disabled keys: bug or misunderstanding (GPG 1.2.1)

Tenui tenui@ifrance.com
Wed Dec 18 19:07:01 2002

At 09:10 18/12/2002 +0100, you wrote:
>hi Tenui,
>Tenui <tenui@ifrance.com> suggested using GPGshell:
> > But in your case, one e-mail address with several keys,  at the
> > command  prompt, disable the keys you do not want to use with
> > "disable 0xkeyID"
> > GPG will then encrypt with the first enabled
> > encryption key in the list.
>that exactly is the problem: GPG does NOT use the first _enabled_ key
>(I also think it should do that), but tries to use the first key it
>finds and stops with an error, when this one is disabled...
>to proove clearly, I just generated two test keys:
>C:\Prog\GPG>gpg -k test
>pub  1024D/4FB019C0 2002-12-18 testkey 1 <donotuse@localhost>
>sub   768g/A635574E 2002-12-18 [verf=E4llt: 2003-03-18]
>pub  1024D/21A2B039 2002-12-18 testkey 2 <donotuse@localhost>
>sub   768g/8DE211C0 2002-12-18 [verf=E4llt: 2003-03-18]
>C:\Prog\GPG>gpg --edit-key donotuse
>gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc.
>This program comes with ABSOLUTELY NO WARRANTY.
>This is free software, and you are welcome to redistribute it
>under certain conditions. See the file COPYING for details.
>Geheimer Schl=FCssel ist vorhanden. [[secret key is available]]
>pub  1024D/4FB019C0  erstellt: 2002-12-18 verf=E4llt: 2003-03-18 Vertrauen:=
>sub   768g/A635574E  erstellt: 2002-12-18 verf=E4llt: 2003-03-18
>(1). testkey 1 <donotuse@localhost>
>Befehl> disable
>Befehl> save
>C:\Prog\GPG>gpg -r donotuse -e start.bat
>gpg: donotuse: =FCbersprungen: =F6ffentlicher Schl=FCssel ist abgeschaltet
>gpg: start.bat: encryption failed: unbrauchbarer =F6ffentlicher Sch=FCssel
>C:\Programme\GPG>gpg -k --with-colon donotuse
>pub:d:1024:17:643C190F4FB019C0:2002-12-18:2003-03-18::u:testkey 1=20
>pub:u:1024:17:59C3229621A2B039:2002-12-18:2003-03-18::u:testkey 2=20
>so You see: even though there is a valid key, GPG does NOT use it :-(
>kind regards, Shalom dann,

Hi Norbert,

My suggestion was based on a test like you describe above. I created a test=
key and added
two extra IDs with the same e-mail address, then disabled the different=20
keys one by one.
The encryption/decryption worked correctly every time, using the first=20
enabled key in the list.

As I said, I worked through GPGshell, but maybe the difference in our=20
results stems from using
different versions of gpg 1.2.1 (I use the Nullify version).


PGP key: http://www.tenui.tk/keys/0x4E19C1FF.asc
3A6F F173 43E5 6DC4 48BA FF96 0FB9 7EF0 4E19 C1FF=20