disabled keys: bug or misunderstanding (GPG 1.2.1)
KES magazine
Norbert Luckhardt <editor@kes.info>
Wed Dec 18 09:09:16 2002
hi Tenui,
Tenui <tenui@ifrance.com> suggested using GPGshell:
> But in your case, one e-mail address with several keys, at the
> command prompt, disable the keys you do not want to use with
> "disable 0xkeyID"
> GPG will then encrypt with the first enabled
> encryption key in the list.
that exactly is the problem: GPG does NOT use the first _enabled_ key
(I also think it should do that), but tries to use the first key it
finds and stops with an error, when this one is disabled...
to proove clearly, I just generated two test keys:
C:\Prog\GPG>gpg -k test
pub 1024D/4FB019C0 2002-12-18 testkey 1 <donotuse@localhost>
sub 768g/A635574E 2002-12-18 [verf=E4llt: 2003-03-18]
pub 1024D/21A2B039 2002-12-18 testkey 2 <donotuse@localhost>
sub 768g/8DE211C0 2002-12-18 [verf=E4llt: 2003-03-18]
C:\Prog\GPG>gpg --edit-key donotuse
gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Geheimer Schl=FCssel ist vorhanden. [[secret key is available]]
pub 1024D/4FB019C0 erstellt: 2002-12-18 verf=E4llt: 2003-03-18 Vertraue=
n: u/u
sub 768g/A635574E erstellt: 2002-12-18 verf=E4llt: 2003-03-18
(1). testkey 1 <donotuse@localhost>
Befehl> disable
Befehl> save
C:\Prog\GPG>gpg -r donotuse -e start.bat
gpg: donotuse: =FCbersprungen: =F6ffentlicher Schl=FCssel ist abgeschalte=
t
gpg: start.bat: encryption failed: unbrauchbarer =F6ffentlicher Sch=FCsse=
l
C:\Programme\GPG>gpg -k --with-colon donotuse
pub:d:1024:17:643C190F4FB019C0:2002-12-18:2003-03-18::u:testkey 1 <donotu=
se@loca
lhost>::scESC:
sub:d:768:16:28A11541A635574E:2002-12-18:2003-03-18:::::e:
pub:u:1024:17:59C3229621A2B039:2002-12-18:2003-03-18::u:testkey 2 <donotu=
se@loca
lhost>::scESC:
sub:u:768:16:54AF04CE8DE211C0:2002-12-18:2003-03-18:::::e:
so You see: even though there is a valid key, GPG does NOT use it :-(
kind regards, Shalom dann,
NOrbert
--=20
Norbert Luckhardt, Editor in Chief http://www.kes.info/
KES - IT-Security Journal (AT/CH/DE)
SecuMedia Verlags-GmbH Gaulsheimer Stra=DFe 17
55218 Ingelheim GERMANY
fon +49-511/5 63 62 93 * +49-67 25/93 04-11 (ed. assist.)
fax +49-511/5 63 62 99 * +49-67 25/59 94
--