Bug with duplicate user IDs of different status

David Shaw dshaw at jabberwocky.com
Tue Feb 27 04:56:43 CET 2007


On Sun, Feb 25, 2007 at 06:24:03PM -0800, Robin H. Johnson wrote:
> Instructions to reproduce:
> 1. create any key
> 2. gpg --edit-key ; adduid foo at bar ; save+quit
> 3. gpg --edit-key ; revuid foo at bar ; save+quit
> 4. gpg -v --list-keys foo at bar (shows the revoked uid)
> 5. gpg --edit-key ; adduid foo at bar
> 6. display will now show both foo at bar uids
> 7. save+quit
> 8. gpg --edit-key (now we get this message: "gpg: key 34884E85:
> duplicated user ID detected - merged")
> 9. 'list' shows only the revoked version of the foo at bar uid, and we
>    cannot select the new one to perform any operations on it.

There is a bug here, but this also needs a clarification.  In step 9,
it is proper that only one copy of the foo at bar uid is present and
there is no way to select one of the foo at bar user IDs: OpenPGP does
not have a real notion of multiple identical user IDs.  GnuPG, as you
noticed, collapses them together into one user ID that carries all of
the signatures (self-signatures, revocation signatures, etc) that were
on both original user IDs.

The bug is that this new, joined, user ID appears as revoked (you had
a 50% chance of that, as the user IDs are merged in order).  If you
exit the --edit-key menu, GnuPG will prompt you to save the modified
key (the dupe-elimination is the modification).  If you say yes and
then do the --edit-key again, you'll see the user ID isn't really
revoked.  GnuPG should reprocess the key after the user ID collapse so
the flags (revoked, expired, etc) are set properly.  I will make this
change.

David



More information about the Gnupg-devel mailing list