gpgme: detect missing primary key

Tobias Mueller muelli at cryptobitch.de
Mon May 21 15:17:49 CEST 2018 

Hi,

I am using gpgme and I want to detect when the actual key for signing
some other key is not present, e.g. after having followed https://wiki.d
ebian.org/Subkeys.

gpg --list-secret-keys shows

sec#  rsa2048 2018-02-13 [SC]
      D6951AD1A148A16C1B1FFACABA64A52A51061371
uid           [ unknown] foobar <foo at bar>
ssb   rsa2048 2018-02-13 [E]
ssb   rsa2048 2018-02-13 [S]


presumingly the "sec#" indicates the missing primary key.

With gpgme I get this:

In [4]: list(ctx.keylist(secret=True))
Out[4]: [Key(can_authenticate=0, can_certify=1, can_encrypt=1,
can_sign=1, chain_id=None, disabled=0, expired=0,
fpr='D6951AD1A148A16C1B1FFACABA64A52A51061371', invalid=0,
is_qualified=0, issuer_name=None, issuer_serial=None, keylist_mode=1,
owner_trust=0, protocol=0, revoked=0, secret=1,
subkeys=[SubKey(can_authenticate=0, can_certify=1, can_encrypt=0,
can_sign=1, card_number=None, curve=None, disabled=0, expired=0,
expires=0, fpr='D6951AD1A148A16C1B1FFACABA64A52A51061371', invalid=0,
is_cardkey=0, is_qualified=0,
keygrip='39B99ED24E2D2AC200A296712B1A6D756C4ABC3C',
keyid='BA64A52A51061371', length=2048, pubkey_algo=1, revoked=0,
secret=0, timestamp=1518519237), SubKey(can_authenticate=0,
can_certify=0, can_encrypt=1, can_sign=0, card_number=None, curve=None,
disabled=0, expired=0, expires=0,
fpr='0192F548677FE38FE46B095E5A531CC30D4F7810', invalid=0, is_cardkey=0,
is_qualified=0, keygrip='14CDE4A9EC7F2716AAB134247CA778321F343E73',
keyid='5A531CC30D4F7810', length=2048, pubkey_algo=1, revoked=0,
secret=1, timestamp=1518519237), SubKey(can_authenticate=0,
can_certify=0, can_encrypt=0, can_sign=1, card_number=None, curve=None,
disabled=0, expired=0, expires=0,
fpr='D04938AFB2DCD015AFD79C12B9B9338F1984FBE1', invalid=0, is_cardkey=0,
is_qualified=0, keygrip='51A932F25B04A04C2C75014D58028D4C51451576',
keyid='B9B9338F1984FBE1', length=2048, pubkey_algo=1, revoked=0,
secret=1, timestamp=1518519280)], uids=[UID(address='foo at bar',
comment='', email='foo at bar', invalid=0, name='foobar', revoked=0,
signatures=[], tofu=[], uid='foobar <foo at bar>', validity=0)])]


Nothing seems to indicate the missing primary key.
Unless I am missing something.

How would I detect the above mentioned scenario?

I've quickly grepped through gpgme and in keylist.c I can only find
"sec" being parsed, not "sec#".


Cheers,
  Tobi

More information about the Gnupg-devel mailing list