disabled keys: bug or misunderstanding (GPG 1.2.1)

KES magazine Norbert Luckhardt <editor@kes.info>
Wed Dec 18 09:09:16 2002


hi Tenui,

Tenui <tenui@ifrance.com> suggested using GPGshell:
> But in your case, one e-mail address with several keys,  at the
> command  prompt, disable the keys you do not want to use with
> "disable 0xkeyID"

> GPG will then encrypt with the first enabled
> encryption key in the list.

that exactly is the problem: GPG does NOT use the first _enabled_ key
(I also think it should do that), but tries to use the first key it
finds and stops with an error, when this one is disabled...

to proove clearly, I just generated two test keys:

C:\Prog\GPG>gpg -k test
pub  1024D/4FB019C0 2002-12-18 testkey 1 <donotuse@localhost>
sub   768g/A635574E 2002-12-18 [verf=E4llt: 2003-03-18]

pub  1024D/21A2B039 2002-12-18 testkey 2 <donotuse@localhost>
sub   768g/8DE211C0 2002-12-18 [verf=E4llt: 2003-03-18]


C:\Prog\GPG>gpg --edit-key donotuse
gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Geheimer Schl=FCssel ist vorhanden. [[secret key is available]]

pub  1024D/4FB019C0  erstellt: 2002-12-18 verf=E4llt: 2003-03-18 Vertraue=
n: u/u
sub   768g/A635574E  erstellt: 2002-12-18 verf=E4llt: 2003-03-18
(1). testkey 1 <donotuse@localhost>

Befehl> disable

Befehl> save

C:\Prog\GPG>gpg -r donotuse -e start.bat
gpg: donotuse: =FCbersprungen: =F6ffentlicher Schl=FCssel ist abgeschalte=
t
gpg: start.bat: encryption failed: unbrauchbarer =F6ffentlicher Sch=FCsse=
l

C:\Programme\GPG>gpg -k --with-colon donotuse
pub:d:1024:17:643C190F4FB019C0:2002-12-18:2003-03-18::u:testkey 1 <donotu=
se@loca
lhost>::scESC:
sub:d:768:16:28A11541A635574E:2002-12-18:2003-03-18:::::e:
pub:u:1024:17:59C3229621A2B039:2002-12-18:2003-03-18::u:testkey 2 <donotu=
se@loca
lhost>::scESC:
sub:u:768:16:54AF04CE8DE211C0:2002-12-18:2003-03-18:::::e:



so You see: even though there is a valid key, GPG does NOT use it :-(

kind regards, Shalom dann,
NOrbert

--=20
Norbert Luckhardt, Editor in Chief           http://www.kes.info/

KES - IT-Security Journal (AT/CH/DE)
      SecuMedia Verlags-GmbH    Gaulsheimer Stra=DFe 17
      55218 Ingelheim           GERMANY

fon  +49-511/5 63 62 93    *    +49-67 25/93 04-11 (ed. assist.)
fax  +49-511/5 63 62 99    *    +49-67 25/59 94

--