermail/attachments/20060626/d81e2877/attachment.pgp

More information about the Gnupg-devel mailing list